ICD Brief 60.
This month we look at the positives and negatives of the burgeoning global movement to using IOTs or The Internet of Things. There are babies born now who will not need to pass an old fashioned driver’s test. But in spite of the mass movement towards smart phones, refrigerators and Alexas, there are many challenges in the area of security. And then we look at industrial systems.
Did you know that manufacturers are increasingly vulnerable to attack? Had you heard that the EU has drafted a document declaring cyber-attacks are an Act of War? Dell EMC will add an IoT Division and the Brits are demanding urgent government intervention to improve IoT device security.
Studies Say Manufacturers Are Increasingly Vulnerable to Cyberattack
“The manufacturing industry remains highly vulnerable to cyberattacks, and experts say it’s largely due to a lack of awareness and action. A report by Accenture and the Ponemon Institute found that the average cost of cybercrime globally reached $11.7 million per organization in 2017, a 23% increase over $9.5 million the previous year. Accenture said the average company now suffers 130 breaches per year.”
ELC 2017: A New Era Approaches for DHS’s CDM Cybersecurity Program
“Most agencies are still in the early stages of implementing the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, but DHS wants to ensure that agencies can use CDM to protect their networks and IT for years to come.”
US Warns Public About Attacks on Energy, Industrial Firms
“The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyberattacks present an increasing threat to the power industry and other public infrastructure.”
Agencies Complete Step One of DHS Cyber Directive, Now Comes the Hard Part
“The recent completion of step one of the Homeland Security Department’s Sept. 13 Binding Operational Directive to remove all Kaspersky Lab products from their IT systems in 90 days may have been easier for some agencies than others.”
Security Alert: Worrisome Security Risks Discovered in LG Smart Devices
“The Internet of Things is rapidly evolving. Digital devices are capable of an ever-increasing number of smart functions. The latest innovation to make waves is the Hom-Bot from LG Smart Devices. The smart vacuum cleaner is constructed using the latest technology including sensors and a video camera. It’s linked to a mobile app, allowing the LG Smart Device to stream live video direct to the user’s phone via the LG SmartThin Q app.”
Australia Likely to Get Its Own GDPR
“The mandatory data breach notifications laws coming into effect in Australia next year will be followed by other laws to ensure everyone in the digital ecosystem — including government divisions, large corporates, small to medium-size enterprises (SMEs), and consumers — are playing their role in keeping Australia “cyber secure”, according to Senator Bridget McKenzie.”
Internet Already “Poisoned” as Businesses Defy Cybersecurity Common Sense by Installing, Trusting IoT Devices
“The pushing of billions of insecure Internet of things (IoT) devices into the market has already “poisoned” the Internet with a level of vulnerabilities that will be hard to claw back from, one security specialist has said in warning that “the damage is already done”.”
Estonia Orders Online ID Lock-Down to Fix Security Flaw
“Estonia plans to block access to the country’s vaunted online services for 760,000 people from midnight on Friday to fix a security flaw in some of the Baltic country’s identity smartcards that was identified earlier this year.”
How Are US-China Cyber Relations Progressing?
“Earlier this month, the United States and China met for the first U.S.-China Law Enforcement and Cybersecurity Dialogue. This and future similar dialogues seek to expand upon cooperation begun in 2015 with the Obama-Xi cyber agreement, which barred state-sanctioned cyber theft of intellectual property for the purpose of enhancing commercial competitive advantage. Although some reports indicate the agreement has contributed to a quantitative decline in cyber theft, further reportsindicate that that the U.S.-China intellectual property cyber front is anything but calm. Not only are state-to-state cyber espionage activities likely ongoing (a category of competition not addressed in the 2015 agreement), but analysts suggest efforts to infiltrate U.S. companies continue, but are simply more sophisticated, targeted, and calculated. Why has the 2015 agreement seemingly fallen short despite apparent bilateral support?”
EU to Declare Cyber-Attacks “Act of War”
“European Union member states have drafted a diplomatic document which states serious cyber-attacks by a foreign nation could be construed as an act of war.”
Dell EMC Plans to Add IoT Division
“Dell EMC, the IT infrastructure behemoth that provides solutions in servers, storage, computers, virtualisation and security, plans to venture into the Internet of Things (IoT) with their products, solutions and partner ecosystem.”
What Can We Learn from the “Global State of Information Security Survey 2018”?
“In October 2018, PricewaterhouseCoopers (PwC) released the latest edition of “The Global State of Information Security Survey.” For this report, the professional services firm surveyed over 9,000 leaders, including CEOs, chief financial officers (CFOs), chief information officer (CIOs) and chief information security officers (CISOs), from 122 countries.”
NATO, EU, Japan Collaborate for Cyber-Security amid China, Russia Threats
“NATO-Japan Cyber-Security Partnership: Japanese cyber experts will visit the center of cyber-security of NATO, which is located in Tallinn, the capital of Estonia. This was stated in an interview with the Japanese newspaper Yomiuri Shimbun, by NATO Secretary General Jens Stoltenberg, who begins his visit to Japan on October 29.”
Poland to Adopt National Cybersecurity Act
“Polish Ministry of Digitisation has published a draft Act on a national cyber-security system, reported Telko.in. The main purpose of the act will be the establishment of a central information system on cyber-security incidents and prevention thereof. Telecommunications operators will be part of the system and will have additional obligations as so-called key service operators, including IP traffic exchange operators (IXs) and DNS service providers.”
U.S. Prosecutors Consider Charging Russian Officials in DNC Hacking Case
“The Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election, according to people familiar with the investigation. Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case next year, these people said. Discussions about the case are in the early stages, they said.’
Brits Demanding Urgent Government Intervention to Improve IoT Device Security
“Consumers and businesses across the world are urging their governments to step in to regulate IoT device security and their encryption standards. The fact that people in the UK are not very trusting of IoT devices and their security is quite well-known, but a survey by digital security firm Gemalto has revealed some eye-opening reasons to prove why the IoT device security in the UK is probably the lowest in the world at the moment.”
Cyber Security Awareness Month: The Internet of Things and Cybersecurity
“To close out National Cyber Security Awareness Month and the University of Kentucky Information Technology Services‘s tips and advice, below is the fifth and last in a series of stories, focused on IoT devices and tips for using them securely.”