Industrial IoT Cybersecurity with Mirko Ross

Mirko is Co-Founder and CEO of Digital Worx, a mobile Software Development Company.

He is also the co-founder of asvin.io, a new venture that provides a secure, open source-based update and patch delivery for the Internet of Things.
Mirko is a well-practiced international speaker and coach on the field of Open Innovation, Internet of Things, IoT Security, and disruptive business modeling.

Contact Mirko:
Web: https://www.digital-worx.de/
Facebook: http://www.facebook.com/digital.worx.de
Twitter: @mirko_ross

Contact Avrohom:
Web: https://asktheceo.biz
Twitter: @avrohomg
Instagram: @avrohomg

INTERVIEW HIGHLIGHTS:
00:30 –Mirko, as we know, you’re a Cybersecurity expert, not a day goes by where we don’t hear about some data breach or ransomware attack. What concerns me greatly about all this, is that with the prevalence of IoT and Industrial IoT, we’re putting all these connected devices all over the place, and some of these devices were not manufactured with security in mind. Tell us about some of the challenges that the industry faces.

02:00 –To drive this message home, some of these IoT devices were hacked to mine Bitcoins, or to form a Botnet to carry out malicious attacks. If these devices are so easy to hack, what can we do about it? We can’t just bring them all back and fix them?

03:00 – California passed a security bill in 2018 banning default passwords in connected devices, removing a major attack vector for connected devices.

04:00 – What’s the big deal if my smart toaster gets hacked?

04:15 – What dangers can a smart toaster pose to FinTech executives?

05:00 – Just because devices are secure today doesn’t mean they are protected against the threats of tomorrow. How do you go about securing devices that are already deployed in the field, and possibly in hard to reach places?

06:20 – You need a good patch management strategy for all connected devices.

06:25 – There should be NO single connected device out there that does not have the ability to be updated.

07:00 – The Law of Economics will drive IoT Security

07:10 – Liabilities will drive Cyber Security of Consumer Devices

08:50 – Implementing an Over The Air Cyber Security Patch Management Strategy will yield more favorable Cyber Security insurance rates.

10:13 – What’s the challenge with patching IoT devices? Why can’t you just connect to them remotely and update them?

10:35 – Many IoT devices reside at the Edge with no direct IP connection, making it challenging to patch them.

11:10 – The large scale of deployed Industrial IoT devices makes it difficult, if not impossible, to apply patches manually.

11:30 – A big challenge with IoT devices is Lifecycle management – After a period of time you can’t get replacement parts for it anymore! To address this issue, you need a support contract with your vendor to maintain the hardware and software for a set period of time.

14:00 – To maintain a secure infrastructure we need to move to a Hardware as a Service model – HaaS.

14:45 – What are some of the risks with allowing people to patch their own Industrial IoT Devices?

18:00 – A patch downloaded from the Internet might actually be Malware in disguise!

18:25 – We need a chain of trust from the publisher of the patch all the way down to the application of the patch onto the device.

19:00 – How did you get started in this?

21:15 – How do people connect with you?

22:05 – Do you have any parting words of wisdom to share with the audience?