5G Security
Don’t let the “5G” in the title confuse you. This post is not only about the telcos’ core networks, but about the 5G security and privacy issues in our (very) near, and very different future that 5G will enable. In the 5G-enabled massive Internet of Things (mIoT) world we’re about to find ourselves in, we are expected to have 1000 devices connected for every person… These devices will be the components of the ‘5G operating system’ for our smart cities, our industry 4.0, our smart homes, smart transportation, smart healthcare, and much more. To enable this future,...
Smart City 5G Privacy
More than half of the world’s population lives in cities. The UN estimates that by 2050 that proportion will be 68% - more than 6 billion people living in high-density conditions. This raises significant challenges. What is the best way to ensure that human needs are met in a fair and equitable way? How will we face challenges like resource strain, waste and pollution management, traffic congestion and connectivity? In response to these wicked problems, cities are increasingly relying on smart technologies to foster greater efficiency and sustainable growth. These interventions do not, however,...
NATO 5G Security Geopolitics
On 14th March 2019, NATO Secretary General Jens Stoltenberg at the launch of his Annual Report for 2018 touched on security and geopolitical concerns of 5G (full transcript here). Stoltenberg said that allies are "...consulting closely on this issue, including on the security aspects on investments in 5G networks." The Secretary General acknowledged that “NATO allies have expressed their concerns over Huawei and their role in providing 5G infrastructure” and added “NATO takes these concerns very seriously.” “We will now assess the issue and find out how NATO,...
Germany 5G Security Standard
After Washington last week warned Germany that it would scale back intelligence data-sharing with Berlin if China’s Huawei was allowed to participate in German 5G implementation, German Chancellor Angela Merkel pushed back to assert independence. Merkel stated that the German government was keenly focused on security 5G mobile infrastructure, but Berlin would keep its own counsel. "Security, particularly when it comes to the expansion of the 5G network, but also elsewhere in the digital area, is a very important concern for the German government, so we are defining our standards for ourselves,” Merkel said.
5G Security GSA
The Global mobile Suppliers Association (GSA) today issued a 5G Security Primer whitepaper. The whitepaper provides a top-level overview of the security considerations and required approaches necessary for securing 5G networks. GSA calls on industry to adopt security best practices to make 5G a success. The whitepaper includes detail on trust models and assumptions within 5G networks compared to LTE. It also outlines how 5G architecture and features enhance security including network slicing and SBA (Service-Based Architecture), Authentication and Identity Management, Privacy, Inter-operator Security, the role of multi-access edge computing (MEC), the potential security...
Cybersecurity IoT 5G Cyber-Kinetic Risks
Getting smart about security in smart systems Smart used to be something we called people or pets. It wasn't a term one would use to describe one's hairbrush. That is changing, of course, in an era of accelerating digital transformation. Now we have smart homes, smart cities, smart grids, smart refrigerators and, yes, even smart hairbrushes. What's not so smart, though, is the way the cybersecurity and cyber-kinetic security risks of these systems are often overlooked, and with new horizon technologies like 5G, these problems are set to grow exponentially.
AI Cybersecurity Battlefield
Cybersecurity strategies need to change in order to address the new issues that Machine Learning (ML) and Artificial Intelligence (AI) bring into the equation. Although those issues have not yet reached crisis stage, signs are clear that they will need to be addressed – and soon – if cyberattackers are to be prevented from obtaining a decided advantage in the continuing arms race between hackers and those who keep organizations’ systems secure. ML and AI can magnify existing vulnerabilities and open the door to new attack strategies. At the same time, though, they offer new tools to help organizations secure...
Cyber-Kinetic Security Railway
Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted. Railway systems have long been critical. Mass transit systems move hundreds of thousands of people throughout urban areas each work day. Freight systems move an estimated 40 tons of freight for every person in the U.S. every year. Imagine the chaos if they were disrupted.
IEMI
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI). Electromagnetic interference (EMI) surrounds us – natural causes, such as solar flares and lightning; and man-made sources such as radio and TV broadcasting, radars, microwaves and many others all emit electromagnetic waves that could disrupt operation of electrical and electronic devices. That is, if devices wouldn’t comply with numerous electromagnetic compatibility (EMC) standards...
Innovation in Canada
Canada’s rankings in innovation has lagged that of other peer nations for decades despite government efforts to address this issue. Considering its success in developing research programs at its universities, its mediocre rankings overall in technology development is disappointing. Those programs alone have not been enough to translate into entrepreneurial innovation. A 2017 C.D. Howe Institute study points out that, even though Canadians have been at the forefront of breakthroughs in emerging technologies, in many cases, the chief beneficiaries of those breakthroughs have been other nations’ economies. Canada needs to take a stronger role...
Canada Critical Infrastructure
Targeted cyberattacks against critical infrastructure (CI) are increasing on a global scale. Critical systems are rapidly being connected to the internet, affording attackers opportunities to target virtual systems that operate and monitor physical structures and physical processes through various modes of cyberattack. When people think of cyberattacks, their minds often go first to the financial sector. After all, that’s the type of attack people hear about most frequently; it’s where the money is and it’s what seems most natural for cybercriminals to target. Enterprises frequently focus on such cyber-enabled financial crimes to the point...
Cyber-Kinetic Security Railway
My article "Growing cyber-kinetic threats to railway systems" was published on CSO Online. Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
IoT Bomb Stuxnet
While Stuxnet is gone, the world now knows what can be accomplished through cyber-kinetic attacks. As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated. Stuxnet’s beginnings Stuxnet is believed to have...
Cyber-Kinetic Railway
In their growing efforts to increase efficiencies through digitization and automation, railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components. In addition, the increasing use of networked control and automation systems enable remote access of public and private networks. Finally, the large geographical spread of railway systems, involving multiple providers and even multiple countries, and the vast number of people involved in operating and maintaining those widespread systems offer attackers...
IEMI
As our cities, our transportation, our energy and manufacturing – our everything – increasingly embrace Internet of Things (IoT) and Industrial Controls Systems (ICS), securing its underlying cyber-physical systems (CPS) grows ever more crucial. Yet, even among engineers and cybersecurity specialists, one potential attack trajectory is often overlooked: Intentional Electromagnetic Interference (IEMI). ICS and IoT – digital systems that run today’s modern society – rely on changes in electrical charges flowing through physical equipment. Creating the 1s and 0s of which all digital information is composed requires electronic switching processes in circuits. The current...