IoT Turns Cities Into Cyber Battlegrounds

Uploaded on 2015-12-06 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

The Internet of Things (IoT) is growing rapidly. The number of internet-connected devices is expected to hit 6.4 billion in 2016, and to surpass 38 billion by 2020. The emergent field is racing ahead of current practices, utilising cutting-edge technology to provide us with ever-newer capabilities. 

The problem is that IoT is also racing ahead of the current state of the art in cyber security, making the devices vulnerable to attack. As they come to occupy an ever more prominent role in our lives, they could put those same lives in serious danger.

The Stuxnet worm wreaked havoc on Iranian nuclear centrifuges, but this was only the most well known example. A German steel mill was extensively damaged through a cyber attack earlier this year, while over the past three years Iranian hackers destroyed 75% of computers belonging to Saudi Arabia’s national oil company. With more and more devices coming online these attacks are a sign of things to come.

As security was not rigidly implemented in many of today’s infrastructures at the design stage, adding protection now is becoming increasingly harder. The avenues of attack for potential cyber-terrorists or rogue-states are numerous. Many of the industrial systems in use have hardcoded backdoors – implemented for ease of maintenance – that could prove their downfall. 

The same applies to many of the systems behind electric grids, train networks, and traffic control, water and sewage, and some hospital systems. Determined attackers could seriously disrupt these systems, or shut them down entirely, with devastating effects.

More than 25,000 internet-connected deployments of an automation system “used widely by the military, hospitals and others to control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities” are vulnerable to attack, researchers found in 2013. Most drone control systems are insufficiently secured, if at all.

Attackers could even target us in our homes. Home automation systems are particularly vulnerable to attack, allowing hackers to control everything from the temperature in the house, to alarm systems, and even unlock doors. Smart TVs, mobile phones and baby monitoring cameras are at risk of becoming eavesdropping and tracking devices.

So far, attacks of this sort have been isolated, but a determined group of attackers could employ these weaknesses to affect catastrophic results. These could range from disrupting traffic, affecting the entire economy, to even attempts at disrupting the governance of a state.

To thwart this threat manufacturers must take security more seriously. When the risk of attack is entirely unpredictable, and when such an attack could be orchestrated by a small group of people, tech firms must integrate secure design concepts at the earliest stages. Cybersecurity, in both the government and the private sectors, must be integrated into the entire homeland security paradigm. Only a concerted effort by the public and private sector working together can prevent the risks we face.


I-HLS

« OPM Hack Was Criminal - Not China Government Sponsored
Cyber Warfare Is Integral To Modern International Politics »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

At-Bay

At-Bay

At-Bay is the world’s first InsurSec provider designed from the ground up to help businesses tackle cyber risk head on.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

Basalt

Basalt

Basalt provide qualified consulting services in information security, personnel security and physical security.