The technology trends that have developed in recent years have made us more connected and connected, and the Internet of Things has also raised the issue of Cybersecurity Measures. Autonomous vehicles tell us that we will be safer by taking information from each other, smart devices will provide us with a much more comfortable.b and safe living and working environment, while away valuables, people, etc. can provide their safety with each new news, article and advertisement presented to us in gold trays. Connected Device Security. is a trending question for IoT!
And is it really? To be connected or Even if he argues that staying in contact makes us safe, is he actually in danger? throws?
Contents
Smart Device or Smart Human? For Better Connected Device Security
Reason is actually the most important feature that separates us from animals. At least that’s how it was described in biology class. We can look at the situation and take action accordingly, choose what suits us best within endless options and take action. What technology is providing us is actually making this decision-making process a little faster, and in some cases making it decide for us.
In addition to the high quality of old-school TV sets in our homes, internet-connected Smart TVs, internet-connected vehicles on the road, mobile phones, not to mention, most of us have more than one device in our pockets (company lines, private lines, etc.b.).
In recent months, Mark Zuckerberg and Elon Musk may remember the debate over virtual-minded robots. When people leave their decision-making to the devices, they are exposed to some seeming attacks that they don’t even know how much danger they’re in.
Attacks on energy systems
The keyword is STUXNET. I think many people have heard or read about the virus attack targeting the Iranian Government’s nuclear enrichment program, which was installed during a simple maintenance effort developed by the state, incubated, and activated by learning the most accurate moment of attack. The incident is so critical that in addition to publishing the books, the documentary was even filmed. It has been repeatedly said that the attack on the Iranian government, which is anti-U.S., was actually carried out by the United States and its supporter Israel. While the attack remained fresh, Venezuela, which is also anti-U.S., has re-raised the issue of state attacks in a succession of similar incidents. Similar purposes such as “WannaCry” and “Petya” have caused millions of dollars in losses and severely affected human life.
Some other events that have occurred have been presented by the World Energy Council with a one-page visual “The road to resilience managing cyber risks”. It has also been seen in Ukraine, the United States, Saudi Arabia, .b countries, and no one has been able to escape its influence.
Among the damages experienced are people’s energy-free can not be done, prevented, many services based on electrical energy, disruption of electricity power generation, deterioration of supply-demand balance, etc.b. problems and will be experienced. In fact, in 2015, we lived and that the power outage was also such an attack. has been introduced.
Computing systems have more access to energy and similar critical infrastructures, while the syndrome of connected worlds unfortunately brings with it serious connected device security.
The inevitable risk of being connected device security
This year (2019) DEFCON (Las Vegas / USA) also discussed the risk of connected worlds, IoT World Today (Brian Buntz / August 15, 2019) also turned into an article. In addition to the short events listed above, it is stated that there may be much more serious problems. Potential risks include security cameras, smart TVs, smart vehicles, security cameras, etc., while I.b remembered a problem in The UK a few months ago.
The UK is one of the first countries across Europe to move into the Smart Meter environment, but has decided to slow down the application. A similar situation has occurred in the United States. It was about the security of housing and personal data. Based on consumption information, it is listed that cycles on what times to be in the house, payment data to be uploaded to smart meters can work, account information will.b be disclosed, etc., etc.
In fact, the risks are just as great as the advantages of being connected. Brian Buntz’s article mentions the 12 IoT threats listed, and there is a common view that hackers’ new target will be IoT devices in particular. Some critical warnings in the article that we must also consider.
Possible examples
It’s possible that connected systems can give us I would like to present the problems with a few brief examples.
Programmable Logical Controllers (PLC)
The devices are more commonly used in industry and are also seen in some energy solutions. In fact, these devices, which are a bit “mindless”, are sent commands and do what is called “YAP”, not inspected or inspected.
Imagine someone in a critical environment what happens if the “STOP” command goes to devices in an environment that should not stop? Water where water should be given in the turbines are called STOP at once, if the lights go out in traffic at once, or Think of the catastrophes that can occur if they are told to continue.
Smart Meters
The above briefly describes the risk of personal data, and other than that, credits uploaded to your counters are stolen, and if money is requested, as in RANSOMWARE to access your electronic data, consider that the connected objects that need to work ask you for MONEY.
Another threat is that deleting or changing consumption information on counters can be undesirable for both the agency and the customer. It is important to remember that this change comes through the communication system, which is considered safe, not external.
Enterprise Security Vulnerabilityes
Almost everyone on mobile devices browses corporate data, intranets, and emails. If devices are not protected by tried-and-tested apps, it’s only a matter of time before critical and sensitive data is in the wrong hands. Companies can be blackmailed based on relevant data, industrial espionage can be done using critical data, clauses of very important agreements can be disclosed, and some critical facilities that should not even appear on maps may be exposed.
Smart TVs
Which broadcasts you’re watching are recorded And if I say it’s shared, how would you feel? Some TV producers are new share their data with third parties with next-generation Smart Devices and that you have obtained additional profits from it, that it has been shared without your permission. I’d like to emphasize.
Another issue is the cameras. Laptops the camera on the camera that closes with paper so that it does not display you. friends, something similar to turn off the camera of the smart TV in the house Does he do it? You are aware of the remote camera of your TV set connected to the Internet and someone else was watching you while you were watching TV. How would you feel?
How would you feel if WiFi was automatically connected to connect to the Internet? Smart TV doesn’t just come to your home or work by improving image quality.
Autonomous or connected vehicles
Completely re-equipped with electronic equipment information from other vehicles on the road, speed, phone usage habits, microphone that you can listen, or even that your vehicle is dominated by foreign interference? Fuel by increasing, reducing, overcharged or discharged the battery. v.b. interventions are unfortunately among the possible examples. These are Hollywood. they seem to come from their cinemas, but they are now new realities.
Internet of Things Cyber Security Measures – Critical Infrastructure facilities
What would you say if I told you that critical infrastructure facilities (chemical, biological, fuel, etc.b.) that have been damaged or not properly built can threaten you and your relatives by evacuating hazardous substances that they should not have flowed through foreign intervention in the wrong place and at the wrong time, and the environment and its surroundings? Is it better for Connected Device Security?
NEVER without safe environments
Please don’t make any misunderstandings when you’re telling the DEVIL in my article. Technology is there to serve us, not enslave us and lose control. Security measures should not be implemented without properly implementing them, without supervision by independent agencies, without continuous improvement measures.
How should measures be taken? In fact, i don’t think you need to admit that there is no simple answer, but a partially protected the structure is much better than an unprotected structure, and unfortunately it used to be very the idea of “Firewall u plug late friend” is no longer to be applied. we need to know that there’s no side to it.
Internet of Things CyberSecurity Measures
I’d like to suggest some steps:
- List of services to connect to possible losses / seizures. losses and errors need to be sorted
- What can be done to protect it? Examples and previously implemented security measures should be examined and examined. Lessons must be learned from mistakes
- Budget must be determined correctly, excessive should not be large or excessively small.
- Ordinary acceptance of work within the institution should not be transferred to Computing as usual, but a separate SECURITY department must be created. The SECURITY department can be contacted directly by the BOARD of Directors or Should report to the CHAIRMAN OF THE BOARD OF DIRECTORS. Computing department field the application must be in the business unit, not the checker.
- The best company to do the job should be searched and selected. If there are problems with its discovery, a consultant company must be selected, selected consultant company must support security department / assist.
- The system that is lifted is FREE must be tested and attacked by an institution. Consulting firm or departments for other institutions should not be assigned.
- If there are glitches, they should be detected, should be re-tested and field implementation planned.
- Application SECURITY must be constantly supervised by the department, different security experts should be tested and attacked by their companies. Known new and improved attacks can happen all the time
- SECURITY department in-company must be kept active and alive.
Being connected is the reality of the new world and In parallel we need to know that security is not a luxury but a necessity. Most the critical point is the SECURITY unit/department. Each department of the institution safety guidelines that can be applied to the application of must be ensured that it is implemented. We need to make it a culture and make it into a part of it. Each connected device, object, smart, or get mindless should be applied.
In personal use, similar measures or It would be in our best interest to be a little less enthusiastic about addiction.
Safe But Simple to Increase Connected Device Security
Internet of Things Cybersecurity Measures; Safety is an inevitable phenomenon and must be implemented. Often, security is confused with complex and difficult-to-control structures, often causing future vulnerabilityes. Make your safety simple, feasible and active. It must provide a structure that can be improved against new attacks and be managed as a sustainable service. Continuous updating should be able to take additional measures against new threats.
Wishing you not to connect to the wrong places…
Gokhan Yanmaz
August / September 2019
Leave a Reply