RSS

Monthly Archives: April 2017

IoT Hack = Security Lapse. And its just the beginning

Dallas, Texas – On Apr 8 2017, around 11:42 PM for no apparent reason, 156 tornado sirens went off (all together) and woke up what can be best described as – scared and baffled residents. When the sirens repeated in 90-second cycles, the locals thought they were being (or about to be) bombed.

Dallas Mayor – Mike Rawlings posted an update for citizens on his Facebook page (https://www.facebook.com/MayorMikeRawlings/posts/1030736253694199) where he described the incident as the hack i.e. an attack on emergency notification system. He also wrote, “This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure.”

The news was posted on many major news channels and websites – including CNN http://edition.cnn.com/2017/04/08/us/dallas-alarm-hack/

The most comprehensive coverage is fro Washingtonpost.com https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.0b1ec2649790

Now, while news channels/websites and reporters talk about the situation and have provided updates on how the issue was handled and finally resolved – lets consider some facts and try to derive some inference from the incident from cyber security perspective.

First – it is more than assured that this was an intentional hack and not a ‘mistake’ by someone in the emergency service grid. Hence, this infers that; the security controls deployed were either not enough or not tested properly during the planning and deployment cycles. At first there were speculations of the system not being controlled at all by a back-end software however, that was ruled out and this proves the point enough – integrating security (controls) in every system (offline or online) from planning, deployment and testing point of view should be an absolute zero tolerance exercise.

Second, the hacker(s) were motivated and determined to make it happen – at the most awkward hour. This hacker or hacking group made it look easy enough without leaving much of an evidence that the trail could be picked up and the perpetrator of the cyber crime is apprehended.

Third, connected systems expose the attack surface – and yes while this is a known fact, who would imagine that an emergency system grid could be hacked? That too – whole of it!! It is supposed to be a closed and monitored system – isn’t it? This brings us to the discussion where we can either discuss about standards not being in place from IoT / grid computing security point of view or we can simply say – it is about time someone did something about cyber security pertinent to public and government deployment. While this was clearly an issue with implementation of security for the sensors; this could go well beyond just the alarms as more often than not, one emergency system is connected to another e.g. 911 has taps into fire, police etc.

Last but nevertheless most importantly – while security analysts analyze and wonder how this could have been pulled off, for the people who experienced this ‘it was very real and scary’. This serves well to remind us all that how helpless we feel when technology is abused.

Note: The intent of this article was not to give the information that is widely available in terms of this incident however, to further deep dive and see the causalities of ill-fated security systems/controls. And, to extrapolate the kind of damage that can be done at large – anywhere in the world by that someone nasty – who knows how to get pass the security  (if at all there was some). 

 
Leave a comment

Posted by on April 20, 2017 in Cyber Security

 

Tags: , , , ,

Good Friday Just Became Better – With My CCSK Certification!

Holy Moly – The sweet taste of achieving the much coveted certification in the wake of furthering my Cyber Security journey. Aced the certification with a strong 90%. I’m now Certified Cloud Security Knowledge (CCSK) certified. My Good Friday just became a whole lot better!!!

 

It’s been sometime that I’ve been dragging my feet and finally decided to write the CCSK certification. Been busy with authoring and mentoring (cannot really complain as it’s my passion) hence, the delay. Like they say – better late than never!!

CCSK

In the following sections I’ve shared my experiences, my preparation, the insights and details to the certification exam. Hope these get you to your own CCSK summit.
The exam itself – This exam has been there for sometime now and I took the v3.0 (v2.1 is alo available but hey, latest is greatest right!). CCSK is a pretty comprehensive exam. It covers all basis (and more) from cyber security / security from a Cloud Service Provider (CSP) and a Cloud Consumer perspective, and then some. It also addresses domains which are usually blind spotted for example – cloud risk management, vendor management, supply chain management and such.

The insights to the exam – The exam can be daunting if you have little to no security experience and specially – if you come in with minimal (all encompassing security) virtualization, security controls, risk management, physical security and traditional DC experience. The exam consists of 60 questions – multiple choice and true and false type, to be completed in 90 min. It is an open book, take anywhere exam however, that doesn’t demean its importance at all, in fact – it take a lot of time to understand the subjects and topics and then be prepared for the exam itself. It’s the journey in this matter that’s much more valuable than the result itself.

My experience during the exam – I completed the first pass in about 30-35 min (of the allocated 90 min) and marked all questions for second pass (Yes, you can mark questions for review and come back to them). Finally submitted the questions for grading by 45-50 min mark and passed with 90% (80% is the minimal score to pass) and that calls for a jolly moment!

The preparation – For the prep I used the two documents (both available here https://ccsk.cloudsecurityalliance.org/index.html) i.e.

  1. Cloud Security Guidance https://cloudsecurityalliance.org/research/security-guidance/
  2. ENISA Cloud Risk Assessment Report: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport

These two documents cover all basis in terms of questions. Just a thorough read and you should be fine.  One of my dear and old time friend (who happens to be a security geek as well) Sumanta Bhattacharya helped me by brainstorming on the topics and coming out with logical and conclusive derivations.

Summarizing – This is a certification that’s a must to do for security practitioners and professionals who intend to or currently engage with cloud. An excellent certification that pushes a person beyond their scope of thinking in context of Cloud and so much more.

 

 
1 Comment

Posted by on April 15, 2017 in Cyber Security, Security Posts

 

Tags: , , , , , ,

Cyber Ops – Up Up and Away!!!

I’ll be spending a good amount of time doing something that I’m passionate about and which I think brings me the satisfaction of knowing that it will be a career catalyst for many professionals (especially security professionals).

To be precise, I’ll be spending most of my time from late Mar till May writing on Cyber Security. Now, it matters how this time I spend and the material I author helps the larger community gain from it – and that’s been my motto since I stepped up as an author and an evangelist.

Demystifying: I’ll be authoring Cisco’s latest Cyber Security / Cyber Ops on two fronts – writing the practice tests / question banks (to go with the premium content):

  • Cyber Ops – SecFnd
  • Cyber Ops – SecOps

I’ll be writing practice question banks which will help the CCNA Cyber Ops aspirants to attain these world-class cyber security certifications. These practice tests will be available as part of the premium package with the following books written by Omar Santos and Joseph Muniz.

CCNA SECFND: http://www.ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-premium-9780134609010

CCNA SECOPS: http://www.ciscopress.com/store/ccna-cyber-ops-secops-210-255-official-cert-guide-premium-9780134609027

I have to admit that Cisco has come a long way and now with these certifications, the gaps from InfoSec and CyberSec would be more than addressed. These certifications are bench-marking in terms that they will help bridge the gap between the old and new security paradigms – network and cyber.

All in all – I’m enjoying my time writing these questions and hope that they will help the aspirants succeed in their attempts to grab these two really cool certifications.

Happy learning and reading!

 

 
Leave a comment

Posted by on April 11, 2017 in Cyber Security

 

Tags: , , , , , ,