5g
Factories of the Future
Media & Entertainment
Smart Cities
Smart Energy
Smart Ports
SME Opportunities
Societal Impacts
Technology Development
Telecoms Providers
5G CAM
5G Automotive
5G CAM KPIs
5G CAM Standardisation
5G Corridors
5G Multimodal Connectivity
5G Transport Network
Artificial Intelligence & Machine Learning
Artificial Intelligence & Machine Learning in big data
Artificial Intelligence & Machine Learning technologies
Big data
Big data algorithms
Big data analytics
Collaborative Classification and Models
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Collaboration Risk and Value Sharing
Collaborative Planning and Synchromodality
Customs & Regulatory Compliance
Environmental Performance Management
Logistics Optimisation
Stock Optimisation
Supply Chain Corrective and Preventive Actions (CAPA)
Supply Chain Financing
Supply Chain Visibility
Common Information Objects
Booking
Customs Declarations
Transport Service Description
Transport Status
Waybills
Computing and Processing
Big Data Management and Analytics
Cloud
Edge
Fog
Knowledge Graphs
Machine Learning
MIST
Stream Processing
Connectivity
Architecture
Blockchain
Connectivity Interfaces
Technologies (Bluetooth, Ethernet, Wifi)
Data Management, Simulation and Dashboards
Dashboards
Data Fusion
Data Governance, Integrity, Quality Management and Harmonization
Event Handling
Open Data
Simulation
Statistics and Key Performance Indicators (KPIs)
Data market
Data ecosystem
Data marketplace
Data Platform
Data Providers
Devices
IoT Controllers
IoT Gateways
IoT Sensors
Tracking Sensors
Digitisation Frameworks
Control Towers
Data Pipelines
e-Freight
e-Maritime
National Single Windows
Port Community Systems
Federation
Data Federation
Platform Federation
Industrial IoT Sectors
Rail Sector Active Predictive Maintenance
Interoperability
Data interoperability
Data interoperability mechanisms
Interoperability solutions
Platform interoperability
IoT Secuirty, Privacy and Safety Systems
PKI Technology
Privacy-preservation
Data privacy preserving technologies
Privacy preserving technologies
Project Results
5G-SOLUTIONS Deliverables
5G-SOLUTIONS Publications
CHARIOT Capacity Building and Trainings
CHARIOT Deliverables
CHARIOT Publications
SELIS Deliverables
SELIS Publications and Press Releases
Project Results - 5g Routes
5G-ROUTES Deliverables
5G-ROUTES Innovation
5G-ROUTES Publications
Project Results - TRUST
TRUST Deliverable
TRUSTS Publications
Safety, Security and Privacy Systems
Access Management
Coordinated Border Management
Information Security
International Organisations
Risk Assessment and Management
Risk Management
Safety and Security Assessment
Source Code Analysis
Sectors and Stakeholders
Airports and Air Transport
Banks, investors and other funding providers
Custom Authorities
Facilities, Warehouses
Freight Forwarders
Inland Waterways
Multimodal Operators
Ports and Terminals
Railway
Retailers
Road Transport
Shippers
Shipping
Smart Buildings
Trusties and other Intermediary Organizations
Urban and Countryside Logistics
Urban Logistics
Sectors and Stakeholders - TRUST
Audit & Law firms
Corporate offices
Enterprises
Financial Institutions
Telecommunications
Security
Secured Data
Secured Infrastructure
Secured Platform
Sovereignty
Data sovereignty
Standards
Good Distribution Practices
International data standards
International Organization for Standardization (ISO)
UN/CEFACT
World Customs Organization (WCO)
Supply Chain Management
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Risk Management
Risk-Based Controls
Screening and tracking
Supervision Approach
Technologies
5g
Agile Deployment, Configuration Management
Business Applications
Business Integration Patterns, Publish-Subscribe
Cloud Technologies/Computing, Services Virtualisation
Cognitive
Community Node Platform and Application Monitoring
Connectivity Technologies (Interfaces and Block Chain)
Hybrid S/T Communication and Navigation Platforms
IoT (Sensors, platforms)
Mobile
Physical Internet (PI)
Public key infrastructure (PKI)
Radio-frequency identification (RFID)

Information Security

Cybersecurity Crisis Management During the Coronavirus Pandemic
by Brian Buntz 24/03/2020 00:00:00
The coronavirus pandemic is arguably the first time a biological virus has a significant impact on the security industry. Cybercriminals can exploit the vulnerabilities in the security protections of medical facilities, homes and factories. At the same time, a handful of governments have rethought physical security with surveillance infrastructure to enforce coronavirus quarantines.   

The pandemic could also catalyze technological and regulatory change, according to Aleksander Poniewierski, global Internet of Things (IoT) leader at EY. The stress of the pandemic will leave many people vulnerable to social engineering —  deceptive tactics to manipulate individuals into divulging confidential information — in coming months, Poniewierski said. 

The rapid shift to remote working, for office workers as well as executives monitoring IoT-enabled operations remotely, opens up threats related to expanded network access. 

“We can expect large-scale implementations of automation and remote-working infrastructure without using robust architectural planning,” Poniewierski said. “Many employees are creating command centers in their home environment with minimal security protections. ”

A ‘Perfect Storm’ in Health Care
The health care industry, which has struggled to secure connected medical devices and legacy equipment in recent years, will likely be pushed to the limit in upcoming months. The potential of COVID-19 to spread exponentially could quickly overwhelm hospital systems, as McKinsey has observed. That fact opens the door for a surge in ransomware and other attacks, said Jarrett Kolthoff, chief executive officer at SpearTip. “Any organization in turmoil faces a potentially increased cyber-risk,” he said. 

Already, the University Hospital Brno, which is one of the Czech Republic’s largest coronavirus test centers, suspended operations on March 13 after a purported ransomware incident. The malware delayed surgeries and testing of dozens of coronavirus samples. In the U.S., ransomware has temporarily blocked public coronavirus updates on a Champaign-Urbana Public Health website. 

Previous ransomware attacks on health care institutions have established a dangerous precedent. The 2017 WannaCry attack, for instance, affected many hospitals as well as devices such as network-connected imaging and nurse call systems. 

Complicating matters, “many IoT-enabled health care devices are not updated with the latest operating systems and security patches,” Kolthoff said. Applying security patches to medical systems could introduce new bugs as they fix others.

Hospitals under duress are also more likely to pay ransoms in the event of a ransomware attack. “At this time, it’s natural [for hospitals] to focus on continuing operations of critical services,” said Hardik Modi, a senior executive at Netscout Systems Inc.

Critical Infrastructure Could Also See an Uptick in Risk

Local governments and critical infrastructure must also contend with strained, unreliable communication channels, according to a New York Times article. As with health care, many industrial organizations find themselves looking to modernize while continuing to use aging technology. “And in the manufacturing realm, you have this labor shortage, and many companies are trying to move to technology-driven production,” Kolthoff said. Industrial organizations have valuable information on their networks, and, given the high cost of downtime, are often willing to pay in the event of a ransomware attack.  
Manufacturers of pharmaceuticals, food and medical equipment are ramping up production to meet heightened demand, while also dealing with new supply chain hurdles. “At the same time, with more people working from home and remotely accessing industrial networks to monitor and configure equipment, it becomes even more important to continuously monitor the network for any anomalous or unauthorized activity,” said Phil Neray, vice president of IoT and industrial cybersecurity at CyberX. “Just imagine that one of your plant employees or third-party maintenance contractors inadvertently clicks on a malicious COVID-19 e-mail link and gets remote access credentials stolen, enabling a cybercriminal to use those credentials to deploy ransomware in your plants,” he added.

Remote Working Brings Consumer IoT Devices to Corporate Networks 

In addition to the risk of rapidly establishing remote-working infrastructure, teleworking positions corporate assets and consumer-grade Internet of Things (IoT) devices reside on the same networks. 

Potential threat vectors include devices ranging from internet-connected electrical switches to smart speakers, smart televisions, thermostats and lightbulbs. “Few of these devices were created and installed with security in mind,” said Mike Jack, senior manager at Spirent. 

“Putting corporate assets on the same Wi-Fi networks as [IoT] devices creates a new entry point for attackers to reach corporate targets,” agreed Curtis Simpson, chief information security officer at Armis.

Internet-connected security cameras are among the most vulnerable IoT devices. Millions of the devices were hijacked in the 2016 Mirai botnet, which caused web outages throughout the U.S., and cybercriminals continue to favor internet-connected cameras.

Many consumers continue to put “a lot of trust” in a growing number of vulnerable devices that are “internet-enabled and don’t even have any means of proper user administration,” Jack said. 

While there hasn’t been a high-profile botnet that triggers a partial internet shutdown after the Mirai botnet, there have been cases of adversaries enslaving IoT devices to fuel distributed denial-of-service (DDoS) attacks for extortion. “DDoS-based extortion campaigns globally operate at a fairly regular frequency already,” Modi said. It’s possible attackers use this tactic to disrupt an internet-based business service such as video or web conferencing, Modi predicted. “It’s early, and I haven’t seen a coronavirus-related extortion campaign, but I would be surprised if that didn’t happen.” 

Surveillance Ramifications

Also related to the Internet of Things, several governments across the world are looking to use public internet-connected video cameras to monitor potentially infected patients seeking to ignore quarantines. 

Sergei Sobyanin, the mayor of Moscow, announced in February that the city was using facial recognition technology to track citizens who left their apartments. Authorities there are also tracing people who have come into contact with residents suspected to have had coronavirus exposure, according to Reuters. 

China has struggled to use facial recognition during the coronavirus pandemic, given its population’s proclivity to wear surgical masks in public. At least two Chinese firms have responded by developing technologies that can accurately identify individuals, even if they are wearing a mask while potentially also measuring temperature to determine if they have a fever.   

China has also used drones equipped with high-resolution cameras and speakers to follow and scold citizens who don’t comply with coronavirus guidance, according to the Wall Street Journal, while Israel and South Korea have also retooled surveillance technology to track its population as coronavirus infections spread.    

As disruptive as the coronavirus is to populations and economies around the world, the primary way it influences cybersecurity is by accelerating existing trends. “As a general matter, it would surprise me if the risk scenario is dramatically different from what we’ve seen before,” said Jamil Jaffer, a senior vice president at IronNet. Countries surveilling their populations with IoT-enabled technology will continue to do so, just in different ways. “And nation-state and criminal actors will continue to focus on [targeting organizations within] the financial, energy, healthcare and government sectors,” Jaffer said. Some adversaries “might switch their focus to health care or look to exploit the work-from-home scenario,” Jaffer added. But given the chaos related to the situation, organizations — especially those forced to retool operations rapidly — should ensure their cybersecurity crisis management capability is as robust as possible. 
Reference Link

Attached Documents

The “CHARIOT IoT Search Index” aims to provide a web location where publications, articles, and relevant documents can be centralized hosted in a well-structured and easily accessed way.

Tags

Contact Us
Enter Text
Contact our department