Internet of Things poses (manageable) cyber problems
Despite the vulnerabilities of increasingly connected devices, national security experts outlined manageable ways to curb these concerns.
Despite the vast surface area of the Earth, it is relatively small when considering that anything connected to a network, such as a computer or a cellular phone, or even anything with code written into it, such as a car or a smart refrigerator, can be hacked into from remote locations.
These devices – collectively known as the Internet of Things – were designed to make life easier. Think of smart thermostats that can adjust to surroundings without ever needing human intervention. But if someone were to hack into such as system installed at a large government facility, there could be serious unintended consequences, Mark Bristow, chief of Incident Response for the Homeland Security Department’s Industrial Control Systems-Cyber Emergency Response Team, said last week at the Army
Dams and power grids also used to be considered safe when they were closed network systems. However, recent incidents such as a 2013 intrusion to the Supervisory Control and Data Acquisition systems of the Bowman Dam in New York by Iranian hackers indicate otherwise. “We still thought of them as closed networks -- but they're not,” Lt. Gen. Edward Cardon, commander of U.S. Army Cyber Command, said at the same event. “Other systems touch them and that starts to create some problems.”
One of the biggest ways to help prevent such incidents is engaging industry in public-private partnerships, Cardon said, a point echoed by retired Gen. Ray Odierno, former Army Chief of Staff and now a senior advisor at JP MorganChase, who said his experiences in Iraq and elsewhere taught him the need for whole-of-government approach to cybersecurity.
Cardon talked about the need for a cultural shift in which cybersecurity is built into the fabric of all aspects of operations. After all, one employee merely clicking on a suspicious link in an email can infect an entire network.
He also stressed the need for tighter architectures, and about at times keeping some systems off the grid—he said recently toured a Boeing plant in which the flight control architecture was not connected to the Internet.
Additionally, automation needs to be leveraged to help respond to threats in time, said Mark McLaughlin, Palo Alto Networks’ chairman. Threats in cyberspace move at “cyber speed” and trying to respond manually is considered insufficient.