Today, I presented the HoT Framework at BSidesAugusta 2017. I have posted the slides (PDF) here. The recording and SlideShare are below. Don’t forget to read the Gitbook and leave some feedback. Check the Gitbook regularly because I will push updates periodically as I update the TAIs. Again, to all of you that attended my talk today, thank you! I look forward to collaborating with each of you to improve the HoT Framework and to get PATRIoTS started.
The HoT Framework is currently undergoing a complete redesign and will be presented on September 16, 2017 at BSIDESAugusta. Expect to see the framework published here on that date.
Daniel West (@reaperb0t)
The Homeland of Things (HoT) Framework
During 2016, we witnessed the resiliency of our adversaries as they transitioned from zombifying personal computers to zombifying vulnerable and easily accessed IoT nodes with the Mirai botnet. As an informed American citizen, you likely follow best practices for securing your personal computers, but when was the last time you updated the firmware on your wireless router or smart toilet? As a cybersecurity professional, what procedures will your company or government agency follow to detect and mitigate the compromise of IoT devices within your organization? As a Nation, we must greatly improve our ability to handle the growing prevalence and risks of the IoT within our homes, the varying levels of government, industry, and academia. We must prevent our adversaries from harnessing the power of our IoT devices to attack critical infrastructure
Vulnerabilities, threats, and risks are inherent with Internet of Things (IoT) devices, which typically reside at the meeting place of critical infrastructure and cyberspace. We present the HoT Framework to promote best practices for all Federal and State, Local, Tribal, and Territorial (SLTT) governments, non-government organizations (NGOs), and the private sector to use as a foundation for the reconnaissance, interrogation, and hardening of IoT nodes that are characterized as existing within both critical and non-critical infrastructure throughout the physical network layer, logical network layer, and cyber-persona layer of cyberspace terrain. In addition, we propose solutions for, public awareness of, and information sharing regarding the vulnerabilities, threats, risks, mitigations, and countermeasures associated with the IoT. The HoT Framework serves to assist Federal and SLTT governments, NGOs, and the private sector in thwarting attacks against their IoT devices and preventing their IoT devices from being used as an attack platform. For the framework to be effective, we need direct support from the DHS, DoD, DOJ, and other Federal agencies. We will also need to establish partnerships with SLTT, NGO, and the private sector (academia and industry) to further enrich and develop the framework using real-world data. We will continue to enrich the framework with technical modules and videos that demonstrate how to conduct the steps within the framework. To read the full HoT Framework, please click here.