Partner Perspectives  Connecting marketers to our tech communities.
10/20/2016
11:02 AM
Ned Miller
Ned Miller
Partner Perspectives
50%
50%

Why Arent We Talking More Proactively About Securing Smart Infrastructure?

Let's not perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.

Cyberattacks against smart cars, smart homes, and other smart devices are happening today, so it is easy to jump to the conclusion that we will soon be reading about smart buildings and smart cities being attacked.

I have to admit I have become somewhat desensitized to the topic of cyberattacks against infrastructure. Maybe it’s because I see the industry and media classifying the security of smart infrastructure under the topic of securing the Internet of Things. When I hear about IoT attacks, it just hasn’t been personal enough for me to get fired up.

An Intel colleague, Lorie Wigle, head of Intel’s IoT strategy, recently described how technology will be part of climate change efforts. Whatever the carbon goal, renewable energy, energy efficiency, smart transportation, and smart buildings will all play critical roles. After reading her blog, I started noticing other articles covering everything from the latest connected car hacks to suspicions of rigged Internet-connected voting systems.

Maybe you remember a US government exercise from just a few years ago, when a team of hackers used a cyberattack to make an electrical generator motor self-destruct. Or the attack against the Ukrainian electric power grid, which put the US grid on high alert last year.

Recently, the US Transportation Department released the first national guidelines to spur development of autonomous-vehicle technologies and ensure their safety. The day before that, a group of researchers showed that it was possible to control an Internet-connected car from a distance. These researchers said they were able to take over numerous functions of a specific make and model from as far away as 12 miles, manipulating the vehicle’s controls via a laptop computer. They locked the car's control screens, moved seats, activated turn signals, and opened doors without keys. While the car was driving, they used the laptop to turn on windshield wipers, open the trunk, and fold in exterior rearview mirrors. A researcher in an office building also 12 miles from the test track was able to activate the car's brakes while the vehicle was moving.

A June 2016 survey conducted by Dimensional Research assessed cybersecurity challenges associated with smart city technologies by interviewing over 200 IT professionals working for state and local governments. When asked if a cyberattack targeting critical city infrastructure posed a threat to public safety, 88% of the respondents said yes. In addition, 78% of the respondents stated there would likely be a cyberattack against smart city services in 2016.

Smart cities use IT solutions to manage a wide range of city services, including smart power grids, transportation, surveillance cameras, wastewater treatment, and more. Navigant Research anticipates that global smart city technology revenue will reach $36.8 billion this year. Despite growing profitability in the sector, many cybersecurity experts are wary that smart city technologies are being adopted faster than the technology needed to protect them.

I started this blog asking a question: Why aren’t we talking more proactively about securing smart infrastructure? I’ll end it with a request for action: Get seriously involved now. Let’s not repeat the mistakes of the past and perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.  Build in a sustainable defensive advantage as part of your security reference architecture as you build your smart ecosystems.

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GIGABOB
50%
50%
GIGABOB,
User Rank: Apprentice
10/25/2016 | 11:20:45 AM
Secure the bits and avoid the bullets
I have noted for the past two years that cyber-threats grow more dangerous as we roll out and deploy insecure IoT infrastructrure.  I noted the rising vulnerabilty of device hijacking for DDOS attacks - and here we are.  I doubt these are state actors at this point, they are saving knowledge of these vulnerabilities for mass exploits as the first rounds fired in an opening attack will be bits not bullets sowing confusion.  When state actors emerge we will be well and truly screwed unless we act now to implement much more advanced device encryption, embed an internal device ID and develop a software framework for both the network fabric managing these devices and what they can be allowed to actuate.

This will add to IoT costs now, slowing deploymnet until these systems can be standardized and embedded in silicon.  Ultimately security is not cheap, whether it is for national defnse or local police or to avoid mass cyber attacks.  But as we have seen, the notion we could deploy simple cameras and toys with vestigal security has already come back to bite us.  We also know medical firms have deployed their devices with marginal security for pacemakers and deep brain stimulators for Parkinsons.  Guys, get a clue.
jeldredge
50%
50%
jeldredge,
User Rank: Apprentice
10/21/2016 | 11:16:58 AM
Smart Infrastructure
Neil, It is crazy how vulnerable smart infrastructure is to a cyber attack. I, like you, have become numb to the news about IoT attacks, but when you put those smaller attacks in to a larger perspecitve, the idea starts to hit close to home. I completely agree that we need to get seriously involved when it comes to securing smart infrastructure. This was a great post. www.spirentfederal.com.

 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9962
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
CVE-2019-9963
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
CVE-2019-9964
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
CVE-2019-9965
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
CVE-2019-9966
PUBLISHED: 2019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.