Adog64/Rowan-Classes
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects 1 Releases Wiki Activity
master
Rowan-Classes/7th-Semester-Fall-2024/IoT-Hardware/assignments/reading-assignment-1.md

40 lines
3.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

1. Who is leading the charge in IoT cybersecurity?
All the organizations that helped publish the documents (GSMA, CISA, NSA, FBI, NCSC-UK, ACSC, CCCS, NCSC-NZ), and their references and acknowledgements (Microsoft, IBM, Nozomi Networks)
2. What are some of the positives of IoT?
IoT allows more parts of our lives to be connected.
3. What are some of the negatives of IoT?
By introducing so many more devices on our networks, attack surfaces are greatly increased.
4. How can IoT automation introduce new vulnerabilities into networks?
IoT automation devices "directly impact human physical lives" (GSMA document). The sheer number of devices drastically increases the potential attack surface, and most devices lack an accessible and straightforward way to apply patches and firmware updates.
5. What are the challenges of IoT evolution?
- The availability challenge: IoT devices are expected to have very high up-time
- The identity challenge: devices must be able to accurately and securely identify themselves (think confidentiality and integrity)
- The privacy challenge: since these devices integrate into our lives, privacy is paramount (think confidentiality)
- The security challenge: ensuring that large amounts of users and physical systems are not exposed to risk (think confidentiality, integrity, and availability for IoT services and devices)
6. Which of the challenges is the largest hindrance to IoT developers?
Security is a probably the largest challenge for IoT developers.
7. Which group, CISA or GSMA, are more industry specific, and which is more generic?
The CISA focuses on cybersecurity and infrastructure security in general, while the GSMA focuses its efforts on mobile networks.
8. What is/are the most important reference(s) in each document?
The CISA document makes many references to supporting documents published by leading cycbersecurity agencies from around the world. These supporting documents are refrenced to provide the reader with further guidance in areas where they are focusing their individual efforts.
Since the purpose of the GSAM document is to act as an overview for more focused documents, it cites the supporting documents to provide supplemental guidance.
9. Within each document, when is the next update?
10. What are the 2 key components that make up the IoT model, and which one does Rowans CS06440 - Cloud Computing and Internet of Things fall within?
The two key components are the service ecosystem and the endpoint ecosystem.
11. What is the goal of a risk assessment?
Risk assessments are tests that attempt to quantify risk for a given system, how likely each vulnerability is to occur, and how much damage could be done if that vulnerability were to be exploited. Afterwards, the risk assessment may be used to determine which vulnerabilities are possible to resolve and which should be addressed first.
12. Cite one example of a specific IoT device used in either document and what it was used to explain?
Digital door-locks are cited as an example of a common IoT endpoint in the GSMA document.
Reference in New Issue View Git Blame Copy Permalink