VOITTAVA KYBERSTRATEGIA Jarno Limnéll

What the Rise of Industrial
Internet Means for
Cyber Security?
Jarno Limnéll
Professor, Cyber Security
Aalto University
@JarnoLim
Technology is developing faster than security:
Industrial Internet of Threats?
Intellectual challenge to minds and machines
SECURITY ENVIRONMENT –
PHYSICAL AND DIGITAL
– IS MORE UNCERTAIN, DYNAMIC AND
MORE DEMANDING THAN EVER
The Challenge
– one example
1 trillion
Sensors, devices
Apps
50B
1B
2010
2020
2035
There are usually two
wrong premises in
cyber security.
Cybersecurity is enabler – protecting all
the good things that cyber insecurity can
prevent us doing.
But yes – lack of security can be a “show
stopper” to Industrial Internet.
Industrial Internet will rise or fall
because of security.
Security cannot be an after thought
Too strong technological-orientated
approach to cyber security
GUIDANCE
Cybersecurity is primarily a strategic issue
Biggest security challenge in IIoT:
Holistic approach
Succeeding in the IIoT era will depend on
defining and deploying not only the right
cybersecurity technologies, but also the
right policies and operations. And people.
Tietotekniikka, tietoturva, tietosuoja,
tietoliikenneverkko, tietoteollisuus,
verkkorikollinen, digitalisointi,
haittaohjelma, verkkoterrorismi...
1980
1990
2000
KYBER
Strategy
2010 2013
“Cyber” appeared 2010
Institutionalised 2013-2014
Concepts are unstable
Kyberturvallisuuden kokonaisuus
Functional security
Continuity Management – Anticipation – Perception
Securing information
Confidentiality – Integrity – Availability
Privacy
Cyber security = Security of the digital domain.
Megatrend: Digital and physical security more integrated
13
Framework of Security, connecting
Physical and Cyber Domains
Appears
Cyber
DDoS-attack
Physical attacks in data
centers or telecom cables
Implementation
Cyber
Implementation
Physical
Prevention or changing the
functionalities in control
systems
Kinetic cyber
Appears
Physical
Eliminating
skilled people
Key elements of the Industrial Internet
Intelligent
Machines and
Sensors
Advanced
Analytics
People at
work
The concept is simple: making industrial machines smarter,
through the adoption of sensors, software and big data analytics.
Why Industrial Internet requires new thinking about
cyber security?
Mainly because of the huge level of data sharing
involved – to address access to and deployment of
this shared data.
Who are the bad guys – and their
motivation?
Security in Industrial Internet is multi-layered strategy
encompassing people, processes, devices, sensors,
machines, systems and networks.
Complicated manifold – many subcontractors.
All from the same hatch (integration): 
Automation, analytics, education, cybersecurity…
To whom you can trust?
Building the defense inside and outside
of the walls.
Even if you have…
Realized that you are a target
Done everything by the book
Had acknowledged that raising awareness of all
IT system users around cyber security is essential.
The cyber security team feel confident that all
systems are protected…
Smart players in the
field are moving from
a traditional framework
of defense to an approach
of resilience.
The importance of educating people.
.
McAfee Confidential
Thank you!
[email protected]
twitter: @JarnoLim