11-Aug-2016

... And it claims its share. 

While the continuing evolution of communications has had an overall positive impact on everyday life (except for Pokemon GO of course), it also has created a silent protagonist position for the software that runs the network.

Smartphones, TVs, tablets, computers, and even washing machines and refrigerators depend on software for their operations - and the software has had to evolve to meet growing needs. To support this, the design, production, distribution, and support of the software has had to evolve as well.

Many people contribute to software development

From a small group of cohesive and localized software developers used to cover the process from concept to distribution to support; to scattered groups of independent developers, remote freelancers, and subcontracted companies that use multiple distribution methods including web sites (secured or not), USB sticks, CD / DVD, and OEM factory installations – it’s not unusual for hundreds of hands to contribute to software development.

Each handoff and each development stage constitutes a point of potential vulnerability, even before the software is "turned on" for the first time on our systems.

All software is inherently vulnerable

It's true that there are firewalls, virus scanners, VPNs, and passwords to protect us, but despite all these tools there is an intrinsic vulnerability in software that may have “traveled” around the world before arriving in our system. And this also applies to open-source code - for instance, who would rewrite a simple function such as SSH (System Shell) from scratch? No one, because regardless of how simple - it costs time and money.

Despite the risks, there is a sector that is not always fully aware of the inherent vulnerabilities in the software layer of their networks: a subset of the industrial sector that is using mission-critical systems.

Industry 4.0, or Internet of Things, increases exposure

These industrial sectors are going through an enthusiastic and rapid digitization. They call it "Industry 4.0," or "IoT." Preying on the enthusiasm for advancement, sometimes Industry 4.0 seems to forget cases like Stuxnet, a cute little worm that didn’t just attack computers - it took over the SCADA systems of some nuclear power plants. Nothing scary about blocking the command and control systems of a nuclear power plant, right?

How was this possible? Because Stuxnet attacked the base software of one of the SCADA components by exploiting a vulnerability that was left open by the manufacturer. Ultimately, Stuxnet attacked the operating system.

And there were other malicious attacks on a steel factory in Germany, the Ukrainian power grid, a water treatment plant in USA, and other critical infrastructures. So much so that IBM identified the industry as the second most attacked sector in its 2015 Cyber Security Index.

Holistic security strategy is required

These attacks may not be unavoidable, but a defense-in-depth approach is necessary to a holistic security strategy. The base software – or operating system – needs additional protection. The manufacturer must allow the operating system to be checked, adjusted, and validate by a third party.

A third party can contribute to an additional layer of support through independent verification and validation, as well as by shuffling the object code in a way to confuse any hacker that left a vulnerability on purpose. This third party support must be continuous. If a new malware is discovered, a new inspection is done and a new shuffled code is generated.

Hard to swallow for the manufacturers? Maybe.

But would it be a good cure? I think so. And you?

Tags - IoT, Security

cyber security then comes source code
Browse Blog Posts
Browse Blog Authors
About the author
Mauro Buratti

Mauro Buratti

Sales Manager - General Contractor, South Europe, Middle-East & Africa

Sales Manager - General Contractor, South Europe, Middle-East & Africa.

Latest Blogs
03-Aug-2021
blog-pageheader-1200x299 Europe Gets an Essentials Update to Rainbow Office

ALE launched a new entry-level service plan, called Rainbow Office Essentials, across Europe for businesses seeking the key features of a unified communications offering – phone and messaging – at an affordable rate.

04-Jun-2021
blog-pageheader-1200x299 eSports — A New Competitive Differentiator

Steps that must be taken by education providers to make esports a key part of their student attraction strategy

26-May-2021
blog-pageheader-transportation-railway-1200x299 A Day in the Future of Mobility

Transportation leaders unleashing the future of safe, sustainable mobility invest in intelligent, autonomous networks, and ubiquitous collaboration platforms

20-Apr-2021
Rainbow classroom blog #1 blog header image Education continuity: Teaching and learning during a crisis

Engaging students and managing a remote classroom can be daunting. Technology designed with education in mind brings collaboration and control to the classroom.

19-Apr-2021
blog-pageheader-1200x299 Are you an ALE customer? Gartner wants to hear from you!

Gartner is looking for your input for their Peer Insights Reviews. Take the brief survey and Gartner will provide access to their documents just to say thanks!

23-Feb-2021
blog-pageheader-1200x299 ITS makes driving a breeze

Smart cities that adopt a plan for connected transportation have the opportunity to create easy to navigate, safe and secure highways.

Industry Perspectives
Chat