Cybersecurity - Lecture Abstract
The Machines are Taking Over: Securing the Internet of Connected Things
Most of us don’t really think twice about purchasing new gadgets for the home or car, especially during Black Friday or Cyber Monday when impulse buying takes over and we readily fill our shopping baskets with the latest heavily discounted gadgets. Everything from a Nest Thermostat, the latest Alexa, LED mood lighting, a Ring camera doorbell, to various security cameras to monitor the house or record our driving experience. Some of us may even be tempted to purchase the latest internet connected refrigerator that will tell us, via its smartphone app or an email, when we need to stock up on milk or other necessities. The utility and convenience of being able to adjust a home or cabin thermostat on the drive there is readily apparent and the investment in these devices relatively inexpensive today.
But all of these devices are ‘connected’ – connected to our smartphones via the internet and often connected to cloud-based services that aggregate and report data to our devices in a usable format. But what types of data do these mod-cons collect? Our private conversations, what time of the day we are home, where we drive each day and a heap of seemingly innocuous meta data that can be highly valuable to criminals.
Most importantly, unless each device is cellular connected – an expensive prospect when you have so many, they typically piggy back on our home wireless networks – the same home network that you connect your computer, iPad or Smartphone to, in order to make Amazon purchases, book travel, send and receive email, manage your 401K or other investments, and to conduct online banking. IoT devices are in essence, a collection of modern Trojan Horses that unless properly secured and isolated, could allow any cybercriminal into our homes and our finances.
Hospitals are being hacked by their own medical HIoT devices. Businesses are being hacked by their IP connected CCTV security cameras. And our electrical power generation and distribution systems which make extensive use of PCB and SCADA devices are constantly under attack from pariah nation states and their military cyber units. All of these are behind enterprise class firewalls costing tens of thousands of dollars managed by teams of expert security engineers. You most likely have an out of date residential router-firewall that cost you less than $100 when you purchased it 15 years ago, or something provided for free by your ISP. When did you last update the firmware, and did you bother to change the default username and password - which incidentally can be found easily on the internet?
This interactive lecture will examine the growth of IoT and its impact on society and upon cybersecurity. It will also examine the growth of AI or artificial intelligence in IT systems, and while the dystopian rise of SkyNet may currently be nothing more than a Hollywood fantasy, a form of AI known as machine learning is already featured in the latest generation of software and cybersecurity tools with many more, sure to follow.
Sometimes, ignorance can be bliss, but where security is concerned, it probably behooves all of us to gain a better understanding of our surroundings.
Richard Staynings, MS University of Maryland, is a globally renowned thought leader, author, public speaker and advocate for improved cybersecurity across the Healthcare and Life Sciences industry.
He has served on various industry and international cybersecurity committees, and presented or lectured on cybersecurity themes or concerns all over the world. He has advised numerous government and industry leaders on their healthcare security strategy and posture, while contributing to the development of a number of National Cybersecurity Plans for different friendly nation states. As an Expert Witness, Richard has served on government Committees of Inquiry into some of the highest profile healthcare breaches around the world.
Richard is currently Chief Security Strategist for Cylera, a pioneer in the space of medical device and HIoT security and is editor of Cyber Thoughts. He also teaches postgraduate cybersecurity courses at University College, University of Denver and is a retained advisor to a number of governments and private companies. When he is not traveling, Richard can usually be found in the Denver-Boulder area.