Cybersecurity and Public Safety In The Era of Advanced Hacking
Our national power grid. Road infrastructure such as traffic lights and street lamps. Motor vehicles. Water treatment and distribution.
What do all these have in common?
They’re either connected to the web or will be one day soon. The vision of the smart city is an attractive one, sure. No more car accidents, automated vehicles that get you to your destination with minimal delay, advanced power and water systems that make brownouts, blackouts, and water quality issues a thing of the past.
However, it’s also dangerous.
See, as our technology grows more advanced - as we bring more data and more infrastructure online - so too do the hackers who target it, and the techniques they use to do so. Consider, for example, what happened at the end of last month. Hackers managed to disrupt the weekend service of a Baltimore computer network that supported emergency calls.
Though the reason behind the attack is unclear, it put people’s lives at risk. This isn’t the first attack of its kind, nor will it be the last. And as if that’s not frightening enough on its own, in a few years’ time, this attack will probably look tame by comparison.
We’re living in an era in which cyberespionage and cyberterrorism are pressing realities. Imagine, if you will, a group of black hats who are able to completely shut down the power grid for an entire city (or even an entire state). Picture what might happen if hackers were to seize control of a fleet of self-driving trucks, turning them into road-bound missiles.
The potential for chaos - the potential for loss of life - is very real.
Yet IoT vendors are still horribly lax with their security. Businesses have by and large failed to adopt adequate IoT security measures. People are connecting all manner of ‘smart’ devices to their networks without giving any thought as to whether or not these devices are safe.
Businesses and governments are aware of this, to an extent. There’s an active push for better IoT regulation. An active push to hold vendors accountable for shoddy firmware and glaring security holes; a concerted effort to correct the veering collision course the security posture of our nation appears to be on.
That’s going to take time, though. And in the meantime, it’s up to all of us to do our parts so that we’re better-prepared for the Internet of Things. But what does that involve?
- Study and understand the risks of embedded systems. You’ll need much tighter security protocols for IoT sensors than you would for smartphones or desktop computers.
- As an addendum to the above, perform a risk analysis on each IoT device you use within your business. The office coffee machine probably doesn’t carry as much data as a sensor hooked up to a factory floor - but it could be just as much of a security threat.
- Create a guest network that limits device-to-device communication between consumer IoT systems, as they tend to be built to much lower security standards than enterprise hardware.
- Ensure that every IoT vendor you work with is diligent about security - and don’t work with any who have lax protocols.
- Implement endpoint security tools that allow you to retain visibility into and control over your IoT devices.
- Make sure you always have control over your data, and that it’s always encrypted.
- Ensure your IT department is not understaffed - and seek additional talent if it is.
A decade ago, cybersecurity was purely a matter of keeping your data safe. Today, however, it’s about a lot more than that. It’s a matter of public safety. And every business, government, and individual has a role to play in ensuring it’s upheld.