IoT Turns Cities Into Cyber Battlegrounds

The Internet of Things (IoT) is growing rapidly. The number of internet-connected devices is expected to hit 6.4 billion in 2016, and to surpass 38 billion by 2020. The emergent field is racing ahead of current practices, utilising cutting-edge technology to provide us with ever-newer capabilities. 

The problem is that IoT is also racing ahead of the current state of the art in cyber security, making the devices vulnerable to attack. As they come to occupy an ever more prominent role in our lives, they could put those same lives in serious danger.

The Stuxnet worm wreaked havoc on Iranian nuclear centrifuges, but this was only the most well known example. A German steel mill was extensively damaged through a cyber attack earlier this year, while over the past three years Iranian hackers destroyed 75% of computers belonging to Saudi Arabia’s national oil company. With more and more devices coming online these attacks are a sign of things to come.

As security was not rigidly implemented in many of today’s infrastructures at the design stage, adding protection now is becoming increasingly harder. The avenues of attack for potential cyber-terrorists or rogue-states are numerous. Many of the industrial systems in use have hardcoded backdoors – implemented for ease of maintenance – that could prove their downfall. 

The same applies to many of the systems behind electric grids, train networks, and traffic control, water and sewage, and some hospital systems. Determined attackers could seriously disrupt these systems, or shut them down entirely, with devastating effects.

More than 25,000 internet-connected deployments of an automation system “used widely by the military, hospitals and others to control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities” are vulnerable to attack, researchers found in 2013. Most drone control systems are insufficiently secured, if at all.

Attackers could even target us in our homes. Home automation systems are particularly vulnerable to attack, allowing hackers to control everything from the temperature in the house, to alarm systems, and even unlock doors. Smart TVs, mobile phones and baby monitoring cameras are at risk of becoming eavesdropping and tracking devices.

So far, attacks of this sort have been isolated, but a determined group of attackers could employ these weaknesses to affect catastrophic results. These could range from disrupting traffic, affecting the entire economy, to even attempts at disrupting the governance of a state.

To thwart this threat manufacturers must take security more seriously. When the risk of attack is entirely unpredictable, and when such an attack could be orchestrated by a small group of people, tech firms must integrate secure design concepts at the earliest stages. Cybersecurity, in both the government and the private sectors, must be integrated into the entire homeland security paradigm. Only a concerted effort by the public and private sector working together can prevent the risks we face.


I-HLS

« OPM Hack Was Criminal - Not China Government Sponsored
Cyber Warfare Is Integral To Modern International Politics »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.