“We’re creating computers where computers don’t exist” with connected cars or appliances, and these pose another attack vector for cybercriminals, but Ernst & Young Global Leader for Cyber Security Ken Allan believes Smart Nation initiatives are still worth pursuing.
SINGAPORE: Creating Smart Nations or cities remain a “good idea” as they enable governments and companies to “do things that were not possible yesterday”, but doing so bring inherent risks and another area for cybercriminals to exploit, said Ernst & Young Global Leader for Cyber Security Ken Allan on Thursday (Jul 23).
In an interview with Channel NewsAsia, Mr Allan said smart cities orSingapore’s Smart Nation initiatives allow for services to be delivered more efficiently, among other benefits. He added that, anecdotally, the Republic and Toronto’s projects have been held up as good examples.
The Internet of Things (IoT), where objects can sense, communicate and share information over the public or private Internet Protocol (IP) networks, is the bedrock of such smart city initiatives. However, it also poses an inherent risk as “we’re creating computers where computers don’t exist” on things like cars or appliances such as fridges”, the executive noted.
“A conventional computer is an Intel-based, Windows PC with storage and memory. However, things like fridges don’t have storage and memory, and any communication (via the internet) is done through a narrow bandwidth,” Mr Allan said, adding this opens up another potential attack vector for cybercriminals to exploit.
“NO CODE IS PERFECT”
Furthermore, connecting these items to the internet and having them send back data packets require software, and “no code is perfect”, the EY executive said. As such, cybercriminals spend their time looking through lines of code to detect the flaw and create exploits to target these vulnerabilities.
For example, Mr Allan mentioned the example of the Jeep Cherokee that was hacked remotely while the car was being driven, which was reported by tech news website Wired on Tuesday. The author Arthur Greenberg was reportedly in the car when the hackers, Charlie Miller and Chris Valasek, started remotely controlling the vehicle’s windscreen wipers, entertainment unit and even the transmission system.
The Wired article also mentioned that Mr Miller and Mr Valasek spent about a year “of hunting for hackable bugs and reverse-engineering” to test out their theory of being able to hack a Jeep Cherokee wirelessly.
Of the hack, Mr Allan said it is possible for such exploits to be done “in the wild”, which means conducted in non-controlled settings on unsuspecting victims. He did add that carmakers are aware of such attack methods, and are working to fend them off.
In the Wired article, the two hackers were said to have shared details of their research for nine months ahead of them disclosing some of their findings at the Black Hat security conference in August.
TECH, ECONOMIC PROGRESS SHOULD COME FIRST
In light of the existing vulnerabilities IoT brings, Mr Allan reiterated, when asked if he wanted to revisit his earlier assertion, that smart nation or smart city initiatives are still worth pursuing.
“We must put tech and economic progress first, but we must secure (the IT systems),” he stated.
Asked what advice he would give the Infocomm Development Authority of Singapore (IDA) on areas they should take note of when formulating security policies for Smart Nation, Mr Allan said the agency’s long range plan must include weighing up the “benefits, cost of implementation and security”.
“Unless all is done in parallel, then I will say it has dropped a major piece,” the executive added.
View the original content and more from this author here: http://ift.tt/1Km5hbO
from cyber security caucus http://ift.tt/1JzXhB3
via IFTTT
No comments:
Post a Comment