Home Cybersecurity and Cyber Risk Management

Cybersecurity and Cyber Risk Management

Bluetooth Cybersecurity
Bluetooth is short-range wireless communications technology based on the IEEE 802.15.1 protocol. It works in a crowded license free 2.4 GHz frequency band and shares this resource with many other technologies. Bluetooth is the optimal solution for establishing small wireless networks called Piconets, by connecting two Bluetooth devices. One of these nodes is Master that can be connected via Bluetooth link to 7 other Bluetooth devices—Slave nodes in Personal Area Network (PAN). Typical data rates are 1-3 Mbps. The newest versions of Bluetooth is known as Bluetooth Low Energy (BLE) or Bluetooth smart. It is important to note that Bluetooth and BLE...
Zigbee Security
Zigbee technology introduction Zigbee is wireless PAN (Personal Area Network) technology developed to support automation, machine-to-machine communication, remote control and monitoring of IoT devices. It evolved from IEEE 802.15.4 wireless standard and supported by the ZigBee Alliance. IEEE 802.15.4 standard determines specifications for the physical and data link layer and Zigbee Alliance provides standards from network layer to application layer. While Zigbee determines the contents of the transmitted message, the 802.15.4 standard provides details about the robust radio communication and medium access control. The Zigbee Alliance, as a non-profit association, develops open global Zigbee standard for use in the Internet of Things...
LoRaWAN IoT Security
I get accused of focusing too much on 5G as the only future IoT connectivity option. I do write a lot about how 5G will revolutionize our society, become the most critical of critical infrastructures and about security threats with 5G. I see 5G, with its low latency, high bandwidth, network slicing and ubiquitous coverage becoming the foundational capability for mission critical industrial, agricultural, financial, medical, education, energy and transportation, even military and emergency services IoT communication needs. That’s not to say that 5G is the only IoT connectivity option. There are plenty of others. IoT applications have some common requirements...
Smart Home Wireless Connectivity
In a recent session on smart building cybersecurity, a student cheekily asked me "How did we ever connect anything before 5G?" At that moment I realized I might have been overdoing my 5G cheerleading recently. To atone, here are the key performance and cybersecurity attributes of the most commonly used connectivity technologies in smart home / smart building use cases... And 5G. If you thought that the "traditional" home life is under heavy attack from digitization of media and constant communication, wait until you learn about the Internet of Things (IoT) and Smart Homes. Our most personal spaces - our homes...
Huawei ERNW 5G Source Code Analysis
No, no it doesn’t. Huawei's code might as well be extremely secure. Their code is certainly the most scrutinized. But the recent UDG source code review is not an evidence of security. ERNW, an independent IT security service provider in Germany, recently performed a technical review / audit of Huawei’s Unified Distributed Gateway (UDG) source code. Huawei made the summary report available here . The review focused on the quality of the source code and the source code management practices. The report is overall positive and showed that Huawei has significantly improved its software engineering processes. At least for the UDG...
5G Opportunity and Cybersecurity
The human will to innovate is seemingly relentless. The history of our species is one of continual development, with the last 350 years, in particular, representing staggering technological progress. The first industrial revolution mechanized production using natural elements like water. The second revolution used electricity to enable mass production; the third used electronics and information technology to automate production. The fourth industrial revolution unfolding all around us is characterized by an exponential growth in data production and the merging of the physical and digital. Cyber-physical systems (CSPs) like the internet of things (IoT) and industrial control systems (ICS) are capable of...
Quantum Computer 5G Security
Recently, in the science journal Nature, Google claimed ‘quantum supremacy’ saying that its quantum computer is the first to perform a calculation that would be practically impossible for a classical machine. This quantum computing breakthrough brings us closer to the arrival of functional quantum systems which will have a profound effect on today's security infrastructure. How will quantum computing affect the security of 5G technologies currently being developed and deployed? Last spring we suggested that the emergence of quantum internet connectivity and computation, expected sometime in the next decade, poses numerous new cryptography and cybersecurity challenges for 5G security. MIT offers...
Risks of AI
In 1956, at a workshop on the campus of Dartmouth College, in Hanover, New Hampshire, the field of artificial intelligence (AI) was born. Attendants were buoyant. MIT cognitive scientist Marvin Minsky was quoted as saying, "Within a generation  the problem of creating 'artificial intelligence' will substantially be solved." This prediction turned out to be over zealous, but Minsky and his colleagues believed it wholeheartedly. What, then, is different today? What makes the current dialogue about AI more relevant and believable? How do we know that this is not another case of humans over estimating the development of technology? For one thing,...
5G Critical Infrastructure
Not even 30 years separate us from the end of the Cold War. Yet, we appear to be witnessing the emergence of a new one, a technology Cold War between the United States and China. This time, instead of a ‘red under the bed’, the US government has declared there is one at the back door. It accuses Chinese technology companies of deliberately building vulnerabilities into their tech, allowing the Chinese to access and control the 5G critical infrastructure, and through it the connected devices and machinery at will. Headlines are dominated by the case against Huawei, and debate continues...
5G Security Privacy
Don’t let the “5G” in the title confuse you. This post is not only about the telcos’ core networks, but about the 5G security and privacy issues in our (very) near, and very different future that 5G will enable. In the 5G-enabled massive Internet of Things (mIoT) world we’re about to find ourselves in, we are expected to have 1000 devices connected for every person… These devices will be the components of the ‘5G operating system’ for our smart cities, our industry 4.0, our smart homes, smart transportation, smart healthcare, and much more. To enable this future, we will...
AI Fake News
Recent events have confirmed that the cyber realm can be used to disrupt democracies as surely as it can destabilize dictatorships. Weaponization of information and malicious dissemination through social media pushes citizens into polarized echo chambers and pull at the social fabric of a country. Present technologies enhanced by current and upcoming Artificial Intelligence (AI) capabilities, could greatly exacerbate disinformation and other cyber threats to democracy. Robert Kagan in his recent Post essay, “The strongmen strike back,” insightfully states: What we used to regard as the inevitable progress toward democracy, driven by economics and science, is being turned on its...
AI Cybersecurity Battlefield
Cybersecurity strategies need to change in order to address the new issues that Machine Learning (ML) and Artificial Intelligence (AI) bring into the equation. Although those issues have not yet reached crisis stage, signs are clear that they will need to be addressed – and soon – if cyberattackers are to be prevented from obtaining a decided advantage in the continuing arms race between hackers and those who keep organizations’ systems secure. ML and AI can magnify existing vulnerabilities and open the door to new attack strategies. At the same time, though, they offer new tools to help organizations secure...
Cyber-Kinetic Security Railway
Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted. Railway systems have long been critical. Mass transit systems move hundreds of thousands of people throughout urban areas each work day. Freight systems move an estimated 40 tons of freight for every person in the U.S. every year. Imagine the chaos if they were disrupted. These systems have always been challenging to secure. Even urban mass transit systems...
IoT Cybersecurity Framework Government
The human brain is programmed to keep us safe and secure. Yes, we are separated from the rest of the animal kingdom by our advanced capacities of sense-making and decision-making, but at the core of our grey matter remains some primitive but powerful tech tasked with keeping us alive. If your amygdala senses danger, it makes a split second decision and triggers the fight-or-flight response, flooding your body with hormones like adrenaline that prepare you for battle. This overrides the cortex – the sophisticated part of the brain we rely on for problem-solving and strategic thinking – making it...
IEMI
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI). Electromagnetic interference (EMI) surrounds us – natural causes, such as solar flares and lightning; and man-made sources such as radio and TV broadcasting, radars, microwaves and many others all emit electromagnetic waves that could disrupt operation of electrical and electronic devices. That is, if devices wouldn’t comply with numerous electromagnetic compatibility (EMC) standards which ensure correct operation in common electromagnetic environment and resilience...