Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
DON BOXLEY, CEO AND CO-
FOUNDER OF DH2I
EDITOR’S QUESTION
Unfortunately, North America (really,
the world) is facing a seemingly
endless litany of cyberthreats – a
list that seems to be growing exponentially.
Here are what I view as two of the most
recent and concerning vulnerabilities:
1. Ripple20: Cybersecurity researchers at
the independent security research group
JSOF recently discovered at least 19 security
vulnerabilities that are found at the base of
almost all Internet of Things (IoT) products.
The zero-day vulnerabilities were found in
a TCP/IP software library that Treck, Inc.
developed – the software library is widely
used in IoT devices and the supply chain
amplifies the vulnerabilities.
According to the researchers, this series
of vulnerabilities – dubbed ‘Ripple20’
not for the number of vulnerabilities
but for their impact and ripple effect on
Internet-connected devices in 2020 –
affects ‘hundreds of millions of devices (or
more) and includes multiple remote code
execution vulnerabilities’.
The CERT Coordination Center at Carnegie
Mellon University’s Software Engineering
Institute (SEI) also published a vulnerability
note about this issue, stating that most
of the 19 vulnerabilities ‘are caused by
memory management bugs’ and ‘likely
affect industrial control systems and
medical devices’.
The SEI summarized the situation by
stating that ‘a remote, unauthenticated
attacker may be able to use speciallycrafted
network packets to cause a denial
of service, disclose information, or execute
arbitrary code’.
In short, many cybersecurity experts believe
that we have just begun to discover the
magnitude of the danger that Ripple20
represents and, even with fixes and patches
from the manufacturer, the problem won’t
go away easily.
2. COVID-19 and the Work From
Home Economy (WFH): As business,
government and other organizations sent
their personnel home to work remotely over
the last few months due to COVID-19, the
World Economic Forum (WEF) published
words of warning to the utilities and the
energy industry.
The article was written by Leo Simonovich,
Vice President and Global Head of Industrial
Cyber and Digital Security at Siemens,
and was suitably entitled Why COVID-19
is making utilities more vulnerable to
cyberattack – and what to do about it.
Even if remote work is happening less
regularly now, intermittent home-based
work can still make utility companies (along
with virtually every other kind of business
and government agency) vulnerable to
weak Internet connections that are easy
to hack, user errors that expose corporate
networks, applications and data, and thirdparty
security breaches. If a utility company
gets hacked, there can be worldwide
consequences that travel far beyond the walls
of the company.
“
IF A UTILITY
COMPANY
GETS HACKED,
THERE CAN BE
WORLDWIDE
CONSEQUENCES
THAT TRAVEL
FAR BEYOND THE
WALLS OF THE
COMPANY.
www.intelligentcio.com
INTELLIGENTCIO
33