Preface

THIS GITBOOK SUPPORT COMMENTS, PLEASE LEAVE FEEDBACK WITH SUPPORTING REFERENCES. THE HoT Framework is currently undergoing redesign for BSIDESAugusta 2017

During 2016, we witnessed the resiliency of our adversaries as they transitioned from zombifying personal computers to zombifying vulnerable and easily accessed IoT nodes with the Mirai botnet. As an informed American citizen, you likely follow best practices for securing your personal computers, but when was the last time you updated the firmware on your wireless router or smart toilet? As a cybersecurity professional, what procedures will your company or government agency follow to detect and mitigate the compromise of IoT devices within your organization? As a Nation, we must greatly improve our ability to handle the growing prevalence and risks of the IoT within our homes, the varying levels of government, industry, and academia. We must prevent our adversaries from harnessing the power of our IoT devices to attack critical infrastructure. Regardless of what you call the device/node/system/thing and its purpose, it is an asset made of hardware and software that can have cyber effects applied. The HoT Framework avoids the hype and focuses on delivering an actionable, community-driven, industry and device independent framework for tactically achieving a more secure and resilient nation--one industrial control system, smart toilet, IP camera, smart adult thing, etc. at a time.

The HoT Framework goes beyond identifying vulnerabilities by combining:

  • A strategic understanding of the IoT and its place within cyberspace and the electromagnetic spectrum;
  • A strategic understanding of USG laws, policies, guidance, and initiatives on securing the IoT and cyber critical infrastructure;
  • The OWASP IoT Project to identify IoT specific attack surfaces and vulnerabilities;
  • Comprehensive vulnerability definitions (CWE & OWASP);
  • The NIST Framework for Improving Critical Cybersecurity Framework Core;
  • Known embedded system and IoT CVEs (NVD);
  • Known IoT attacks and use cases (OSINT);
  • Analysis tools, training, and TTPs;

To create a framework of "targeted areas of interest" (TAI) that enables organizations and individuals to compile an approach tailored to their unique resources, capabilities, and applicable threats for the:

  • Identification of IoT vulnerabilities;
  • Mitigation / Protection of IoT vulnerabilities ;
  • Detection of, Response to, and Recovery from attacks;

The end state of the HoT Framework is to:

  • Bridge the gap between strategic visions and tactical implementations
  • Build a more secure and resilient nation
  • Achieve awareness that promotes the embracement of IoT with security in mind

results matching ""

    No results matching ""