Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

By Byron V. Acohido

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now.

But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation.

Related: Michigan’s Cyber Range hubs help narrow talent gap

Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years. The good news is that there is some very deep, behind-the-scenes research and development work being done to make driverless vehicles safe and secure enough for public acceptance.

I’m encouraged that this work should produce a halo effect on other smart systems, ultimately making less-critical Internet of Things systems much more secure, as well.

These sentiments settled in upon returning from my recent visit to Detroit, Ann Arbor and Grand Rapids. I was part of a group of journalists escorted on a tour of cybersecurity programs and facilities hosted by the Michigan Economic Development Corp., aka the MEDC.

One of our stops was at a freshly-erected skunk works for auto software research set up in a low-slung warehouse – previously a country western bar – in rural Sparta, on the outskirts of Grand Rapids. The warehouse today is home to Grimm, an Arlington, VA – based cyber research firm that specializes in embedded systems security, and whose claim to fame is doing proprietary projects for U.S. military and intelligence agencies.

Deep testing

Grimm received a $216,000 MEDC grant to set up shop in Sparta and direct its expertise towards discovering security flaws in autonomous vehicle systems under development by Detroit’s big car makers. …more

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

By Byron V. Acohido

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations.

As a guest of the Michigan Economic Development Corporation, I recently had the chance to tour the Pinckney Community High School Cyber Training Institute in a rural community outside of Ann Arbor, and the newly opened Cyber Range hub at the West Michigan Center for Arts + Technology, or WMCAT, in Grand Rapids. These two facilities lacked nothing in terms of state-of-the-art telepresence equipment and training and testing curriculums.

Both were well-equipped to teach, test and train individuals ranging from teen-agers and non-technical adults, to working system administrators and even seasoned tech security pros.

Merit 1981

State-of-the-art telepresence gear, supplied by Merit Network, funnels everything from capture-the-flag exercises to full course work and certification testing to earn 42 different professional designations.

Related: Michigan establishes a roadmap for cybersecurity readiness.

Merit Network, by the way, is quite unique. The Ann Arbor-based nonprofit began as a partnership among three state universities in 1966 and is one of the original building blocks of the Internet. Today Merit supplies IT infrastructure to schools, universities, government and other entities across the state. For a drill down on Merit, and its role supplying Cyber Range infrastructure, please listen to the accompanying podcast with Pierrette Dagg, Merit’s director of marketing and communications.

Human scale advances

What jumped out at me on my visit to Pinckney Township and Grand Rapids was not so much the tech gear and the curriculum, which in each case was top notch. I came away most impressed by the dedication and creativity of the program leaders, which clearly is making a big difference on a very human scale.

Ozias

Take, for example, 17-year-old Pinckney senior Aidan Ozias. I looked over Aidan’s shoulder as he typed away on a class project of his design. His task was to lead a team of students in improving the security posture of a fully mocked-up city network, called Alphaville, pumped into his high school lab courtesy of Merit.

Across the hallway, a few of his classmates hacked away, remotely, at the controls of a drone, attempting to knock it out of the sky. Another cluster of students attempted to crack into an Alphaville industrial controls system.

“I like this a lot because it gives me an opportunity to explore a lot of my other interests,” Aidan told me. …more

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

By Rishab Gogoi

The vast majority of cyber attacks against organizations pivot off the weakest security link: employees.  The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services.

PhishMe

This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics. Wide varieties of scenarios are offered to make the employees more aware of such attacks.

Related: Gamification training gains traction.

PhishMe’s online forum provides a series of scenarios, landing pages, attachments and educational pages. This methodology is distributed over a period of a year giving employees time to understand various phishing strategies.  Employees can account for any suspicious emails, through an easy report feature,

Knowbe4

This is a platform for security awareness training and simulated phishing tests focusing on the problem of social-engineering. Its cloud-based service helps its’ clients to schedule automated training campaigns and simulated phishing attacks.

A free test is provided for up-to 100 employees. Organizations select the phishing templates and landing page for simulation. …more

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

By Byron V. Acohido

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country.

However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State.

Related: Michigan moves to close the cybersecurity skills gap. 

This new nickname may not roll off the tongue. But it does fit like a glove. (Michigan’s other nickname, by the way, is the Mitten State, referring to the shape of the larger of its two main peninsulas.)

Cobo Center

I was recently privileged to be part of a group of journalists covering the 2018 North American International Cyber Summit at Detroit’s Cobo Convention Center. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs.

It was the latter that jumped out at me. In an age when cybersecurity intelligence sharing and collaboration is in dire need — but all too short supply —  Michigan has quietly and methodically, stood up some well-thought-out programs that could – if not should – be a model for other states to follow.

I had the chance to meet briefly with two-term Gov. Rick Snyder, who is about to leave office and can point to significant strides Michigan has made ‘reinventing’ its economy under his watch. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

Getting proactive

Snyder says his experience as head of Gateway Computers and as an investor in tech security startups, prior to entering politics, gave him an awareness of why putting Michigan ahead of the curve, dealing with cyber threats, would be vital. …more

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

By Matt Dumiak

Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike.  News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large.

Related: Europe’s GDPR ushers in new privacy era

Legislation has recently been proposed for individual states, addressing data privacy regulations head-on.  Several states including Virginia, Vermont, Colorado, and New Jersey have all introduced related privacy regulations recently. California recently set themselves apart in the privacy space with the adoption of the California Consumer Privacy Act (CCPA), which gave citizens the rights to not only protect their own data, but to obligate businesses to disclose exactly which information has been collected about them.…more

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

By Lance Cottrell

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn.

A  string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use.

Related: Drivers behind facial recognition boom

Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way. Assuming privacy concerns get addressed, much wider consumer uses are envisioned in areas such as marketing, retailing and health services.

According to Allied Market Research, the facial recognition systems market is in the midst of rising at a compounded annual growth rate of 21% between 2016 to 2022. The research firm projects that the facial recognition market will climb to $9.6 billion by 2022.

Pieces in place

Ntrepid is focused on the privacy ramifications associated with these developments. As privacy concerns get addressed, facial recognition technologies are expect to emerge as a consumer favorite, when compared to other biometric authentication systems, such as voice, skin texture, iris and fingerprint systems.

This trend is rapidly unfolding because all of the required pieces are finally in place. Cameras have become cheap and ubiquitous. …more

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

By Byron V. Acohido

Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of  foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies.

Related: How to hire an IoT botnet — for $20

That’s the upshot of an extensive survey commissioned by global TLS, PKI and IoT security solutions leader DigiCert. The 2018 State of IoT Security study took a poll of 700 organizations in the US, UK, Germany, France and Japan and found IoT is well on its way to be to be woven into all facets of daily business operations. Meanwhile, IoT-related security incidents have already started to wreak havoc, according to study findings released today.

Among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. Losses include lost productivity, compliance penalties, lost reputation and stock price declines.

Carried out by ReRez Research, DigiCert’s poll queried senior officials at organizations in the fields of healthcare, industrial manufacturing, consumer products and transportation ranging in size from 999 to 10,000 employees. Some 83% of respondents indicated IoT is extremely important to their organization, while some 92% indicated IoT will be vital within two years.

Respondents cited operational efficiency, customer experience, revenue and business agility as their top IoT objectives; currently two-thirds are engaged with IoT, although only a third have completed implementing their IoT strategy.

“Enterprises today fully grasp the reality that the Internet of Things is upon us and will continue to revolutionize the way we live, work and recreate,” said Mike Nelson, vice president of IoT Security at DigiCert. “The companies with a good handle on things have discovered how to leverage robust authentication and encryption regimes to help maintain the integrity of their IoT systems.”

Tiered performances

What I found to be particularly instructive about this survey is that it sheds light on how IoT-related security incidents are playing out in the real world. A series of detailed questions were designed to parse differences between companies handling IoT well versus those struggling with IoT implementation.

Survey results were then divided into tiers; the top tier companies reported the least problems with IoT security issues, while the bottom tier organizations were much more likely to report difficulties mastering specific aspects of IoT security. …more