Sheeba Dhillon

Enterprise Augmented Reality Cyber Security Essentials Tony Hodgson CEO, Brainwaive LLC June 1, 2017 www.thearea.org ww.brainwaive.com Benefits of Enterprise AR www.thearea.org ww.brainwaive.com Nightmare Scenarios Disasters and disruptions www.thearea.org ww.brainwaive.com 3 Brainwaive Cyber Security Team › › › › 100 yrs of leadership in emerging tech, data security, business innovation Hundreds of projects in mobility, connected devices, Industrial IoT, AR/VR/Wearables Leadership establishing global standards, best practices, frameworks & testing protocols Extraordinary professional network in global enterprise, industry organizations, and government Tony Hodgson Robert LaBelle Project Management Systems Engineering AR / VR / Wearables Mobility / Wireless Enterprise IT Networks Tech Commercialization Former Senior Director, Strategic Innovation and Standards for IEEE Global Tech Standards AR / VR / Wearables Security & Privacy Issues www.thearea.org Dr. Jesus Molina Ph.D Electrical Engineer Cyber Security Patents Co-Author Industrial Internet Security Framework (IISF) Co-Chair Industrial IoT Security Standards WG ww.brainwaive.com Frank Cohee Cyber-Warfare Ops, Navy Army DARPA CIA NRO AR / VR / Wearables IIoT Cyber Security Risk Frameworks Threat Categorization 4 User Activity Tracking Immersive Environment Authentication Critical Data Collection Environment Mapping Enterprise Asset Connectivity www.thearea.org ww.brainwaive.com 5 Equivalence Pyramid AREA Enterprise AR Cyber Security Framework www.thearea.org ww.brainwaive.com 6 Methodology Phase I Identification of Security Requirements Phase II Evaluation of Security Design Phase III Active Penetration Testing www.thearea.org ww.brainwaive.com 7 PHASE I - Identification of Security Requirements › Use Cases › Safety and Privacy Restrictions Edge Tier › Solution Architecture Platform Tier www.thearea.org ww.brainwaive.com Enterprise Tier 8 PHASE II - Evaluation of Security Design Differences vs. Mobile Security Device Identity Security Design Access Control Lifecycle Integrity Protection Network Connectivity Monitoring, Logging Hardware Security Configuration & Management Software Security www.thearea.org ww.brainwaive.com 9 PHASE III - AR System Penetration Testing AR as The Endpoint Modes AR AR as the inject point Enterprise Assets AR as a vector transition Pre-Test Assessment * Threat Scoping * Vulnerability Analysis * Exploitation Methodology www.thearea.org ww.brainwaive.com 10 Findings / Results › › › AR devices are significantly different than conventional mobile devices – in ways that open up new threats to the enterprise Stakeholders have so far “passed the buck,” looking to others to provide cyber security Using the concept of “security equivalence,” we were able to build on existing frameworks in related fields to build the AREA Wearable AR Security Framework and Test Protocol, which can be used to effectively characterize and evaluate AR device security threats. VS. www.thearea.org ww.brainwaive.com ? 11 Framework Validation Concepts to be conveyed: Steps we took to validate our approach and findings › Hands-on device testing › Industry interviews www.thearea.org ww.brainwaive.com 12 Call To Action Points to be conveyed › Enterprise AR Security is mission-critical › It is a new animal that must be understood and addressed › It takes everyone in the community working together › It will be an ongoing dialogue › You should hire Brainwaive today to help you work the problem. End Users Others Content Developers Enterprise Secure Enterprise AR Solutions Cyber Experts Industry Orgs Device Vendors SIS www.thearea.org ww.brainwaive.com 13