Tag: cybersecurity

Categories
Education Innovation Reading

Latest Read: Cyber Crisis

Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World by Eric Cole. He holds a Masters in Computer Science from New York Institute of Technology and PhD in Information Technology from Pace University.

Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World by Eric Cole

Eric is the founder and CEO of Secure Anchor Consulting and today is a member of the Forbes Technology Council.

He began his career as Program Manager & Technical Director for the CIA. His career moved to cybersecurity leadership roles at several companies including his role as Chief Scientist & Senior Fellow at Lockheed Martin.

For over ten years he held leadership positions at SANS including Dean of Faculty and Director of Research; Architecture Director of Cyber Defense Curriculum. He has been interviewed on CNN, Fox, CBS, and NBC. In fact, Eric was one of the authors of the Nuclear Regulatory Commission’s cybersecurity guide.

The world we live in today post pandemic is different. Most do not realize the ground has shifted under their feet. Eric is simply addressing that while you may read about major cybersecurity attacks perhaps five times a year. However the stories shared certainly indicate attacks are happening every day. Since the pandemic, ransomware attack are occurring every ten minutes.

Continue reading “Latest Read: Cyber Crisis”
Categories
Education Reading Technology

Latest Read: The New Normal in IT

The New Normal in IT: How the Global Pandemic Changed Information Technology Forever by Gregory S. Smith. Gregory is CIO for the American Kidney Fund and previously served in the same role for Pew Charitable Trusts and the World Wildlife Fund.

The New Normal in IT: How the Global Pandemic Changed Information Technology Forever by Gregory S. Smith

He is an adjunct professor at Georgetown University and a former adjunct professor at Johns Hopkins University. The New Normal in IT is part of Wiley’s CIO Series.

The pandemic certainly changed everything. The information technology industry was no exception. The downstream impacts placed tremendous pressure on IT teams to maintain service delivery as the world went home and Zoom entered our lexicon.

Reflecting upon this move away from the office, how have IT leaders communicated the change necessary now and moving forward? Change is indeed hard.

We all witnessed the fundamental shift regarding remote work. From optional to mandatory over the next 18 months. How many organizations scrambled like mad to secure and deploy to every employee a laptop?

Can you recall the immediate infrastructure upgrades stood up in weeks versus months? IT faced many critical challenges starting in March 2020. Yet, our IT infrastructure teams kept delivering in those early weeks in order to keep their organization alive and employees functioning.

Continue reading “Latest Read: The New Normal in IT”
Categories
Cyberinfrastructure Education Reading Technology

Latest Read: Click Here to Kill Everybody

Click Here to Kill Everybody, Security and Survival in a Hyper-connected World by Bruce Schneier. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, lecturer in Public Policy at the Harvard Kennedy School, and board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project. He is also an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org.

Click Here to Kill Everybody Security and Survival in a Hyper-connected World by Bruce Schneier

Consequently, Bruce details many key issues in computer security that require the leadership and legislative pen of Congress. I certainly could not have picked a better time to read this book. My review is certainly just scratching the surface of his book. Bruce has communicated a much needed story for every consumer.

Above all, consider the 2021 Colonial Pipeline ransomware attack, the 2016 attacks upon our voting infrastructure, or even China’s digital espionage stealing almost every aspect of American innovation.

Do you think the internet is still growing in size? It is not the number of people, but rather the millions of new devices that pose increased risks. Therefore Bruce is calling for policies to protect these devices, knows as the Internet of Things (IoT). Examples of cyber attacks upon automobiles, electric and nuclear plants, medical devices and even airplanes is certainly proof that we are at greater risk.

A different era of industrial controls

Above all, cyber risk originates from different time in history. Besides, in the 1950s did consumers in South America have access to the internet? Any talented programmer in South America had no means to hack conventional hydroelectric dam controllers. However, today this is a reality. So then, the programmatic controls for any damn in American could not have envisioned this threat:

former National Cybersecurity Center director Rod Beckstrom summarized it this way: (1) anything connected to the Internet can be hacked; (2) everything is being connected to the Internet; (3) as a result, everything is becoming vulnerable.
p. 27

At the same time, we really don’t have to look forward, but rather back at the innovations created in the 1950s and 1960s that launched the connected internet.

Continue reading “Latest Read: Click Here to Kill Everybody”
Categories
Education Network Ransomware Technology

Philips ISCV and Xcelera flaws

Philips has yet to patch a flaw that allows cybercriminals to inject ransomware or backdoors which can result in PHI at risk of compromise.Philips reveals code execution vulnerabilities in cardiovascular devices

The Philips ISCV version 2.x and earlier and Xcelera 4.x and 3.x the servers contain 20 Windows services of which the executables are being present in a folder where authenticated users have write permissions.  The services run as a local admin account or local system account, and if a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

Philips confirms these vulnerabilities affect their IntelliSpace Cardiovascular system version 2.3.1, 3.1 and earlier. Also impacted are version 4.x and 3.x Xcelera systems (PDF). In ISCV version 3.x and earlier and Xcelera 4.x and 3.x there are 16 Windows services flaws allow hackers to run the computer with local admin rights.

Continue reading “Philips ISCV and Xcelera flaws”
Categories
Education

Philips medical device cyber attack

On August 14th, The US Department of Homeland Security’s Industrial Control Systems Emergency Response Team (ICS-CERT) issues two alerts for Philips medical devices: PageWriter and IntelliSpace.
PageWriter TC70 CardiographPhilips announced plans to patch IntelliSpace by October, roughly 45 days from the DHS announcement.

PageWriter will not be patched until “mid-2019” despite the easier, “low level” threat.

A ten month delay provides more ammunition to cyber criminals to aggressively attack healthcare.  Announcing an eight to ten month delay in patching adds confusion into the medical device marketplace. The cybersecurity community expresses the need for clinics, hospitals and health systems that monthly patching is the best way to protect assets from cyber attack. Many medical devices in production at the bedside today remain connected  to Windows XP PCs.

Continue reading “Philips medical device cyber attack”