Monday, February 15, 2016

Our Urgent Need for Cybersecurity


As Andy Greenberg drove his Jeep Cherokee down the highway, he watched in surprise as his air conditioning, radio, and windshield wipers went on and off by themselves. Then his transmission shut down. Greenberg panicked as he rolled to a stop on an upslope, with a 16-wheeler bearing down on him. Relief swept over him as he noticed an off-ramp just ahead, and he managed to roll the Jeep down it, then stop and restart the engine. The car was once again under his control.
 
This wasn’t what I expected when I agreed to volunteer for this experiment, Greenberg thought. My life wasn’t supposed to be threatened.

Yes, this was an experiment, set up by two researchers, Charlie Miller and Chris Valasek, From 10 miles away, they hacked into the Jeep’s entertainment system as Greenberg drove and manipulated the vehicle’s electronic systems. Luckily, Greenberg wasn’t injured, but if this situation had been under the command of a nefarious killer, that killer could have ensured the truck hit him. In a second experiment with Greenberg, Miller and Valasek killed the engine, disabled the brakes, then sent.the Jeep crashing into a ditch.

These experiments show that our technology makes us vulnerable to attack. The need for cybersecurity is real.

But what is cybersecurity?

While countries and organizations have different definitions for this new field, cybersecurity can generally be defined as the technology and methodology designed to protect computers, programs, and data from attack, damage, or unauthorized access. The field is growing, and more and more companies are specializing in providing these services. Robert Herjavec of Shark Tank fame owns such a company.

Most people will remember the well-publicized cyber attacks on Target Stores and Sony Pictures, but these major corporations are not the only victims. Criminals are going after medical as well as financial data, costing the healthcare industry $6 billion annually.

Furthermore, what most people don’t know is that networks, computers, and data aren’t the only areas subject to cyber attack. A new term is “The Internet of Things,” which is the network of computer chips embedded in all electronic devices. Everything these days has a chip in it, from your car to the coffeemaker sitting on your kitchen counter. Tech thieves don’t have to kill people with hit men or guns. Instead, they can hack into a car as it is driven and cause it to crash or access a house’s electrical system and electrocute people as, for example, they use their appliances or toggle a light switch.

To be sure, these are frightening thoughts, but legitimate ones nonetheless. The most vulnerable items are newer cars and appliances with Internet connections, such as refrigerators that allow you to browse the web or with a camera that allows you remote access from your cell phone. After Miller’s and Valasek’s experiment, Chrysler took steps to block digital attacks in their vehicles and recalled 1.4 million of them.

A threat of even more concern, cyber espionage, was recently featured on a recent segment of 60 Minutes. It discussed, in this case, the Chinese government’s spies no longer stealing just classified information from our military but trade secrets and intellectual property from American companies. Said John Carlin, Assistant Attorney General for National Security, “Instead of doing their own research and development, the Chinese are stealing the information they need…. A private company can’t compete against the resources of the second-largest economy in the world.” This theft has cost U.S. companies hundreds of billions of dollars and more than two million jobs and is considered a major threat to national security.

Many universities now offer classes in cybersecurity and most medium-to-large companies have departments set up to keep their data safe.

So, what can the average citizen do?

You can join the Institute of Electrical and Electronic Engineers’ (IEEE’s) new CyberSecurity Special Interest Group (CyberSecurity SIG). Go to Meetup.com/ CyberSecuritySIG. Made up of experts and novices alike, its purpose is to educate the members on all aspects of cybersecurity and how to deal with them. Go to the group’s website at sites.ieee.org/occ-cssig to download information on this topic and copies of the newsletter.

The group holds a general meeting on the fourth Wednesday of the month, excluding November and December, so if you are in Southern California, plan to attend. The address is ATEP, 15445 Lansdowne Road, Room D106, Tustin, California. Networking is at 6:30 PM and the meeting is at 7 PM. Admission is free. Dinner is available for $5.

Watch for follow-up articles on this blog.

Also check out the list of links below, which will take you to posts about this topic.

 
http://www.huffingtonpost.com/news/cybersecurity/

http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/ConnectedHealth/ucm373213.htm

http://www.microsoft.com/security/cybersecurity/#!Overview

https://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative

http://www.govinfosecurity.com/cybersecurity-c-223

http://info.surfwatchlabs.com/cyber-risk-business-resilience?utm_source=bing&utm_ medium=cpc&utm_term=keyword&utm_campaign=SWCCS

http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security.html

http://www.labtechsoftware.com/it/landing/MMsecurity-eBook-ppc/index.php?source=LTMM-PdSch-Bing-Cybersecurity-US-15Q3&utm_source=bing&utm_medium=
pdsch&utm_term=what%20is%20cyber%20security%20pdf&utm_campaign=
securitymm&loc=us&sc_camp=0B8006299BFB4AFCA4FA6722EFBD3A42


https://www.silentcircle.com/products-and-solutions/technology/zrtp/