How NSA Director Wants to Build an IoT Security Coalition

Admiral Michael Rogers is preparing a coalition of government, military and commercial interests to fight a global cyber war if necessary.

BALTIMORE, Md. — The chief warrior in the U.S. battle against the world’s cyber-bad guys is just as worried about having his personal data breached as any of us.
Also, like many of us, he admits to being a bit bewildered about how governments, enterprises and individuals can fend off insider attacks, DDoS event, zero-day exploits, malware and other security issues that have become as common as drinking water in this Age of Internet.
But Admiral Michael S. Rogers (at left in photo with Jeffrey Wells), Chief of the U.S. Cyber Command and Director of the National Security Administration, is convinced that through effective working partnerships among government agencies, the military, law enforcement and key players in the private sector, long-term solutions will be found in the ongoing efforts to secure personal and business data and keep it out of the hands of cyber-criminals. 
Rogers on Oct. 29 addressed attendees at the two-day Cyber Maryland Conference here at the Baltimore Convention Center. About 1,000 stakeholders were registered. eWEEK was on hand both to cover the event and to moderate a panel discussion on IoT security.

Because more than 250 companies and service providers are located in the Maryland-Virginia-Washington D.C. region, it is fast becoming global Ground Zero for the cyber-security business.

Cyber Maryland Initiative Providing Leadership in Security Sector
Silicon Valley also has its indigenous security companies, but it also has so many other IT-related players that it simply cannot specialize the way Maryland can. Gov. Martin O’Malley, who also spoke at the Oct. 29-30 event, started the Cyber Maryland coalition initiative five years ago. Cyber Maryland promotes partnerships among government agencies, security software and services providers, educational institutions and security experts in an effort to drive innovation — and create jobs — in the sector.
“Securing the IoT is a huge issue for all of us,” Rogers said during a fireside-type chat with conference co-organizers Darin Andersen, founder and chairman of the San Diego-based CyberTECH, and Jeffrey Wells, Executive Director of Cyber Development in Maryland’s Department of Business and Economic Development.  “Literally every person on earth is a sensor. We have billions of devices. It’s a daunting task.

“We talked about BYOD a year ago, and we’re still talking about it. From a cybersecurity perspective, that’s a fundamental challenge — plus, it’s a society issue. I don’t think we fully understand this yet — the second and third order of effects [of securing the IoT], involving all this connectivity, all those devices and the public and the private interests. It brings amazing opportunities but also potential tremendous vulnerability. We’ve got to work our way through this,” Rogers said.
Advantages of Having All Those Connected Devices Are Great
None of us is going to walk away from the conveniences these devices provide, Rogers said.
“People on average have 3 to 5 or more connected devices; we will see many more in the future. How are we going to make this work, how are we going to secure them all? That’s for all of us to work toward,” Rogers told the audience.
As for the ever-present threats posed by numerous malevalent forces around the world, Rogers acknowledged that there is much more work yet to be done but that he believes the cyber force he is building at the federal and military levels is up to holding its own. Then he integrated into the talk a hot news issue — the idea of the Ebola virus — that provided more food for thought.
“What if we had an Ebola-like challenge in the Internet?” Rogers said. “Not something actually infectious, but what if we had something equivalent to that in digital form, that could replicate on a global scale, with the potential ability to impact our information flow? That’s pretty amazing to me but we’ve got to think about it.”

Article source:

Cisco Wants IoT to Solve U.K.’s Transport Challenges

Cisco invites startups and SMBs to submit solutions for transport challenges, with funding and mentoring offered to finalists.

By Steve McCaskill
Cisco has invited startups and SMBs to come up with machine-to-machine (M2M) applications that can help improve the U.K.’s transport network in a bid to demonstrate the power of the Internet of things (IoT).
The Connected Transport Challenge will task entrants with submitting proof-of-concept Station-as-a-Service (StaaS) applications that solve a number of real-world technical issues.
StaaS is a two-year collaborative project between Cisco and is partly funded by RSSB and Innovate UK, formerly the Technology Strategy Board, with the intent of creating a new technical, operational and commercial model for future stations. It is hoped entries will improve the efficiency, security, operation and passenger experience of Britain’s railways.

Cisco IoT competition

Finalists will receive £10,000 to develop their idea and will receive advice from Cisco and its partners throughout the project. The closing date for entries is the 17 November, with a second stage ending in December, and live demos should be created by March. These will be showcased at Cisco’s Internet of Everything (IoE) lab in Warwick and negotiations with rail stakeholders will start in April.
“Britain’s transport infrastructure is under pressure like never before; with networks increasingly congested, the economic consequences become ever more severe,” said Phil Smith, CEO of Cisco UK. “The long-term answer lies in facilitating an entire step-change in the way we approach travel and designing technologies to enhance efficiency through the Internet of Everything.
“The Connected Transport Challenge provides the rare opportunity for innovative U.K. talent to demonstrate its technological ingenuity to some of the rail industry’s major stakeholders. Over the next six months, it’ll no doubt be fascinating to witness the future of the U.K. transport industry in the making.”

The initiative is the latest part of a major IoT push by Cisco, which is throwing its weight firmly behind the idea of connected devices. The IoT formed the centerpiece of CEO John Chambers’ keynote at CES earlier this year, and the networking giant has held security competitions and training courses for electricians as part of its push into M2M.

Article source:

Six in 10 Experts Expect Major Cyber-Attack by 2015: Pew Study

Respondents to a Pew Internet study say a major cyber-attack by 2025 is likely. Security experts have ideas on how the risk might be mitigated.

A majority of industry experts foresee a major cyber-attack by 2025 that will cause harm, according to the findings of a new study from the Pew Internet and American Life Project. The study, based on a poll of 1,642 experts in technology and other fields, found that 61 percent indicated they expect a major cyber-attack that would cause “widespread harm to a nation’s security and capacity to defend itself and its people.”
The report also cited a number of key themes among respondents—for example, the fact that cyber-attacks are already happening, including infrastructure attacks like Stuxnet, which targeted Iran’s nuclear program.
While the Pew report warns that respondents anticipate an attack, security experts eWEEK contacted didn’t necessarily think that all is bad in the state of online security.
The Pew Research Survey raises some genuine concerns, Mike Fey, executive vice president, general manager of corporate products and CTO at Intel Security, told eWEEK. However, while a large attack is likely, there is a lot of work in the threat detection and threat intelligence sharing spaces, within and across industries, to hold these attacks at bay and minimize damage, Fey added. 

“Like all the technology systems we rely on every day—the airline system, the electric grid—our electronic banking networks are very safe, and our industry is continuing to innovate to make them even safer,” Fey said.

J.J. Thompson, CEO and managing director of Rook Security, does not think that the risk of a major cyber-attack by 2025 is like the folk tale of Chicken Little, who thinks that the sky is falling. “We are moving toward a connected world through not only the Internet of things, but through critical infrastructure,” Thompson said. “In the absence of adequate security controls, the results can be catastrophic.”
Marc Maiffret, CTO of BeyondTrust, said that cyber-attacks are now likely part of normal military operations.

“So yes, one should assume that if there is a major war between now and 2025 that the style of attacks will be a component of war just as any ground or air capabilities,” Maiffret said.
Although there is risk, there has also been much progress made to improve the security of systems, he added, pointing out that the popular attack surface of the last 10 to 15 years—Windows desktops and servers—has become increasingly hardened as Microsoft and other technology companies continue to pour a large amount of resources into protecting their ecosystems.
The emerging Internet of things world, however, hasn’t yet reached that level of security maturity. “I think the Internet of things world needs a major wake-up call, and in fact, it will probably be a major attack that is the wake-up call, but hopefully, that is more of a computer worm or mass infection-style attack, which ultimately can be more annoying than devastating,” Maiffret said.
Overall though, when it comes to limiting the risk of whatever cyber-attack may or may not occur by 2025 and whatever the attack vector is, collaboration and continued vigilance are the keys to defense.
“Organizations are increasingly good at repelling low-level cyber-incursions against governments and private interests, and increasingly quick to address newly discovered vulnerabilities,” Fey said. “Governments are learning a great deal from observing each other’s cyber-practices and developing capabilities in cooperation, sharing lessons learned and training together.”
Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Article source: