GovLoop

“No One Patches A Light Bulb”

57% attendees at our webinar, Staying Secure and Connected: The Power of IoE, on Thursday said they didn’t know the different between the Internet of Things and the Internet of Everything. This isn’t surprising. I didn’t completely know the difference, but now I do. Our speakers Tom Millar, Chief of Communications at the US Computer Emergency Readiness Team (US-CERT) and Peter Romness, Cybersecurity Solutions Lead, US Public Sector at Cisco clarified the distinction between two modern terms.

The Internet of Things (IoT) is the actual retail devices and infrastructure that utilize streaming, networks, and cloud. Millar offered the apple watch as an example. The human contact between a device such as the apple watch and cyber networks becomes the Internet of Everything (IoE).

Now that we understand the difference between IoT and IoE, we can learn about how to protect our information. US-CERT is trying to figure out how to take lessons learned from previous vulnerabilities and disclosed systems then apply them to current relations between the commercial sector and government agencies. How can we collectively combat threats to our networks?

Those developing IoE need to be more persistent in growing user knowledge of the more vulnerable areas. As Millar says, “No one patches a light bulb”. We need to learn from mistakes to move forward and generate safety practices during acquisition processes, cloud computing, and coding programs.

US-CERT performed survey research on current knowledge on IoE that will soon become public information. Millar gave brief insight into five high priority items identified as needing safety developments:

  1. Vehicle autonomy: self-driving cars, self-parking cars
  2. Smart Sensors: thermostats, security systems
  3. Smart Appliances: washing machines, dish washers
  4. Network Telematics: anything you can control in your car by your phone
  5. Smart Medical Devices: pace makers

Millar then gave an example of research performed a couple years ago on GM OnStar vulnerabilities. A group rented a GM Motors Sedan and tried to hack into different parts. They found several holes in the system and were eventually able to control commands that the car had no originally been intended to perform. GM technology designers did not think they would have people trying to go and break boundaries. It is essential for all IoE users to be on alert at all times. Do not underestimate the threat.

Following Millar’s talk, Romness talked about Cisco’s new approach to creating a more manageable, secure network system. They call it the “Before, During, and After Continuum”:

Before: Discover, Enforce, Harden
In this stage, it is important to know what is on your network. How does your network behave? Romness emphasizes the need to segment your network so if something gets into one section, it cannot get into others.

During: Detect, Block, Defend
In this stage, you must use your prior knowledge of your network to block out any kind of threat.

After: Scope, Contain, Remediate
Industry is assuming that threats are already in the network. During the final stage, you need to find the threat and eliminate it then move onto the next threat.

This continuum is platform based, threat focused, and visibility driven. It will help any agency make sense of their network and better protect their information.

To learn all of details and the power of IoE, listen to the full webinar here. Also be sure to look out for CERT’s published survey results on the largest priority areas for IoE development. Finally, read more about Cisco’s “Before, During, and After Continuum” in their white page here.

 

Exit mobile version