Welcome!

@ThingsExpo Authors: Roger Strukhoff, Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Carmen Gonzalez

Related Topics: @ThingsExpo, @CloudExpo, Cloud Security, @DXWorldExpo

@ThingsExpo: Blog Post

Internet of Things and Cyber-Sabotage By @JamesCarlini | @ThingsExpo [#IoT]

Too many top executives and futurists are giddy about what the future holds with the Internet of Things

Corporate Cyber-Sabotage: The Six-Phased Enterprise Assessment Framework

When the Tsunami of system failures paralyzes your organization from a coordinated cyber-attack, it's too late for the CEO to think your organization can "get through this event." It's too late.

Too many top executives and futurists are giddy about what the future holds with the "Internet of Things" and the growth of technology-based applications cutting across many, if not all, industries. Few are talking about reinforcing corporate systems as well as hardening facilities and mission critical applications to withstand cyber-sabotage and EMP attacks because few, if any, are even qualified to assess that area of their enterprise (see Intelligent Infrastructure Destruction: Cyber Attacks).

Many still talk about having "Disaster Recovery" plans. That isn't good enough in the era of 21st century intelligent infrastructure. The design concept should be to develop systems that support a strategic direction of "Business Continuity" and sustainability, not disaster recovery.

In some cases, you cannot afford to be down for an hour or two, let alone a day or two. Your competition will swallow your business while you try to determine how to re-instate your systems into an operational mode.

What kind of attacks can be launched? Everyone always focuses on the stealing of credit card numbers from retailers or critical (and sensitive) information from healthcare providers, but the reality is cyber-attacks can span more than just customer record information. Plus, the credit card breaches are still going on and are successful, so many organizations have yet to establish real barriers to protect systems from outside attacks.

Besides cyber-attacks, EMP (Electro-Magnetic Pulse) attacks can also shut down everything electronic.

Attacking the Intelligent Infrastructure of an Organization
If I was a cyber-criminal engaging in corporate cyber-sabotage, I would look beyond what is being protected today. What industries and mission-critical systems would I target? When you start to think of it, there are a lot of potential targets still not hardened. Are yours? (See Chart 1- Potential Industrial Targets.)

With more organizations getting hit with cyber-attacks, the focus of improvement should not be at the technical level. The focus of improvement should be at a more encompassing approach covering all levels of an organization including its executive vision, its strategic direction, its processes, and the platform of technologies (systems and services) it has in-place to support those processes and achieve its strategic objectives.

Chart 1 - Potential Industrial Targets

Industry

Systems Target

Desired Result

Automotive

Robotic systems on the Assembly line. Distribution and logistics systems. R&D systems.

Complete stopping of the Assembly Line. Complete lock up of any distribution of parts and finished product. (Apply this to any manufacturing process)

Pharmaceutical

Again, Manufacturing systems. Recipes for all drugs and their derivatives. Research & Development systems.

Complete lock up of any distribution of product. Complete destruction of R&D results. Secondary result - the resulting damage and freezing of Healthcare Industry.

Power

Power Grid (Distribution). Power Stations. Management Systems (All video cameras overseeing operations and facilities.)

Complete system failure for the power company. Secondary result - the complete stoppage of any outside entity dependent on power.

Source: James Carlini

As you can see, the above attacks are much more sophisticated than lifting credit card information. Corporate cyber-sabotage focuses more on stopping the organization in its tracks: cutting off production, ruining Intellectual Property (IP), and freezing up logistics and distribution of products as well as energy.

Remember the Three Rs for Your Enterprise
Many organizations are still in a primitive mode when it comes to backing-up mission-critical applications. With mission-critical applications in organizations growing from "one out of three" to "one out of two" in many areas, the need to take a broader and more strategic view on the Three Rs (Reliability, Redundancy and Resiliency) of the enterprise is critical.

The assessment of the Enterprise's Intelligent Infrastructure as well as its strategic policies and procedures needs to be performed in this era of increasing cyber-attacks. The Enterprise Assessment Framework provides a more structured view of what has to happen in a multi-phased approach to building stronger, more resilient intelligent infrastructure that can withstand cyber-sabotage (see Chart 2).

Chart 2 - Enterprise Assessment Framework

Phase

Action

Process

Results

1

Analysis Of Current Environment

Multi-level, multi-enterprise element (people, systems, procedures & processes) review.

Vision of current topology and physical attributes of systems and facilities.

2

Identifying Major Issues

Multi-dimensional assessment tool covering both manual and automated processes.

Uncovering single points-of-failure, incomplete applications, other inconsistencies.

3

Assessment

Multi-dimensional Proprietary Tool.

Quantifying Issues and Concerns as well as the revealing of potential weak points.

4

Recommended Changes & Upgrades

Presentation of Improvements. Report.

List of prioritized improvements and upgrades.

5

Implementation Of Changes

Adding and/or modifying procedures, systems, and practices in a prioritized approach.

Added capabilities, shoring up weak areas, and eradicating single points-of-failure.

6

Post-Implementation Review

Review of the new in-place systems, processes and procedures.

Assessment of what has worked and what needs further improvement.

Source: James Carlini

Copyright 2014 - James Carlini

Location Location Connectivity by James Carlini is available Amazon and Barnes & Noble.

More Stories By James Carlini

James Carlini, MBA, a certified Infrastructure Consultant, keynote speaker and former award-winning Adjunct Professor at Northwestern University, has advised on mission-critical networks. Clients include the Chicago Mercantile Exchange, GLOBEX, and City of Chicago’s 911 Center. An expert witness in civil and federal courts on network infrastructure, he has worked with AT&T, Sprint and others.

Follow daily Carlini-isms at www.twitter.com/JAMESCARLINI

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
This month @nodexl announced that ServerlessSUMMIT & DevOpsSUMMIT own the world's top three most influential Kubernetes domains which are more influential than LinkedIn, Twitter, YouTube, Medium, Infoworld and Microsoft combined. NodeXL is a template for Microsoft® Excel® (2007, 2010, 2013 and 2016) on Windows (XP, Vista, 7, 8, 10) that lets you enter a network edge list into a workbook, click a button, see a network graph, and get a detailed summary report, all in the familiar environment of...
IT professionals are also embracing the reality of Serverless architectures, which are critical to developing and operating real-time applications and services. Serverless is particularly important as enterprises of all sizes develop and deploy Internet of Things (IoT) initiatives. Serverless and Kubernetes are great examples of continuous, rapid pace of change in enterprise IT. They also raise a number of critical issues and questions about employee training, development processes, and opera...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...