Tag: cybersecurity

Categories
Education Reading Technology

Latest Read: The New Normal in IT

The New Normal in IT: How the Global Pandemic Changed Information Technology Forever by Gregory S. Smith. Gregory is CIO for the American Kidney Fund and previously served in the same role for Pew Charitable Trusts and the World Wildlife Fund.

The New Normal in IT: How the Global Pandemic Changed Information Technology Forever by Gregory S. Smith

He is an adjunct professor at Georgetown University and a former adjunct professor at Johns Hopkins University. The New Normal in IT is part of Wiley’s CIO Series.

The pandemic certainly changed everything. The information technology industry was no exception. The downstream impacts placed tremendous pressure on IT teams to maintain service delivery as the world went home and Zoom entered our lexicon.

Reflecting upon this move away from the office, how have IT leaders communicated the change necessary now and moving forward? Change is indeed hard.

We all witnessed the fundamental shift regarding remote work. From optional to mandatory over the next 18 months. How many organizations scrambled like mad to secure and deploy to every employee a laptop?

Can you recall the immediate infrastructure upgrades stood up in weeks versus months? IT faced many critical challenges starting in March 2020. Yet, our IT infrastructure teams kept delivering in those early weeks in order to keep their organization alive and employees functioning.

Continue reading “Latest Read: The New Normal in IT”
Categories
Cyberinfrastructure Education Reading Technology

Latest Read: Click Here to Kill Everybody

Click Here to Kill Everybody, Security and Survival in a Hyper-connected World by Bruce Schneier. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, lecturer in Public Policy at the Harvard Kennedy School, and board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project. He is also an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org.

Click Here to Kill Everybody Security and Survival in a Hyper-connected World by Bruce Schneier

Consequently, Bruce details many key issues in computer security that require the leadership and legislative pen of Congress. I certainly could not have picked a better time to read this book. My review is certainly just scratching the surface of his book. Bruce has communicated a much needed story for every consumer.

Above all, consider the 2021 Colonial Pipeline ransomware attack, the 2016 attacks upon our voting infrastructure, or even China’s digital espionage stealing almost every aspect of American innovation.

Do you think the internet is still growing in size? It is not the number of people, but rather the millions of new devices that pose increased risks. Therefore Bruce is calling for policies to protect these devices, knows as the Internet of Things (IoT). Examples of cyber attacks upon automobiles, electric and nuclear plants, medical devices and even airplanes is certainly proof that we are at greater risk.

A different era of industrial controls

Above all, cyber risk originates from different time in history. Besides, in the 1950s did consumers in South America have access to the internet? Any talented programmer in South America had no means to hack conventional hydroelectric dam controllers. However, today this is a reality. So then, the programmatic controls for any damn in American could not have envisioned this threat:

former National Cybersecurity Center director Rod Beckstrom summarized it this way: (1) anything connected to the Internet can be hacked; (2) everything is being connected to the Internet; (3) as a result, everything is becoming vulnerable.
p. 27

At the same time, we really don’t have to look forward, but rather back at the innovations created in the 1950s and 1960s that launched the connected internet.

Continue reading “Latest Read: Click Here to Kill Everybody”
Categories
Education Network Ransomware Technology

Philips ISCV and Xcelera flaws

Philips has yet to patch a flaw that allows cybercriminals to inject ransomware or backdoors which can result in PHI at risk of compromise.Philips reveals code execution vulnerabilities in cardiovascular devices

The Philips ISCV version 2.x and earlier and Xcelera 4.x and 3.x the servers contain 20 Windows services of which the executables are being present in a folder where authenticated users have write permissions.  The services run as a local admin account or local system account, and if a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

Philips confirms these vulnerabilities affect their IntelliSpace Cardiovascular system version 2.3.1, 3.1 and earlier. Also impacted are version 4.x and 3.x Xcelera systems (PDF). In ISCV version 3.x and earlier and Xcelera 4.x and 3.x there are 16 Windows services flaws allow hackers to run the computer with local admin rights.

Continue reading “Philips ISCV and Xcelera flaws”
Categories
Education

Philips medical device cyber attack

On August 14th, The US Department of Homeland Security’s Industrial Control Systems Emergency Response Team (ICS-CERT) issues two alerts for Philips medical devices: PageWriter and IntelliSpace.
PageWriter TC70 CardiographPhilips announced plans to patch IntelliSpace by October, roughly 45 days from the DHS announcement.

PageWriter will not be patched until “mid-2019” despite the easier, “low level” threat.

A ten month delay provides more ammunition to cyber criminals to aggressively attack healthcare.  Announcing an eight to ten month delay in patching adds confusion into the medical device marketplace. The cybersecurity community expresses the need for clinics, hospitals and health systems that monthly patching is the best way to protect assets from cyber attack. Many medical devices in production at the bedside today remain connected  to Windows XP PCs.

Continue reading “Philips medical device cyber attack”
Categories
Cyberinfrastructure Education Network Ransomware Technology

Harvard Cybersecurity

Harvard’s cybersecurity course is certainly a demanding slice of your life. However, I gained valuable insights from Eric Rosenbach and cybersecurity leaders from National Security Agency, Akamai, and Google. In addition, this offered me an opportunity to connect with cybersecurity leaders across wide ranging business and geographic locations.harvard cybersecurity2018 proved a challenge, looking beyond repeated megabreaches that dominated news headlines. Did you suffer from breach fatigue? It was like the movie Groundhog Day.

At some point (probably sooner than we think) all the data impacting all the users connected to the global internet will all be available on the dark web. All for a price…

Continue reading “Harvard Cybersecurity”