editor ’ s question
DON BOXLEY , CEO AND
CO-FOUNDER OF DH2I
nfortunately , North America ( really , the world ) is facing a seemingly endless litany of cyberthreats – a list that seems to be growing exponentially . Here are what I think are two of the most recent and concerning vulnerabilities :
U
?
1 . Ripple20 – Cybersecurity researchers at the independent security research group , JSOF , recently discovered at least 19 security vulnerabilities that are found at the base of almost all Internet of Things ( IoT ) products . The zero-day vulnerabilities were found in a TCP / IP software library that Treck , Inc . developed – the software library is widely used in IoT devices and the supply chain amplifies the vulnerabilities .
According to the researchers , this series of vulnerabilities – dubbed ‘ Ripple20 ’ not for the number of vulnerabilities , but for their impact and ripple effect on Internet-connected devices in 2020 – affects ‘ hundreds of millions of devices ( or more ) and include [ s ] multiple remote code execution vulnerabilities ’.
The CERT Coordination Center at Carnegie Mellon University ’ s Software Engineering Institute ( SEI ) also published a vulnerability note about this issue , stating that most of the 19 vulnerabilities ‘ are caused by memory management bugs ’ and ‘ likely affect industrial control systems and medical devices ’. The SEI summarised the situation by stating that ‘ a remote , unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service , disclose information , or execute arbitrary code ’. In short , many cybersecurity experts believe that we have just begun to discover the magnitude of the danger that Ripple20 represents and , even with fixes and patches from the manufacturer , the problem won ’ t go away easily .
2 . COVID-19 and the work from home economy – As business , government and other organisations sent their personnel home to work remotely over recent months due to COVID-19 , the World Economic Forum ( WEF ) published words of warning to the utilities and the energy industry . The article was written by Leo Simonovich , Vice President and Global Head of Industrial Cyber
Many cybersecurity experts believe that we have just begun to discover the magnitude of the danger that Ripple20 represents .
and Digital Security at Siemens , and was suitably entitled : Why COVID-19 is making utilities more vulnerable to cyberattack – and what to do about it .
Even if remote work is happening less regularly now , intermittent home-based work can still make utility companies ( along with virtually every other kind of business and government agency ) vulnerable to weak Internet connections that are easy to hack , user errors that expose corporate networks , applications and data , and third-party security breaches . If a utility company gets hacked , there can be worldwide consequences that travel far beyond the walls of the company .
28 Issue 31 | www . intelligentciso . com