Fragile Ecosystem - Preventing a Cyber Security Epidemic
Colorado Springs, CO - U.S. Northern Command Joint Operations Center

Fragile Ecosystem - Preventing a Cyber Security Epidemic

By Eyal Traitel, Head of Customer Success at Cybellum , a concerned citizen of the world

As the current outbreak of the Corona virus taking entire countries practically offline, it is a good time to review how a similar epidemic might impact humanity - a digital epidemic. Our overall hunger for technology has made our lives entirely dependent on our digital infrastructure. Both the public and private sector services and products rely on complex digital infrastructure for the world’s operations. As can be seen now, our expectations for continuous operations, what we call as “normal life”, can be easily impacted and impaired. By surprise, even a relatively side event may cause a chain reaction that will take our infrastructure down, and with it, our industries, economies - our lives.

Corona virus. Photo By: Photo courtesy the National Institute of Allergy and Infectious Diseases

To be more practical, let’s review how software based products are secured today. Typically, vendors put aside some budget to perform security testing of their software. This budget is often used on security tools and manual review processes, in some cases external consulting. A security report is prepared, audited, signed, and the product is released. Life is good, isn’t it?

More often than not, our automated risk assessments identify critical vulnerabilities which really should not be found in connected devices such as a vehicle ECU, an IP camera or a smart home device. For that matter. Outdated highly public hacks such as Heartbleed or DirtyCow, with public exploit code that is easily reachable by simple hackers. Passwords which are too easy to guess, private keys that are easily found on the Internet. In some cases, automotive firmware can be downloaded from the Internet with no authentication whatsoever - just waiting to be hacked, exploited and abused.

So unfortunately, reality is different. A single security scan that was done once in the past is not enough. Security must be assessed, managed, tracked, and treated on a continuous basis. Let’s look at a real example. A device manufacturer of a vehicle telematics unit tested its software during the final design stages, back in 2018. New Linux kernel CVEs are now risking the unit. If the car maker receiving the unit would not test this unit and enforce a software update to cover this risk, millions of cars may be hacked, all at once, putting millions of lives at risk. Sounds familiar? A cyber security epidemic.

Same as protecting against the Coronavirus requires a continuous monitoring of the population, identifying and treating the vulnerable individuals, a cyber security epidemic is no different. We as a global society, must protect our digital infrastructure the same way. No more smart home devices receiving no security updates, no more hospital equipment with default passwords, no more devices still affected by already known exploits which are just one software update away from being fixed. The negligence that became a standard modus operandi in the software business should be replaced with care and attention. The public must praise responsible vendors over irresponsible ones. Security for the masses. This mind shift will require a great involvement by producers and consumers alike, and will likely take years and decades to get to a better place.

Let’s take our part in this great transformation starting today.

Amichai Oron

I Help Tech companies transform their vision into paying products. Proven success with $100M+ Industry Leaders, Align your product with customers and investors in 90 days

1w

תודה רבה לך על השיתוף🙂 אני מזמין אותך לקבוצה שלי: הקבוצה מחברת בין ישראלים במגוון תחומים, הקבוצה מייצרת לקוחות,שיתופי פעולה ואירועים. https://chat.whatsapp.com/IyTWnwphyc8AZAcawRTUhR

Like
Reply
Svetlana Ratnikova

CEO @ Immigrant Women In Business | Social Impact Innovator | Global Advocate for Women's Empowerment

4mo

תודה רבה לך על השיתוף🙂 אני מזמינה אותך לקבוצה שלי: הקבוצה מחברת בין ישראלים ואנשי העולם במגוון תחומים. https://chat.whatsapp.com/BubG8iFDe2bHHWkNYiboeU

Like
Reply
James Croyle

Web3 Builder | C Suite | Strategic Partnerships | Explosive Growth Leader | ex Microsoft, Check Point, IBM

4y

Many excellent points raised here one which stands out to me was the notion of continuous monitoring.  Vulnerabilities tend to arise in a never ending cycle whether from the software side or from devices entering and leaving the environment.

Like
Reply

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics