Page 3 - Cyber Warnings
P. 3
Orchestration, Autonomous Self-Driving Cars and IoT Oh my!
Friends,
Security by design has not been a priority in most networking equipment and
computers as well as “smart” devices aka the Internet of Things (IoT). And
now they want us to trust self-driving cars? The more our team at CDM digs
into the vulnerabilities inherent in all this equipment, the more risk we see in
the industry.
Months ago, Dyn, a big dns service for Twitter, Spotify, Netflix and others
was hit with a huge distributed denial of service (DDos) attack. It caused a
USA east-coast partial internet outage as well as reduced access to these major content service
providers. When asked how this could happen, you have to dig into my opening paragraph above – it’s
all about security by design. It’s not actually Dyn’s fault – it’s the fault of the vendors of wireless routers,
cable modems and other IoT devices that have been shipped with major vulnerabilities, allowing hackers
to infect these devices with remote botnet code. Once the botnet is triggered, hundreds of thousands up
to millions of infected and vulnerable devices become part of the attack network – hitting Dyn with nearly
1 Gigabyte per second of traffic. It sounds unbelievable but it’s true and it’s that simple – we have tons of
infected equipment because the hardware and software manufacturers have not built these systems with
security in the forefront – in fact it’s no where in the design plans.
So move forward to the future, when self-driving cars have become the norm. If these manufacturers
don’t start to put some InfoSec brainpower in the design meetings, expect remote control, denial of
service, remote access Trojans and botnets running in your cars. This means lives will be in jeopardy.
While some of these issues was discussed at the RSA conference (search
here: https://www.rsaconference.com/press/74/rsa-conference-2017-closes-with-record-attendance) it
seems that in 2017 we will see it become a central theme at Insurance conferences at IoT conferences –
let’s hope the vendors who make the equipment are actually listening – the investment into security by
design, up front, will save them millions of dollars from the damages and legal fees they will pay if a
breach occurs, their equipment is compromised and heaven-forbid someone is harmed. Security must be
in the forefront of all that we do, given the world we live in, where hackers far away can attack equipment
over the internet without any care in the world.
Let’s work together to discuss securing critical infrastructure, planes, trains and automobiles as well as all
these not so secure “smart” devices we begin to trust our lives with. It’s time to get one step ahead of the
next threat, which is now targeting our very safety!
Let’s continue to share a wealth of information with each other to stay one step ahead of the next threat!
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
