The big news yesterday was about the U.S. Justice Department announcing the first-ever criminal charges against a foreign country for cyberspying. The news today may well be about China (and other countries) taking retaliatory actions, including similar legal steps against individuals in this country, working on behalf of the NSA, CIA or other government agencies. The Justice Department on Monday announced that a grand jury in the Western District of Pennsylvania indicted five Chinese citizens (PDF) for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries. The indictment alleges that the five defendants conspired to hack into American companies on behalf of competitors in China, including state-owned enterprises. The stolen information included intellectual property that would allow the Chinese firms to better compete with their American competitors. The hackers also stole confidential information regarding business negotiations and other deals that would aid the Chinese […]
Defense Industrial Base
GE Opens Purse To Boost IoT Security
One of the big questions looming over Internet of Things with regard to cyber security is how well legacy security products will adjust to the IoT context. I think its safe to say that many of the tools and technologies that populate traditional IT environments (think: antivirus) aren’t well suited to use with Internet of Things devices which are often power and resource-constrained. IoT is a “ten-years-from-now” problem for enterprises. But for manufacturers like GE, it’s a “today” problem. That’s why GE is already investing in technology that it thinks is well suited to securing IoT and industrial environments. Last week, the company announced one such deal: acquiring the firm WurldTech of Vancouver Canada. The deal, announced on May 9th, will add Wurldtech’s technology and professional services to GE’s portfolio, with GE saying that Wurldtech products and services will “help to enhance the reliability of Industrial Internet operations.” Wurldtech makes security […]
No Silver Bullet For Securing The Internet Of Things
On Wednesday we wrapped up the first-ever Security of Things Forum (SECoT) here in Boston, which was a great success. During a full day of talks and panel discussions, there was a lot of discussion – both on the stage and in the audience. Here are some (high level) take aways from the event: The Internet of Things will be different – really different The combination of technologies that we refer to as the Internet of Things is going to be transformative in ways that are profound. As I said in introductory comments: I see the net effect of this next phase of the Internet as being a leap forward, rather than incremental change – less “invention of the printing press” and more “invention of writing and counting systems.” Like Internet v.1, the exact direction that the Internet of Things will take is unclear. What is clear is that it […]
Heartbleed: Technology Monoculture’s Second Act
Say ‘technology monoculture’ and most people (who don’t look at you cross-eyed or say ‘God bless you!’) will say “Microsoft” or “Windows” or “Microsoft Windows.” That makes sense. Windows still runs on more than 90% of all desktop systems, long after Redmond’s star is rumored to have dimmed next to that of Apple. Microsoft is the poster child for the dangers and benefits of a monoculture. Hardware makers and application developers have a single platform to write to – consumers have confidence that the software and hardware they buy will “just work” so long as they’re running some version of Windows. The downside, of course, is that the Windows monoculture has also been a boon to bad guys, who can tailor exploits to one operating system or associated application (Office, Internet Explorer) and be confident that 9 of 10 systems their malicious software encounters will at least be running some version of the […]
The French Disconnection: Radio Gun Stops Smart Cars In Their Tracks
You could call it “The Death of the Car Chase.” According to the BBC, a UK company, E2V is demonstrating the RF Safe-Stop, a 350 KG (770 lb) device that can shoot RF (radio frequency) pulses at moving vehicles, “confusing” the vehicle’s electronic systems and causing its engine to shut off, stranding both vehicle and driver. E2V’s Safe-Stop product is intended for use as a non-lethal weapon for the military and law enforcement and is marketed as a tool for “checkpoint enhancement,” “convoy protection” and “vehicle immobilisation” (sp). According to this BBC report, the device acts like a small radar transmitter, directing a beam of radio pulses (identified elsewhere as L and S-Band RF pulses) that saturate the wiring that connects the vehicles on board systems. Those pulses confuse the engine control unit and cause it to reset, stopping the vehicle. Safe-Stop sends a continuous stream of pulses to keep the ECU confused […]
