Cybersecurity: Going From Bad to Worse
But a cybersecurity expert at the Atlantic Council, a Washington, D.C., think tank warns that the internet of things, for all of its ubiquity and benefits actually makes systems more vulnerable to attack.
“We haven’t done enough to verify that the systems we are developing are worthy of our trust,” said Joshua Corman, director of the Cyber Statecraft Initiative at the Atlantic Council. Corman, who was formerly chief technology officer at Sonatype, and held cybersecurity positions at Akamai Technologies, The 451 Group, and IBM Internet Security Systems, spoke at the Atlantic Council’s Global Strategy Summit in Washington last week.
Greg Braun of C3 solutions defines the internet of things (IoT) as a “network of physical objects embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.”
The IoT is enabled by the broadband internet combined with WiFi and Bluetooth connectivity. Supply chain operations can benefit from IoT through the tracking of vehicles and cargo in real time, with future developments potentializing the tracking of individual pallets and cargo boxes. The maritime shipping industry has started to embrace real-time container tracking on a large scale, especially for refrigerated intermodal containers.
IoT has also already been implemented in a big way among public utilities and in the healthcare system, and, said Corman, we have already seen the negative consequences of this level of hyperconnectivity.
“We have already seen a confirmed hack of a utility in Ukraine and at an unused water facility in upstate New York,” said Corman. “Holywood Presbyterian Hospital had to shut down patient care due to a ransomware attack.”
The same connectivity which enabled those incidents could be used against vehicles, where IoT is ubiquitous, and against credit card systems.
“One-hundred percent of the Fortune 100 have experienced hacks,” said Corman. “That’s a 100-percent failure rate. Maybe we can’t protect anything. Maybe we don’t have this figured out.”
Many of the attacks have been perpetrated by groups of postnational youths like Anonymous. “It doesn’t even take a lot of hacking talent,” said Corman. “It’s just a matter of having the desire to assert your will upon others.”
On the other end of the spectrum, nation-state state adversaries are out to steal intellectual property and have succeeded in doing so to the tune of billions of dollars worth of IP.
Capabilities in the United States have concentrated on offensive capabilities in an effort to deter nation-state actors from compromising national security and the health of businesses, Corman noted.
“We have so much more to lose; we are so much more dependent on connected technologies,” said Corman. “There will eventually be a cost to be paid for our lack of defensive capabilities. We are at the cusp of experiencing high-consequence failures of cybersecurity. When that moment comes it will already be too late.
Corman conclusion is that “All systems fail. The question is if we can respond to failures in a quick and agile manner.
“We are adrift in an internet of things,” Corman said. “The sharks are among us and there is blood is in the water.”