“Without changing our pattern of thought, we will not be able to solve
advertisement
IERC Internet of Things g – Governance “Without changing our pattern of thought, we will not be able to solve the problems we created with our current patterns of thought. thought.” Albert Einstein Coordinator of IERC Ovidiu.Vermesan@sintef.no IERC C EC CC Coordinator, Peter.Friess@ec.europa.eu @ www.internet-of-things-research.eu Societal Needs “Development that meets the needs of the present without compromising p p g the ability y of future generations to meet their own needs.” Economic E i Environmental S i l/C l Social/Cultural l Governance G Innovation C Communications i i IERC Societal Trends Internationalization / globalization Increased mobility of people and goods Increase financial transactions Electronic processing processing-/control /control systems Misuse, theft of IDs Si ifi Significant t potential t ti l for f serious i crimes i Increased paranoia ... New technological developments to meet these challenges IERC Societal Trends Internet + Me = ? Internet + You = Internet + Us = Internet + Things = Internet + Energy = I t Internet t + Services S i = Internet - Some of Us = ? Internet - Some of You = ? IERC Internet - medium of citizen empowerment Internet creation based on the idea of a p space p opened p to common area,, a public everyone. Anything that anybody would wish to say could be heard by anyone else with access to the Internet, and this worldwide community would be as large and diverse as humanity itself itself. The principle of freedom of speech Would be also embedded in the Internet’s robust architecture, i.e the structure of a network able to adapt itself almost instantaneously to damage or outages to individual sections sections. IERC Internet - medium of citizen empowerment Indeed it’s quite impossible to completely block access to information, but it’s unfortunately used. In the last years, state sponsored censorship, monitoring and surveillance of the Internet have been increased increased, encouraging defence organisms to alert the international community The launch the “Online Free Expression Day” in 2008. A widely publicised example of censorship is the “Great Firewall”, a system that blocks content by preventing IP addresses from being routed through. Despite all the breaches of freedom of speech speech, the Web remains a great tool to express oneself. IERC Internet - medium of citizen empowerment Internet provide universal access to free speech, promotes the basic concept p of freedom of Internet p speech. Internet opened new possibilities for exercising this right: anonymity anonymity, data havens havens, easiness that allow free speech by guaranteeing that material cannot be removed. IERC Internet - medium of citizen empowerment Web 2.0 introduced a double pillar: inter connectivity and interactivity of web-delivered content t t in i a medium di used d as a platform l tf b by it its users. Web 2 2.0 0 concepts have led to the development and evolution of web culture communities and hosted services, social-networking sites, video sharing sites, wikis blogs wikis, blogs, that are so many ways to express your point of view. Being a space created to and by users, Internet protects itself from being controlled by a single actor actor. Plurality of voices is born from the plurality of contributions. Internet’s features can help to develop tools to fight against its own censorship IERC Internet The Internet was not built with security in mind. mind Most IT systems and applications that connect to the Internet were not developed with security in mind either, nor has there been much incentive to do so. A majority of cloud-computing providers don't believe security is their responsibility, responsibility nor do they see their customers demanding security or being willing to pay for it. Right now, cyberattacks are just the risk of doing business. Only when the risk of cyberattacks becomes unaffordable will cybersecurity be taken seriously. IERC The World Realities The Internet and Social Networks” are the drivers for freedom freedom. The “new” new revolutions are run via Internet. The elections are won on the Internet Classified information is “leaked” via Internet Cloud computing penetration 2011 a banner yyear for cybersecurity. y y IERC The World Realities High-profile cybersecurity disasters. Sony s PlayStation and Entertainment Networks hacked Sony's 100 million of the company's user accounts compromised and its online gaming halted for several weeks. k A security breach at the Internet marketing company Epsilon resulted in millions of customers' customers e e-mail mail addresses being taken from about 100 major corporations, including Disney Destinations in the United States and Dell in A stralia Australia. A cyberintrusion at Nonghyup, South Korea's main g cooperative, p , crashed its banking g systems y for a agricultural week and kept 30 million customers from accessing their accounts IERC The World Realities High-profile cybersecurity disasters. Blackmailers broke into the financial systems of Hyundai Capital, accessed the personal details of 1.75 million customers, and then demanded US $460 000 to keep the purloined information from being made public public. Attacks against security vendors like Comodo and RSA. A hacker fooled a Comodo g group p affiliate into issuing g Internet SSL certificates to some of the world's largest websites, including Google, Microsoft, Mozilla, Skype, and Yahoo. Partiall ssuccessful Partially ccessf l attack against RSA's two-factor t o factor authentication security product SecurID, which is used by 30 000 organizations around the world, IERC The World Realities High-profile cybersecurity disasters. Attacks against a number of major U.S. defense contractors, including the world's largest, Lockheed Martin. Successful cyberintrusions against government computer systems in i A Australia, li C Canada, d F France, and d the h U United i d States. The Canadian breach caused its treasury board as well as its department of finance to restrict access to the Internet for months. The breach in Australia apparently allowed access to the personal e-mail accounts of several top officials, possibly even that of Prime Minister Julia Gillard. IERC The World Realities High-profile cybersecurity disasters. Organizations monitoring cybersecurity activity indicate significant increases in the frequency of attacks over the p past five yyears - especially p y against g government IT systems. British government systems saw more than 650 attempted intrusions per day, while U.S. government systems received 15 000 suspicious hits per day, or about one everyy 6 seconds. with a leading gp position held by the US government. IERC Security ”Distrust circle” www.priway.com IERC Building Information Society Governance IERC Internet Governance “Internet governance is the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, i i l norms, rules, l d decision i i making ki procedures, d and d programmes th thatt shape the evolution and the use of the Internet. “(WGIG 2005). IERC Internet Governance - Status Internet is governance at global level consisted of a set of organisations, organisations including: ICANN (Internet Corporate for Assigned Names and Numbers), with a leading position held by the US government; Internet Governance Forum ((IGF), ), the main discussion body without any decision-making power; A set of private standard-setting organisations influenced by the private sector and academia, which hi h h have b been shaping h i th the structure t t off th the Internet. IERC Internet Governance - Status Challenges: Many governments have concerns about the primus inter pares role of the USA and the USheavyy private p sector. Many national governments could adopt a twotrack policy. Continue reclaiming control of their national e-spaces, with the risk of fragmentation of the global Internet. A Accelerate l t pressure on the th USA ttowards d complete l t internationalisation of Internet governance and, in particular, of ICANN. p IERC Internet Governance - Status Scenarios: Internet fragmentation fragmentation. All major Internet companies are based in the USA (Google, Facebook, Yahoo), and most Internet traffic is passing through the USA, and English is the main language. Internet fragmentation will change this. If different countries start creating their own national clouds, the main casualty will be companies like Amazon, Google, and Facebook. IERC Internet Governance - Status Scenarios: Internationally agreed rules on Internet Internet. Can foster the preservation of one Internet as one global system. The necessary rules could be agreed upon by an international convention on the Internet and administered by an international organisation of the Internet, a possible amalgam of ICANN, the ITU and other main players in this field. Internet key characteristics Openness and freedom of access – could remain the same. Possible changes: more regulations and legal responsibilities in using the Internet. Anonymity on the Internet may be regulated. IERC OECD – Internet Governance Debate Pressures – regulatory, political, and economic – to fragment the internet internet, often along national borders. EU position: Promote freedom online. A multi-stakeholder approach that aimed to protect copyright holders from internet piracy. Commitment to an open internet, criticising corporate and governmental processes that could restrict internet development. Internet's Internet s most important characteristic is its universality, universality where, in principle, every node can communicate with every other and this must be safeguarded. IERC OECD – Internet Governance Debate Governance drivers in different countries Legitimate concerns, concerns like personal data protection; Plain censorship. IERC OECD – Internet Governance Debate Civil Society Information Society Advisory Council (CSISAC) position: Promote freedom online. g the Internet contradict Measures to control and fragment international and European human rights law Critical to the outlined methods for over-emphasis on IPR enforcement IPRs f t att the th expense off fundamental f d t l freedoms. To adopt a policy and legal frameworks that make internet intermediaries responsible for taking lawful steps to deter copyright infringement could create incentives for internet intermediaries to delete or block contested content, and lead to network t k filtering. filt i IERC OECD – Internet Governance Debate Civil Society Information Society Advisory Council (CSISAC) position: Against the idea of cutting off internet access, as outlined in the OECD's OECD s proposal Oppose the fact that “Internet intermediaries could voluntarily adopt “graduated response” policies under which internet users’ access could be terminated based solely on repeated allegations of infringement. Believes that these measures contradict international and European human rights law. IERC Internet + Things + Governance "Internet of Things“ reflects the vision of embedded communication and computing in “embedded" which “identifiable” connected devices will be integrated into the environment. The Internet of Things is making the Invisible Visible Everywhere all the time. time Internet a platform that connects people to people, l people l to t machines, hi machines hi to t machines, people to things, things to things. IERC IoT + Cloud Computing + Governance The cloud today IERC IoT + Cloud Computing + Governance Security – Who is in control? kscottmorrison.files.wordpress.com/2009/12/cloudcontrolboundaries.jpg IERC IoT + Cloud Computing + Governance Cloud Computing Security Threats Top Seven Security Threats Abuse and Nefarious Use of Cloud Computing. Insecure Application pp Programming g g Interfaces. Malicious Insiders. Shared Technology Vulnerabilities. Data Loss/Leakage. Account, Service & Traffic Hijacking. Unknown Risk Profile. Cloud Security Alliance (CSA) cloudsecurityalliance.org/research/projects/security-guidance-for-critical-areas-of-focus-in-cloud-computing/ IERC Need for IoT Governance To accommodate things/object-connected needs and added dimensions IP-Independent Non-IP Private Computer Networks Human Link Internet Connected Non-IP-connected embedded computer and systems nodes Internet-connected end-computer nodes (100 billion by 2014) Object-connected technologies with or without embedded computers Human Link Need to liaise on Internet Governance Latent IoT Developments Physical object-defined World IERC Need for IoT Governance Governance must accommodate both the SCOPE and FUTURE of IoT GOVERNANCE Applications & Services IP-Independent Non-IP-connected embedded computer y nodes and systems Non-IP Private C Computer t Networks Internet-connected end-computer nodes Object-connected technologies with or without embedded computers Standards& Regulations Networks Communication C i ti Systems (100 billion by 2014) Human Link Applications & Services Internet Connected Human Routing Systems Link Storage Latent IoT Developments Processing Physical object-defined World Protocols Enabling Technologies – Object-connected technologies & ICT principles Source: CASAGRAS2, A. Furness IERC IoT Governance 3D Matrix Approach Smart Cities Applications Services Domains Smart Health Smart Grids Cloud WSN RFID Identification Storage Enabling Technologies IERC IoT Governance Governance within the international legal framework relating policy and provisions provisions, covering structure and functionality and recognizing the need for a regulatory framework as well as legal framework - self regulation and international agreements - self selfregulation through soft law IERC IoT Governance Recognising the significance of Internet governance and the need of specific elements Accommodating human-interface and associated privacy and security issues Recognising the need for global stakeholder participation p p and drawing g upon p principles p p of corporate governance g the need to govern g failure of,, or Accommodating attack on networks and on data capture and actuator/ control systems, as well as loss of connectivity ti it – accommodating d ti network t k functionality and development IERC IoT Governance Structural and operational factors Coding across the Internet and IoT Security and Privacy Safety Energy conservation policy Architectural developments Centralised or decentralised Regulations Standardisation Quality of Service Performance IERC IoT Governance Multi-disciplinary approach Technical Policy Economic Institutional Legal Multi-stakeholders Perspectives Governance Content • Technical • Policy • Economic • Institutional X • Structural • Operational • Legal Civil Society Business Governments International organizations, organizations Technical community IERC IoT Governance: structure Security policy and provisions Safety policy and provisions Energy conservation policy and provisions Regulatory policy and provisions Standardisation p policyy and provisions p Provisions and the nature of thing/objectconnected provisions – responsible use of materials devices and environmental materials, considerations IERC IoT Governance: operational and usage Global Numbering / Resolver scheme for identification and discovery Social capital, privacy and identity management policy and provisions Ethical + user protection policy and provisions Cyber-crime protection policy and provisions Intellectual Property p y protection p policy p y Performance Indicators, rules and norms for IoT operation Developmental policy IERC Framework for IoT Governance The Institutional Framework and identification of the IoT Governance stakeholder group Preparation of IoT Statement of Purpose and Structure as an initial reference document for developing international IoT Governance. E European norms and d guidelines id li for f IoT I T applications IERC IoT Governance The need of today, the benefit of tomorrow: Yes we need! Yes we can! Energy Green Transportation Water Air & Environment Materials Manufacturing/Industrial Agriculture Recycling & Waste IERC IERC IERC - European Research Cluster on the Internet of Things Thank you! Coordinator of IERC Ovidiu.Vermesan@sintef.no Ovidiu Vermesan@sintef no IERC EC Coordinator, Peter.Friess@ec.europa.eu
