Partner Perspectives  Connecting marketers to our tech communities.
11:02 AM
Ned Miller
Ned Miller
Partner Perspectives

Why Arent We Talking More Proactively About Securing Smart Infrastructure?

Let's not perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.

Cyberattacks against smart cars, smart homes, and other smart devices are happening today, so it is easy to jump to the conclusion that we will soon be reading about smart buildings and smart cities being attacked.

I have to admit I have become somewhat desensitized to the topic of cyberattacks against infrastructure. Maybe it’s because I see the industry and media classifying the security of smart infrastructure under the topic of securing the Internet of Things. When I hear about IoT attacks, it just hasn’t been personal enough for me to get fired up.

An Intel colleague, Lorie Wigle, head of Intel’s IoT strategy, recently described how technology will be part of climate change efforts. Whatever the carbon goal, renewable energy, energy efficiency, smart transportation, and smart buildings will all play critical roles. After reading her blog, I started noticing other articles covering everything from the latest connected car hacks to suspicions of rigged Internet-connected voting systems.

Maybe you remember a US government exercise from just a few years ago, when a team of hackers used a cyberattack to make an electrical generator motor self-destruct. Or the attack against the Ukrainian electric power grid, which put the US grid on high alert last year.

Recently, the US Transportation Department released the first national guidelines to spur development of autonomous-vehicle technologies and ensure their safety. The day before that, a group of researchers showed that it was possible to control an Internet-connected car from a distance. These researchers said they were able to take over numerous functions of a specific make and model from as far away as 12 miles, manipulating the vehicle’s controls via a laptop computer. They locked the car's control screens, moved seats, activated turn signals, and opened doors without keys. While the car was driving, they used the laptop to turn on windshield wipers, open the trunk, and fold in exterior rearview mirrors. A researcher in an office building also 12 miles from the test track was able to activate the car's brakes while the vehicle was moving.

A June 2016 survey conducted by Dimensional Research assessed cybersecurity challenges associated with smart city technologies by interviewing over 200 IT professionals working for state and local governments. When asked if a cyberattack targeting critical city infrastructure posed a threat to public safety, 88% of the respondents said yes. In addition, 78% of the respondents stated there would likely be a cyberattack against smart city services in 2016.

Smart cities use IT solutions to manage a wide range of city services, including smart power grids, transportation, surveillance cameras, wastewater treatment, and more. Navigant Research anticipates that global smart city technology revenue will reach $36.8 billion this year. Despite growing profitability in the sector, many cybersecurity experts are wary that smart city technologies are being adopted faster than the technology needed to protect them.

I started this blog asking a question: Why aren’t we talking more proactively about securing smart infrastructure? I’ll end it with a request for action: Get seriously involved now. Let’s not repeat the mistakes of the past and perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.  Build in a sustainable defensive advantage as part of your security reference architecture as you build your smart ecosystems.

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/25/2016 | 11:20:45 AM
Secure the bits and avoid the bullets
I have noted for the past two years that cyber-threats grow more dangerous as we roll out and deploy insecure IoT infrastructrure.  I noted the rising vulnerabilty of device hijacking for DDOS attacks - and here we are.  I doubt these are state actors at this point, they are saving knowledge of these vulnerabilities for mass exploits as the first rounds fired in an opening attack will be bits not bullets sowing confusion.  When state actors emerge we will be well and truly screwed unless we act now to implement much more advanced device encryption, embed an internal device ID and develop a software framework for both the network fabric managing these devices and what they can be allowed to actuate.

This will add to IoT costs now, slowing deploymnet until these systems can be standardized and embedded in silicon.  Ultimately security is not cheap, whether it is for national defnse or local police or to avoid mass cyber attacks.  But as we have seen, the notion we could deploy simple cameras and toys with vestigal security has already come back to bite us.  We also know medical firms have deployed their devices with marginal security for pacemakers and deep brain stimulators for Parkinsons.  Guys, get a clue.
User Rank: Apprentice
10/21/2016 | 11:16:58 AM
Smart Infrastructure
Neil, It is crazy how vulnerable smart infrastructure is to a cyber attack. I, like you, have become numb to the news about IoT attacks, but when you put those smaller attacks in to a larger perspecitve, the idea starts to hit close to home. I completely agree that we need to get seriously involved when it comes to securing smart infrastructure. This was a great post.

Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.