Cyber Breaches Will Kill

People's property and life are getting increasingly exposed to cyber-attacks because just about everything today has computing power, an information security expert warns. A world of "smart" devices means the Internet can kill people.

“It used to be what with computer security, we were worried about computers, desktops and laptops,” Bruce Schneier, (pictured) a special advisor to IBM Security, said Tuesday 14th May during the Payments Canada Summit in Toronto.

But cars, appliances, power plants and medical devices are at increased risk from hacking attacks, suggested Schneier, author of Click Here to Kill Everybody.

Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers, from home thermostats to chemical plants, are all online. The Internet, once a virtual abstraction, can now sense and touch the physical world.

As we open our lives to this future, often called the Internet of Things, we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways.

“All the lessons from computer security, about vulnerabilities, about hacking, about complexity, about changing technology, become true for everything everywhere, and I am not convinced we are ready for that,” Schneier said during the recent  Payments Canada Summit in Toronto.

“There’s a fundamental difference between ‘my spreadsheet crashes and I lose my data,’ and ‘my embedded heart monitor crashes and I lose my life,'” said Schneier.

But the computer you use for the spreadsheets could have the same type of operating system and central processing unit as one with an embedded heart monitor, added Schneier, and therefore the same method can be used to attack both.

“It’s only what the computer is attached to that makes a difference and that is the world that is coming.”
Conventional computers can be made more secure with patching but this is because the software vendors have teams working on software that addresses security issues and can be installed by the users.

“That fails with low-cost medical devices. The teams don’t exist.”

Schneier suggested that although he worries that someone might hack into his medical records and steal his private health records, he is even more worried about the consequences of a hacker being able to alter his health records and show that he has a different blood type.

Cyber security has three major elements, confidentiality, integrity and availability, said Schneier.

Confidentiality means only certain authorised people can access the data.

Integrity means the data cannot be changed and availability means that one has access to the data. So a corporate data breach means the data is no longer being kept confidentiality, while a ransomware attack means the data is no longer available.

If a criminal can hack into medical records and change what is recorded as the patient’s blood type, then the integrity of the data is compromised.

“When you get to computers that affect the world in a direct physical manner, the integrity and availability attacks are much worse than the confidentiality attacks because there are real risks to life and property,” said Schneier.

He demonstrated the significance by using an example of hackers targeting a connected car. Listening to one’s conversations on a Bluetooth-enabled cellphone or figuring out someone’s location is a confidentiality breach, suggested Schneier.

“I really don’t want them disabling the brakes. That is a data availability attack,” said Schneier, who is also a fellow at the Berkman Klein Center for Internet & Society at Harvard University

“Your car used to be a mechanical device. Now it’s a computer with four wheels plus and an engine.”

Canadian Underwriter:

You Might Also Read: 

Security Flaws In Smart City Technology

 

 

« The Worldwide Skills Shortage Is Growing
Iranian Cyber-Espionage Exposed »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

National Cyber Security Agency (NACSA) Malaysia

National Cyber Security Agency (NACSA) Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

Vehere

Vehere

Vehere specialises in mission critical signals aquisition and analytics platform and cyber defence systems.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.