The Journey to a Secure Internet of Things Starts Here

January 15, 2016 3 Comments

IoT Security Guidance

As the Internet of Things finds its way into ever more critical environments – from cars, to airlines to hospitals – the potentially life-threatening cyber security implications must be addressed. Over the past few months, real world examples have emerged showing how proprietary connected systems relying on outdated notions of ‘security-by-obscurity’ can in fact be reverse engineered and chip firmware modified to give hackers complete remote control. The consequences could be deadly.

A new approach is needed to secure connected devices, which is exactly what the prpl Foundation is proposing in its new document: Security Guidance for Critical Areas of Embedded Computing. It lays out a vision for a new hardware-led approach based on open source and interoperable standards. At its core is a secure boot enabled by a “root of trust” anchored in the silicon, and hardware-based virtualization to restrict lateral movement.

Read more of this post

Filed under IoT Security Tagged with , , , , , , , , , , , , , ,

Securing The Internet of (broken) Things: A Matter of Life and Death

October 6, 2015 1 Comment

Securing the Internet of broken thingsIf you’re like me you’ll probably be getting desensitized by now to the ever-lengthening list of data breach headlines which have saturated the news for the past 24 months or more. Targeted attacks, Advanced Persistent Threats and the like usually end up in the capture of sensitive IP, customer information or trade secrets. The result? Economic damage, board level sackings and a heap of bad publicity for the breached organization. But that’s usually where it ends.

Read more of this post

Filed under IoT Security, Top Posts Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Data Breach Pandemic: Information Security is Broken

June 8, 2015 Leave a comment

Verizon Data Breach Report 2015Have enterprises basically just given up on IT security? Global budgets fell by 4% in 2014 over the previous year and as a percentage of total IT budget they’ve remained at 4% or less for the past five years. The picture is even starker for firms with revenues of less than $100m, who claim to have reduced security budgets 20% since 2013.

Yet the threats keep on escalating. When it comes to information security, there are really only two situations out there: companies that have been breached, and companies that still don’t know it.

If 2014 was the “Year of the Data Breach” then 2015 is proving to be at least its equal. This month alone we’ve seen TV stations shunted off air by pro-jihadi cyber terrorists; the discovery of major new state-backed attack groups; and another massive data breach at a US healthcare provider.

We talk today about managing risk, rather than providing 100% security – because there’s no such thing. The conclusion I have reached is that the traditional information security model is broken. But why? And how can we fix it?

Read more of this post

Filed under Information Security, Top Posts Tagged with , , , , , , , , , , , , , , ,

Google Vault Makes Play for Mobile Security Hardware Space

June 2, 2015 Leave a comment

Google Project VaultLast week Google made a splash with its latest futuristic tech offering: Project Vault. In essence, this mini-computer on an SD card is designed to enable secure authentication, communications and data storage on your smartphone or laptop. So what exactly is going on here? After years experimenting with Android, has one of the world’s biggest software companies finally admitted hardware level security is the way forward? And if so, what are the implications for enterprise and consumers? Read more of this post

Filed under Mobile Security Tagged with , , , , , , , , , ,

Cesare Garlati Joins prpl Foundation as Chief Security Strategist

April 7, 2015 Leave a comment

prpl FoundationSANTA CLARA, CA–(Marketwired – April 07, 2015) – Well-known information security expert Cesare Garlati today joins the prpl Foundation as Chief Security Strategist. Garlati will assist the Foundation with security strategy in the newly formed Security PEG (prpl Engineering Group), a working group dedicated to creating an open standard framework that addresses next-generation security requirements for connected devices.

“Cesare Garlati is an internationally renowned leader in the mobile security space,” said prpl Foundation president Art Swift. “We all look forward to his contributions in security strategy and his participation in the ground-breaking Security PEG.”

Read more of this post

Filed under IoT Security Tagged with , , , , , , , , ,

The GitHub attack – is the worst still to come?

April 6, 2015 1 Comment

What we can learn from the recent cyber attack to the popular website GitHub and why we should worry about what is likely to come next.

 

TTL analysis performed by Netresec in SwedenOver the last few days the popular website GitHub has been the target of a massive Distributed Denial Of Service attack – DDoS, apparently originated from China. As I write this note, the GitHub status webpage now indicates “Everything operating normally” and “All systems reporting at 100%”. However, I am afraid the story is far from over and the worst may still be to come.

GitHub is the largest and most popular repository of open source projects and a key infrastructure website for the Internet. Among other, GitHub hosts the Linux project – arguably the world’s most widespread open source software. Various flavors of Linux power most of the Internet servers and an ever-increasing number of consumer devices across the globe.

Read more of this post

Filed under Information Security, Top Posts Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,