At my recent presentation to the 2016 Canadian Utilities Information & Communications Technology Conference in Toronto entitled “Is Your Network Secure or Secured?” I started by explaining to the audience that the purpose of any good security lecture is to scare the audience.
By showing exactly how vulnerable networks can be, speakers hope to convince network operators to implement stronger security. While the motivations may not always be altruistic, the goal of more secure networks is certainly worthwhile.
One of the points that I made in the presentation is that the Internet of Things (IoT) has the potential to open up hundreds if not thousands of access points into a typical utility network, each of which needs to be secured to ensure overall network security. A recent article on darkreading.com confirms that the IoT has indeed become a target of malware, with reports of a million-strong IoT botnet that was recently discovered by Level 3 Threat Research Labs. And this is not the first IoT botnet to be discovered.
IoT devices are designed to be low-cost, simple devices with limited capabilities. As such, they are designed with standard off-the-shelf processors typically running a version of the Linux operating system. In the past, these small device would not have been much of a threat due to their minimal capabilities to do much of anything beyond their primary program. However, as even small processors have gained in capability, IoT designers have been able to put fully functional computing devices into even the smallest IoT elements. This allows the IoT designers to use standard programming, but it also opens up the IoT elements to bad actors interested in using them for nefarious purposes. As part of the “low cost” paradigm, extensive security is rarely if ever included in IoT processor programming.
Security offerings such as ECI’s MUSE Cyber Security Suite can help protect IoT networks from intrusion and will constantly scan for malware and suspicious activity. But they have to be implemented as part of an overall network security plan, which may not have been seen as a priority for utility networks in the past.
So it’s ok to be scared, but be prepared as well.
Dr. Wilkinson has deep experience in the telecommunications and technical startup fields, with positions held ranging from deeply technical systems engineering to entirely customer-focused marketing leads. A recognized public speaker and writer as well as a detail-oriented team leader, Dr. Wilkinson has been successful in companies ranging from Fortune 100 to small startups with less than 50 employees. Dr. Wilkinson's career includes significant interaction with major carriers in the United States as well as experience with rural telcos, utilities, and municipalities.