America was not built on fear. America was built on courage, on imagination and an unbeatable determination to do the job at hand. Harry S Truman
sourcecode of many tech companies extracted- zero days forever possible – http://www.zdnet.com/article/us-government-pushed-tech-firms-to-hand-over-source-code/
VMware Fixes Critical RCE in vCenter Server:
US-CERT warned about the vulnerability, stressing exploitation could result in an attacker taking control of an affected system, in an alert posted on Friday.
An obscure flaw creates backdoors in millions of smartphones plenty of smartphones have open ports, -andy greenberg in alert this friday
As we venture into a new era of prospecting with Big Data and Artificial Intelligence we see a lot of promises which are of course motivated by profit and changes led by innovation.
Level 7 and 6 and 5 Money to be made
Gartner’s top predictions for 2016 and beyond continue to offer a look into the digital future, a world driven by algorithms and smart machines, where people and machines will need to define and develop harmonious relationships. These predictions help our clients understand the radical changes they face in the digital world. Those changes are coming fast. Gartner predicts, for example, that in 2016 spending on new Internet of things (IoT) hardware will exceed $2.5 million a minute. And, as mind boggling as that number is, it pales in comparison with the corresponding prediction that, by 2021, 1 million IoT devices will be purchased and installed every single hour.
That level of density of deployment and use will present dramatic challenges to enterprises and IT organizations that need to manage and track IoT activities.
The changes that are coming extend far beyond the IoT. The increasingly smart, autonomous nature of machines means that we’re seeing the beginning of “robots” rising — the worldwide spread of autonomous hardware and software machines to assist human workers in practical scenarios.
The impact of the IoT on business spans industries and vertical markets. For example, a one percent reduction in capital expenditures from IoT-related efficiencies could save the oil and gas industry US$90 billion over 15 years (Source: GE report, “Industrial Internet: Pushing the Boundaries of Minds and Machines”, 2012). Organizations are finding that they need to create an expanded, adaptable infrastructure that can keep pace with evolving network, compute, application, and data management demands. They must be able to address growing demand from inside and outside of their organizations. And they must be able to secure this more complex, interconnected infrastructure. For this we need innovation and another way of looking at risks.
We see for example that at install base of smart meters that electricity companies are bringing in, and are deactivating controls like shutting down meters with remote control since that is a risk too high in their current networks. These companies are targeted as we speak ,no laws or congress balking for IIOT regulations but the discussion is now about vulnerable IOT since we noticed that Twitter, Facebook and NY times cannot be reached.
INNOVATION AND VENTURE CAPITAL same mistake as IIOT
I was at the Show How to Get There Summit organized by the Erasmus Centre for Entrepreneurship The Hague University of Applied Sciences.
Once again the known ways of working with data and apps were all over presented and been giving new ways to check on parking spaces, food and insulin level by using smart metering and devices. We all look at the beneficial ways apps can collect, transport and categorize this to get a predicted business outcome according to their mantra:
Team Achievements Business Model & Market
Unfortunately this is in a structured and simple way presented to investors that will not have not all the parts of the puzzle and maybe have to look at different risks, risk they never thought about mitigating since that’s done by the IT department WRONG ASSUMPTION
INNOVATION NEEDS A FOUNDATION
What makes a startup successful you think?
Now we have a lot of new ideas that build upon 7 , 6, and 5 but they assume and trust that level 1 and 2 and 3 will be available
Layer 1 and 2 compromised
On Friday, October 21, a series of Distributed Denial of Service (DDoS) attacks caused widespread disruption of legitimate internet activity in the US. This was achieved by aiming IOT devices to disable critical business operations like name resolving.
End result : EU and US decision makers got the point made by Lawrence J. Trautman : Is Cyberattack the Next Pearl Harbor? http://bit.ly/2cVFURY
Holes and taking unnecessary risks bad timing
Vulnerable layer 2 and 3
This is the global network picture, with vulnerable network firewalls and behind all kind of cloud and app delivery mechanisms that are vulnerable, like databases and virtual servers. As investors are betting on apps that cannot show if they are not leaking any personal data from the device Android or iPhone and therefore should be non EU GDPR compliant to directives but also to paying customers that cant use their app
Taking unknown risks
- Android rootkits http://thehackernews.com/2016/11/hacking-android-smartphone18.html
- iPhones and Apps –http://bit.ly/2gkeUSo
- Antivirus useless tick box exercise http://bit.ly/2fzE5iP
- Android and fin apps –http://bit.ly/2fs9yDE
- Accounts on androids including corporate logins –http://bit.ly/2ebEGaF
- Loss for Small and medium companies by using internet based technologies which are available but not secure –http://bit.ly/2epeR5H
- Trust on antivirus while introducing new threats http://bit.ly/2f8
- Databases for apps in the cloud needed to use the data send by these innovation apps in the cloud http://bit.ly/2dxr9Fe
- Do investors knows what the costs will be when a crisis occurs and a hack on these apps takes place ? http://bit.ly/2dVfP9F
Far fetched you say? We used to say that for this scenario , well here is already one scenario that opened EU and US parliaments shutters due to the internet blackout hitting the @NY times, Twitter, Uber exactly all that were using internet a scenario already warned for by Lawrence J. Trautman –http://bit.ly/2cVFURY
But all the innovative business models are in jeopardy even with lifesaving applications if nothing is done against the complexity and the chaotic nature in which this IOT and APP ecosystem is operating. The interventions that these apps and IoT devices are under scrutiny, since we sense that simplicity and current best practices and trustworthy computing are two different domains.
We try to contain the fear of unpredictable risks by “laying down the law” . something that is happening in the EU and US . experts- http://spectrum.ieee.org/tech-talk/telecom/internet/experts-discuss-3-paths-to-stronger-iot-device-security-government-regulation-thirdparty-verification-and-market-forces
network componets that are vulnerable-http://bit.ly/2d2ucZj
update:politics Netherlands: http://www.nu.nl/gadgets/4353050/d66-wil-verkoop-onveilige-internet-of-things-apparaten-verbieden.html
much used applications like adobe pdf-http://arstechnica.com/security/2016/11/fancy-bear-goes-all-out-to-beat-adobe-msft-zero-day-patches/
So when a danger occurs we have the possibility to intervene, forbid or at least fine the offender . This is giving the audience a safe feeling.
We see this in our daily life, fire extinguishers, even heart defibrillators on workspaces and on train stations. This is to take away that risk say heart patients can be confronted with an issue that is life threating. So even when we surround ourselves with risk mitigating measures, they will derive from best practices that are simple. We see that the world has changed-data breaches information is beautiful-http://bit.ly/2cLZIfq
And between the chaos and that simplicity, we find a cliff that plunges us into chaos and where we see that all that is becoming a threat line vulnerable Internet Of things, processing unencrypted data should be legally forbidden.
Look from 6.44 when something as simple as firewalls and antivirus aren’t enough, see what happens then, we blame the IIOT devices being vulnerable!
Fear is a bad advisor, since legalization as whole is trying to control the definition of the problem (infection of vulnerable minicomputers) to match the lawmakers interpretation of it. What became an easy journey ( IAAS, SAAS and PAAS ) left one complex landscape that according to DJ Snowden ( Kurtz, C. F., & Snowden, D. J. (2003). “The new dynamics of strategy: Sense-making in a complex and complicated world.” IBM Systems Journal) is not easily solved since you need a lot of analytics and specialisms in an unordered complex environment. The pitfalls here I described in my article the illusion of being in control part 1-http://bit.ly/2dNV41N
As we have been using the internet since the beginning en masse since 1990’s we now see that availability of critical services can be taken away by simple means of DDoS attacks knocking out internet availability.
By looking differently at cyber risks and naming them as a way to get things determined with the job at hand, we can also take away any obstacles that are on this new and innovative journey. But we than have to look at the whole picture not only the SaaS layer we all like to invest in but is a strong as the weakest link (Industrial) Internet of things IIoT.
And that means layer 1 and 2 protection, an area P@ssport has been strong in since 2012. As a matter of fact, we proudly preventively protect 27 oil and gas platforms, including their IIOT devices, and we have done this since 2012.
Risk and presentation
By first getting back to the basics where are my risks, what do I need to get up and running to get control back in a simple way in a complex landscape that basically is built upon abusing threats which can easily be defended against?
Its time for Technology Business Management Solutions. Where analyses, management and optimizing technology and threat mitigation measures are getting out of the realm of standalone spreadsheets and uncoordinated silo processes in network, application, security, connectivity, third parties embedded in business processes.
Don’t jump off that cliff because the simple things don’t work anymore!
People, Processes, Similar Events, Organization and then Technology
We know our threats and we can help you with yours
P@ssport can help you with getting order back where it belongs, in your hands. You have the courage, the will and the determination to do something about it and together we can build out a strategy that works for you.
In the chaos your cause and effects are blurred, interventions from point to point devices are not enough and we even call it security now cyber security. Quick action integrated through our stable switchboard Triple A will bring desirable patterns in your data protection, data access, identity and access management. By using our Compliancy Integrity Assessment we will bring you the process that can be entered willingly into the innovation needed to mine the prospects of big data , IoT and mobility. But for that you need to be open from concepts that have a preventive way of looking at the situation instead of the reactive way currently in use to sense, categorize and respond, alas too late after the fact has been committed.
Identify , Monitor and Protect -that’s IMPORTANT.
P@ssport- since 2012 we have engineered Internet of Trust out of chaos we can do the same for your Internet of Threats.
We would love to get feed back input on this article from the following experts in their field:
@ John Bruijntjes Senior Infrastructure Architect On premise/Cloud/Hybrid
@ Dan Williams Senior Security Systems Engineer | Privileged Identity/Account Management Build & Release Engineer at CA Technologies
@Olivier Rouit CTO Embedded Security at Connect In Private
@Peter HJ van Eijk Board member at Cloud Security Alliance Dutch Chapter
@Jurgen van der Vlugt Maverisk: Innovation/IRM/Infosec/I-advisory and -audit services at Maverisk
@Deep Pandey,CCSA,SCSA,CCNA Client Manager at BSI
@Cevn Vibert Director at Vibert Solutions Limited.
@Phil Agcaoili Senior Vice President, US Bank & Chief Information Security Officer (CISO), Elavon at U.S. Bank
@Arjan Meijer Technology Lead at Hudson Cybertec
@Mohammed Al Lawati Head of ICT Governance & Information Security at Oman Airports Management Company
@Mustafa Hegab Global Director of Business Development and Client Advocacy at Unisys
@Chris Dodunski Chief Technology Officer at Phirelight Security Solutions Inc
@J. Tate Co-Founder and Chief Security Intelligence Officer at bits&digits | counter- & social intelligence agency (CSIA)
@Fred Streefland Corporate Information Security Officer (CISO) / IT Security Manager at LeaseWeb
@Allen Baranov Analyst, Security Tools & Controls at NBN Co Limited
@James Nesbitt Founder and Director at Sagacity Media Ltd and The Cyber Senate
@Prof. Dr. Ir. Henk Jan Jansen Principal Product Delivery Manager mComerce at Vodafone Global Enterprise
@Kees Bergenhenegouwen Senior Technical LifeCycle Consultant HQ Oil&Gas at Siemens AG/NL
@Mike Gligoor CTO/SME Connectivity at P@ssport Holland BV
@Michiel Appelman Project Portfolio-/Program Manager EMEA at Cargotec Corporation
@Mischa Peters Manager Systems Engineering, EMEA at LightCyber
@Ron Ross Fellow at National Institute of Standards and Technology
@Henri Koppen Partner at thingks
For more info we want to point you to our website www.cybersecurity.industries
Or contact us directly on 0031 70 7370471.