September 25, 2023
Application Security, Company Connection Management/ Catastrophe Recovery, Cybercrime Security Director Ian Keller Asks: Should Vital Systems Be Linked to the Web? CyberEdBoard - March 29, 2022 Have I been under the wrong impression that vital networks must be safeguarded to the nth degree? As you reluctantly wake up to the beeping of your alarm embedded…

Application Security, Company Connection Management/ Catastrophe Recovery, Cybercrime

Security Director Ian Keller Asks: Should Vital Systems Be Linked to the Web? CyberEdBoard – March 29, 2022 Have I been under the wrong impression that vital networks must be safeguarded to the nth degree? As you reluctantly wake up to the beeping of

your alarm embedded in your glossy new iPhone or Droid, you recognize that for some factor your phone is now on your chest and not on the nightstand where you left it. Odd … As your cognitive capabilities reach Max Q, your phone begins to change into a tiny little robot and attempts to strangle you to death. It resembles a scene from “Transformers.”Killware is here! See Likewise: Third Party Threat: Lessons on Log4j Killware is a hack of vital services and or infrastructure that can result in the loss of life. No, your phone is not going to strangle you. Well

, not yet, anyway . And the COVID-19 vaccine did not present

nanites that can explode your cerebral cortex. However an anti-killware app will be launched shortly, perhaps rebranded as an EDR option. And so will a Cerebral Cortex Isolation Guard- otherwise referred to as a tinfoil hat -for those pesky little nanites. Killware Eliminates There are tons of cases in which hacks have or might have caused loss of life. Apparently, a superpower utilized Stuxnet to get an Iranian nuclear power reactor, and if things had actually gone wrong -Boom! Chernobyl 2. Hackers recently kept

healthcare facilities to ransom, which led to the loss of life. They have also messed around with all sorts of important facilities since the dawn of the web. Back then, one bright trigger hacked into a South Korean federal government setup and introduced a cyberattack on North Korea that practically resulted in bullets flying over the DMZ. The list goes on and on. But all of a sudden killware is being marketed as something new.

It resembles”cyber” -simply an expensive new term dreamed up by somebody who needs a brand-new income stream since their gold mine tapped out. The more you link to the internet, the more you put at risk.Make no mistake: The hazard is genuine. We have been preaching this for 30 years, however including a moniker like “killware “will not assist resolve the issue, which is that the more you link to the internet, the more you position at danger.

Some things simply must not be on the web at all, no matter what. Why should the power grid -or health centers, water treatment plants or your pacemaker -be internet-accessible? I can think up a metric lots of reasons why it is, but none are good enough to call for the danger. What I composed in my rant on why we are getting hacked uses here: We

are either just too damn lazy for our own excellent, have a limited understanding of the danger we are taking, or wish to impress someone. For the biggest time in human history, we did not have anything linked to anything else, and we

managed to flourish . Now it seems we can only grow if we put things on the web. What is driving this pressing desire for internet connection on all things? Is it just so we can say, “Siri, give me a heart attack and unlock all the doors, begin my vehicle and feed the feline”? Securing Critical Networks Have I been under the incorrect impression that crucial networks must be protected to the nth degree

? We have air gapped networks, which are essentially 2 networks physically and realistically separate from one another, with different PCs, network cable televisions, servers, routers, switches -everything. They are

specially developed for vital

facilities, to keep things separate from one another, the method it must be, in a hardened structure with multiple levels of authentication to go through before you can gain access to the physical facilities. Sharing details between the two networks is only done at one area, and the sharing infrastructure is hosted in a multilayer DMZ with rigorous guidelines on what goes where, when and how, if allowed at all. This system permitted us to keep things safe and stop the bad people from hurting anybody else, including themselves. Though I hate the fact that people think up these expressions to get podium time or produce brand-new sales, the truth is:”Stupidity eliminates.”When we permit networks and systems that were constructed to sustain life to link to the Web, we are just searching for difficulty. Have you not viewed “War Games”? The motion picture, which came out in 1983, is an extraordinary initial lesson in why you do not link these systems to the web. Who Is Accountable? In my profession, I have actually defended networks whose compromise could lead to the death, and I did everything in my power to make sure that those I protected made it home … by

refraining from doing something stupid. For the normal user, there are threats, and sometime serious dangers, which you accept when you link devices to the web. The exact same goes for your traditional company. However critical systems? This is something that you need to do only in extraordinary circumstances and just if you have the money to throw at it. In

my mind, you must face a panel of industry leaders to ratify your designs even prior to you can consider it. I would likewise like to see something on proper disclosure, however that is for next month’s rant. Now, I sit here and

wonder: If you put something online and your actions trigger the death of another person, should you be charged with murder or manslaughter? Who is responsible? CyberEdBoard is ISMG’s premier members-only neighborhood of seniormost executives and believed leaders in the fields of security, risk, personal privacy and IT. CyberEdBoard supplies executives with an effective, peer-driven collective ecosystem, private conferences and a library of resources to deal with intricate challenges shared by

thousands of CISOs and senior security leaders located in 65 different countries worldwide. Join the Community -CyberEdBoard.io. Ian Keller, who is director of security at a telecom company,

is a details security evangelist with over 30 years of experience. He began his profession in the South African Defense Force’s Combat School, where he served as an instructor in Army intelligence. Keller took this background into the corporate world and contributed in the creation of the international information security function for one of the country’s Huge 5 banks. He consequently was designated as chief information security

officer for one of South Africa’s prominentcorporate and merchant banks. Source

About Author