Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello, everybody. And welcome to the I A T. Security Episode number five.
00:06
We will discuss that collaboration for the better I T. Security program.
00:11
My name is Hold hands with you now and I'll be your instructor for today session.
00:16
The Learning Operatives for decision is to understand why many people with different skill set should be involved in the i t security program.
00:27
Ah Forman Concepts. Ah, off. You know, to close the gap between safety and security.
00:34
Most information security engineers have a lot of computer networking, semper administration pen testing skills. But they don't have that kind of knowledge in the cyber, physical and safety engineer disciplines
00:49
s o. You know, four main concepts to close that gap in the cut. The got between safety and security is that everyone is responsible for security. You know, at some point everyone should be responsible insult for some aspect of security. For example,
01:07
the danger near that created how the data transfer,
01:11
you know, the cyber security program,
01:15
Uh, how the cyber security problem was developed
01:18
and also the engineers creating the sirah quits. You know, all that a lot cyber physical stuff off the ot those they should be involved as well. And us as users should be involved in that as well.
01:34
Ah, the Iron T and C P s, which is the cyber security. Our system is exposed a huge security problems because you know it effects safety, you know, if it it might harm you in some way.
01:49
Men secure engineers are now that happen knowledge in other core engineering disciplines, for example, they don't have knowledge in mechanical, chemical, electrical.
02:00
So, you know, this is where the problem exists. I, for example, Assan, Information Security engineer don't have any knowledge off how to create a chemical element to to create an i A. T for temple to measure a temperature, for example. I don't know
02:21
that different acknowledge this is where the problem comes because at the end, I'm focusing encrypting and, you know, pride and integrity, availability and two pillars or cyber security. But, you know, I don't have any knowledge of mechanical and chemical, for example. So this is
02:39
this is a huge problem
02:40
for the I. A testicular problem.
02:44
And many ago,
02:45
a most traditional car engineers visit Pless
02:49
rarely after a security engineer. I mean, when you're developing,
02:53
it's Marty, for example. The last thing that crossed the reminds is too great. Something safe and secure. They want to great something functional. You know that. I guess you, you're you're serious, and it gets you what you want to see. But they're not concerned about security.
03:12
Much more less in safety.
03:15
So they're to devise engineer might be will burst in safety issues, but not fully understand the security implications
03:23
of the design decisions. Slight wise, you know? You know, security information. Security engineers might not understand the physical engineer. You know, Lingle for tackle.
03:38
Ah, you know, And
03:39
that's where the problem is again. For example, that refrigeration system engineer never had to consider.
03:46
It's a cryptographic access thio, skin or control.
03:53
Um, to develop that thermostat IQ o r table dynamic system to sign. So you can see that gap here and you can see the problems Well.
04:03
Ah,
04:05
you know, not single industry, government organization, standard body or author entity can assume to be the dominant control off this. Uh, this is why Well, we all need to collaborate between each other in order to
04:23
correctly create security eco system for for diabetes.
04:30
So, Jim Ball people from all the engineer feels I put in for get together to improve security. That's against the main reason to involve all of these engineers were creating
04:45
AH deputy program or deputy device percent on, you know,
04:50
to close this session. Safety for Temple is that the system must not harm the world or the user. This is safety and security. The world or the user must not harm the system.
05:05
This is the difference. And when you put them together, everything should work.
05:13
What's the different between safety and security? Well, as I said, security is that the world must not harm the system for temple. Hackers should not be able to see your data
05:24
and safety is that the system was not harmed. The world that you're a smart watch should not ever hit, and you harm your wrist or yourself.
05:33
And that's the main difference.
05:35
Who's responsible for Iran to security and safety? Will everybody Everybody you know from the creators are there to device to the user's USA user? Should be you should inform off any anomaly on the device shoot, you know, apply This practice is, for example,
05:54
uh, not use it, you know, use it properly. You know, everybody's is responsible for a kid. I see security.
06:01
How many engineer disciplines are involved in the CPS separation? Well,
06:06
as many disciplines as they're needed.
06:11
Uh, it depends on what that he'd buys. You're creating your operating with my watch. Maybe mechanical engineer, along with the cyber security engineer. You know
06:21
events. But you know, it's for sure that you will have to bow at least two or tree engineering disciplines when creating a nightie device. Especially. We're focusing on creating an identity. A security problem
06:36
in today. Bruce Lecture. We discussed the relation between safety and security.
06:43
Why do we have to involve engineers from different disciplines to grate on I t. Security program? And who's really responsible for security
06:55
again? This book I recommended it before in a previous session, but you know, I recommended to you again. Practical Internet of things, security. But Brian Russell it's a good book,
07:08
Okay,
07:09
looking forward and the next video, we will discuss the men and basic concept of the security, or in this case, that I the Internet of things
07:18
we'll come to you just You enjoyed it. Delia and Tactician

Up Next

IoT Security

The IoT Security training course is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor