Urgent Matters

Latest attacks underscore need for cybersecurity in next-generation critical communications

by Donny Jackson
Feb 18, 2016

During the past week, more examples of hackers compromising high-profile networks have hit the news. These scenarios should serve as a reminder how important it is that critical-communications systems like FirstNet, next-generation 911 and smart grids have appropriate cybersecurity solutions in place.

One the great things about my job is that I get to talk with a bunch of really smart people about some of the things that technology will enable us to do in the near future. I’m always amazed by the engineering wonders that continue to squeeze more efficient use from each slice of spectrum and pack more processing power into tinier packages.

As stated in this column space before, there is no doubt in my mind that the next generation of critical-communications systems—leveraging IP-based architectures—eventually will deliver much greater performance, functionality, flexibility and convenience of use. In addition, automated IP rerouting schemes and increasingly dense networks should make these critical systems more resilient to man-made and natural physical attacks.

But as we plunge headlong into becoming more and more dependent on key IP-based systems—be it FirstNet, next-generation 911 (NG911) or smart grids for utilities and other critical-infrastructure entities—the one nagging concern is the ability to secure these crucial assets from cyberattacks.

Just in the past few days, we’ve seen hackers shut down a massive commercial enterprise (Xbox Live) for several hours, hold a Los Angeles hospital’s computer system hostage for ransom, and learned of U.S. plans to launch a cyberattack that would have crippled Iran’s power grid.

Of course, these are just the latest in a long line of episodes involving data breaches and cyberattacks on myriad systems. In the commercial sector, industry giants like Apple, Sony, Target and Home Depot—not to mention the Ashley Madison website scandal—have all been victimized. Hackers reportedly have demonstrated the ability to hack into airplane engine controls and automotive vehicle controls, and we have barely scratched the surface of potential issues regarding aerial drone and self-driving cars.

In the Ukraine, a cyberattack caused a significant power outage.

Public-safety and government entities have suffered from significant attacks, as well. Multiple public-safety agencies have paid hackers after having their computer systems rendered useless by ransomware, as happened at the Los Angeles hospital. The Office of Personnel Management (OPM) last year acknowledged that more than 20 million personnel records were stolen.

Even the National Security Administration (NSA)—an international master of computer espionage—suffered a major black eye in this regard with the ongoing revelations from former contractor Edward Snowden. Whether you consider Snowden to be a heinous traitor or a modern-day civil-rights leader, the bottom line is that he took a treasure trove of classified information out of the most secure organization in the world—and NSA officials reportedly did not realize he had done it, even months after Snowden executed his plan.

As one source said, “If the NSA can’t secure its stuff—or at least realize that Snowden had done something after the fact—what chance do the rest of us have?”

This is especially true for the Internet of Things (IoT), an exciting technological initiative that is expected to result in 50 billion devices being deployed by 2020, according to some estimates. But the only way those astronomical figures will become reality is if IoT devices are relatively inexpensive, and inexpensive devices typically have little, if any, security integrated (and even devices with security functionality may not be safe, if users simply leave default passwords in place).

Hackers already have stolen millions of records via VTech children’s toys, and even Mattel’s Hello Barbie dolls have been shown to be vulnerable. Reports that a refrigerator was used to send spam e-mail may not have been true, but there is little argument among industry experts that IoT proliferation promises to greatly expand the “attack surface” that hackers can exploit.

Related Media: 

Discuss this Blog Entry 2

GBH (not verified)
on Feb 19, 2016

What is becoming painfully obvious is that one cannot secure these systems from Internet Borne Attacks, if there is any path between the Internet and these systems. Vendors tout security firewalls and the like, but if there is a way to get from the internet to the secure network, then it can be breached!

on Jan 7, 2017

One major problem with a multi-vendor network solution, is that there is not a specific standard that clearly defines what type of security will be needed. There are NIST guidelines and various agency help and directions but we truly need a comprehensive plan for true multi-vendor and multi-agency solutions.

Post new comment

or register to use your Urgent Communications ID
We use cookies to improve your website experience. To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy. By continuing to use the website, you consent to our use of cookies.