CYBER INSECURITY

cybersecurity

The recent rash of  hack attacks, which caused only a little embarrassment to CENTCOM and  damage to the images of some SONY execs, has caused President Obama to initiate high-level discussions on the subject this week.  Channeling Johnny Cochrane on the 12th, the President said, ” If we are going to be connected, then we must be protected.”

 

We agree.  On  June 3rd in this space we posted the details of a Ukrainian-based malware scam that cost victims millions, and we strongly oppose people and organizations that terrorize the Internet.  The cyber security experts usually point at the endusers, chastising them about using passwords more effectively. The experts would have us believe that no site or web application can be made hack-free.   At a recent cyber security industry trade show, one booth featured many types of traditional locks, including some of the best home locks.  As a demonstration, each lock was picked.  The purpose of this was to show that–given enough time–even the best locks can be compromised, and to show  that any security we think we have in the physical  world is as elusive as it is in cyberspace. Then these experts ask you to hire them to help make your infrastructure more secure.  They have set a very low  expectation–easy to fail to  deliver security if it’s really impossible in the first place.   Blame it on all those users and their passwords.     Hopefully, the President’s efforts will push the discourse to a more accountable level.  The good news is that we CAN improve security.  The people who can most effectively push back the black-hat hackers are the people who build and deliver the products and services  that are getting hacked.  Improved security needs to be designed into the hardware devices and software applications, starting with server, smartphone, and personal computing devices, and the high-usage, apparently wide-open  ( are there any security folks  at Facebook and Twitter?) social media applications.  Hacking generates unusual traffic quantities and qualities.   It is possible today to build products and applications that monitor themselves for such unusual activity.

Self-monitoring software applications and Internet devices are necessary firstly to end the current level of black hat activity, but drastic improvement by manufacturers and service providers is most importantly needed to protect the nation’s financial infrastructure and to enable the Internet of Things and smart homes.   The billions of dollars  created by companies using the Internet to deliver their product or service are more than enough to fund a major effort to improve the most-ubiquitous, highly-used products and applications.   Google has the expertise to create a core group of “white hats,”  talent that could be used by manufacturers and very large endusers, like the federal government.    Perhaps providing developer/designer  resources  to hardware and software manufacturers would be a more valuable contribution from Google, for example, than a smart thermostat or smartglass.

Bill Patch, 01/15/

 

IoT Appliances Hacked

IoT ImageProofpoint, an Internet security firm, has announced the first reported incident of a security problem with connected, “smart,”  appliances, which are proliferating in the growing “Internet of Things (IoT).”   In this case hackers broke into over 100,00 consumer appliances, including  home-networking routers, connected multi-media centers, TVs, and at least one refrigerator, to send over 750,00 malicious emails during the period from 12/23/13 to 01/06/14.   The appliances were relatively easy to hack because they were set up poorly and/or used  the default passwords that came with the device (never a good idea).  The Proofpoint News Release stated,” As the number of  such connected devices is expected to grow to more than four times the number of connected computers in the next few years, proof of an IoT-based attack  has significant  implications for device owners and enterprises.”   Yes… “Significant implications, ”  indeed…IoT networks need to have security.  Companies like Cisco need to provide security products and services for home and enterprise networks, and consumers need to use them.  Systems can include  monitoring software.  IoT products can be truly “smart,” and they can monitor themselves and provide security alerts.  If users and providers  include  security as a priority for their IoT systems, the risk of an IoT installation will be no worse than the average computer, and probably better than the average mobile device.

 

Google Makes a Strong Play into the IoT

In related news, this week it was reported that Google bought an IoT company, Nest Inc., for $3.2Billion.  Nest was founded by Tony Fallon, who is generally given lots of credit for the design and development of the iPad while he was at Apple, The company makes a smart thermostat and a carbon monoxide detector.  The company’s products are beautifully-designed, and the announcement of Google’s acquisition caused excitement in the technology industry.  $3.2 Billion is quite a commitment, even for Google.  The move validates the bullish forecasts for the IoT market, and it positions Google to be a major player in that market.

 

Bill Patch

01/17/14

The "Internet of Things " is Coming

IoT Image

If you haven’t heard much about The Internet of Things (IoT), you soon will.  Also called “The Internet of Everything,”  this refers to the connection of everyday objects to the Internet.  Once objects are wirelessly connected, using sensors installed in them, to the Internet cloud, then data can be transmitted from them and collected and  accessed by various devices, including smartphones, tablets, and personal computers. Appliance manufacturers like LG and computer network companies like Cisco are already installing hardware and software.  There are a bunch of companies, including an especially bright one named ” Evrything,”  that are producing software that collects data from the things and transmits it to the Internet.

Billions of Things, Trillions of Dollars

The technology is already in place to connect all the things in our life, and to start them communicating with us.  All that’s required are:  a) Sensors, which measure things like whether a door is open or closed, or the amount of electricity being consumed by an appliance, or whether a parking space is filled or empty; b)Connectivity, either through a base station or embedded in the device itself; and c) Processors, to parse incoming data from the sensor(s) and transmit it.  IDC, a respected technology market research firm, predicts there will be 30.1 billion installed autonomous things connected by 2020, when  the  IoT industry will generate $ 8.9Trillion revenue in products and services.  ( Source:  Business Insider,  “The 6 Basic Building Blocks for the Things in “The Internet of Things,’  12/31/2013.

Public Trust Is Needed

People close to the industry tend to treat the connection of everything through the Internet as a fait accompli–because it can be done, of course it will be.  They point to the obvious benefits, including public safety and more efficient buildings.  When gas lines can be constantly monitored for leaks, and bridges can be constantly monitored for dangerous wear and tear, and bodies can be monitored for early heart attack signs, and food can be monitored for freshness, and products can be tracked throughout their manufacturing life cycle, lives can be saved and products can be produced more efficiently.  However, in the current environment privacy concerns may slow the growth of the totally connected world.  Today, we see the top executives of some of the leading technology companies writing public letters and making public speeches  to the NSA, decrying the government agency’s misuse of data collected from them. Tim Cook,, Apple’s CEO,recently called them “malicious hackers.”  This self-serving, all-too-public, whining is coming from companies who previously cooperated silently with the collection of all sorts of data about their customers.

 If tech companies cannot protect their customers’ information better than they have thus far, people will not trust the IoT enough to achieve the kind of comprehensive connectivity the tech gurus envision.  Tech companies have to make stronger, safer products–ones that can protect us from malicious  hackers.  If care is taken to build secure systems and gain public trust, the IoT will arrive as a natural evolution.   

Bill Patch

01/01/2014