Das Internet of shitty things breitet sich bekanntlich unaufhaltsam aus.

Wie immer hinkt die Buchliteratur hinterher bzw. redet erstmal die daraus zu erschaffende schöne neue Welt herbei.

Hier daher mal eine Literaturempfehlung, die die sich am Horizont abzeichnende Sicherheits(lücken)landschaft nachzeichnet:

- Practical Internet of Things Security von Brian Russell und Drew Van Duren, beide Sicherheitsspezialisten bei Leidos (als Kindle Edition).

Auszug aus dem Inhaltsverzeichnis:

Chapter 1: A Brave New World 1
Defining the IoT 3
Cybersecurity versus IoT security and cyber-physical systems 5
Energy industry and smart grid 11
Connected vehicles and transportation 11
Manufacturing 11
Wearables 12
Implantables and medical devices 12
The IoT in the enterprise 13
The things in the IoT 17
Operating systems 20
IoT data collection, storage, and analytics 30
IoT integration platforms and solutions 30
The IoT of the future and the need to secure 31
The future – cognitive systems and the IoT

Chapter 2: Vulnerabilities, Attacks, and Countermeasures 33
Primer on threats, vulnerability, and risks (TVR) 34
The classic pillars of information assurance 34
Threats 36
Vulnerability 36
Risks 38
Primer on attacks and countermeasures 39
Common IoT attack types 39
Attack trees 41
Building an attack tree 42
Fault (failure) trees and CPS 46
Fault tree and attack tree differences 47
Merging fault and attack tree analysis 47
Example anatomy of a deadly cyber-physical attack 49
Today's IoT attacks 52
Attacks 53
Wireless reconnaissance and mapping 53
Security protocol attacks 54
Physical security attacks 54
Application security attacks 54
Lessons learned and systematic approaches 55

Chapter 5: Cryptographic Fundamentals for
IoT Security Engineering 131
Cryptography and its role in securing the IoT 132
Accounting and management 160
Summary of key management recommendations 161
Examining cryptographic controls for IoT protocols 162
Cryptographic controls built into IoT communication protocols 162
Cryptographic controls built into IoT messaging protocols 167
Future directions of the IoT and cryptography 169

Chapter 7: Mitigating IoT Privacy Concerns 199
Privacy challenges introduced by the IoT 200
Wearables 202
Smart homes 202
Metadata can leak private information also 202
Respect for user privacy 218

Chapter 9: Cloud Security for the IoT 253
Cloud services and the IoT 254
Customer intelligence and marketing 256
Information sharing 256
Examining IoT threats from a cloud perspective 257
Exploring cloud service provider IoT offerings 259
AWS IoT 259
Microsoft Azure IoT suite 264
Cisco Fog Computing 265
IBM Watson IoT platform 267
MQTT and REST interfaces 267

Chapter 10: IoT Incident Response 281
Threats both to safety and security 282
IoT system categorization 287
IoT incident response procedures 289
The cloud provider's role 290
IoT incident response team composition 291

Siehe auch die bereits früher zusammengetragenen Literaturhinweise zu verwandten Themen:

- Computersicherheit

- Datensicherheit/Datenschutz

- Robotik/Automatisierung

- Ratgeber Einbruchschutz

--
Literatur-/Produkthinweise. Alle Angaben ohne Gewähr! - Leserzuschriften