The Impact of Modern Technology. For Better or for Worst?

April 26, 2017

 

BOYD:

 

     In the recent years, the discussion around bring your own device (BYOD) policies has

 

been often focused on topics such as the opportunity, risk and security implications of using

 

personal devices and user apps in the business context. The danger of integrating such BYODs

 

into your corporate network is eminent. For example, in health care, the concern goes beyond

 

how to protect your company’s network and infrastructures from being infected by unsafe

 

personal devices, but how to protect personal, life-saving medical equipment from being attacked

 

through use of such infected devices (Dolan 2011)

 

       At Boca Raton (Fla.) Regional Hospital, a staff physician has created an innovative new

 

iPad-driven method, called a remote-K-viewer, for adjusting and managing patients' pacemakers.

 

While the technology isn't a direct connect, the danger is that it actually requires two-way

 

communication between the physician on an iPad and a nurse on a mobile computer cart at the

 

patient's bedside. According to the device creator Dr. E. Martin Kloosterman, the device does

 

enable real-time patient management, and shrinks the time for adjusting a pacemaker from hours

 

to just a few minutes. That is a major advancement in technology that has overwhelm for risk

 

and security implications.

 

      To enhance and support the use of this technology, the U.S. Food and Drug

 

Administration regulators have weighed in on this new technology. According to attorney

 

Bradley Thompson, “Pacemakers, and mobile technology that can actually affect how they

 

function, are likely to fall in the higher-risk categories” He warns that full-scale clinical trials and

 

FDA oversight of the device's marketing could mean a long road to market for the system

 

(Thompson, 2012).

 

SCADA:

 

     Today’s emerging technology is involving and getting more sophisticated and in some

 

instances used to commit cyber crime.The solutions to solve these cybercrimes have become

 

almost futuristic in its methods. Some of most crimes are solved by using forensics evidence to

 

dilute debate by the presentation of scientific evidence and rhetoric not connected to the Internet,

 

and thus did not require any specific cybersecurity mechanisms.

 

      The intended use of early SCADA systems were to run as isolated networks, as

 

cybercrimes multiply, Scientific Forensic technology became necessary tools to gather, identify,

 

research and provide scientific complex methods of attacks. These have prompted the use of

 

modern Forensic method to investigate the recent attacks against SCADA systems by powerful

 

malware such as Stuxnet (Naedele, M., 2012)The difference of forensic in SCADA system is

 

that it can be seen in different layers based on the connectivity of the various components with

 

each other as well as with other networks such as the interpretations of evidence to determine

 

such things as who was involved in a crime (Ahmed, I.,2012)

 

Today, the game has drastically changed to meet up with dynamic changes in

 

Cyber crimes and the Internet.  SCADA system must be continuously operational and cannot be

 

turned off, must be live to perform data acquisition and analysis on a production system (Golden,

 

R., (2012) While minimizing the overall risks to the systems services, it is still not clear on how

 

to acquire live data on a SCADA system.

 

 

       All the emerging technology that I have listed above are in one way or the other

 

incumbent to  the improvement of cyber security. Take for example, in today’s network

 

environment, the practice of cyber security is based on people, processes, and controls

 

technology, all working together protecting systems, networks, and programs from digital

 

attacks.  Implementing effective cybersecurity measures is particularly challenging today

 

because there are more devices and technology than people, and attackers are becoming more

 

innovative. Because eighty four percent of cyber security is based on people, users must

 

understand and comply with basic data security principles like choosing strong passwords, being

 

wary of attachments in email, and backing up data.

 

          Government must set standards and laws to protect users. A well-respected framework on

 

how to deal with both attempted and successful cyber attacks must be included in the security

 

policies and programs of every organization. This will help to standardize how you can identify

 

attacks, protect systems, detect and respond to cyber threats and recover from previous attacks.

 

Cyber security is based on well sound technology which is paramount to the success of

 

organizations and individual security programs. There are three main areas of to be protected

 

such as, endpoint devices like computers, smart devices, and routers; networks; and the cloud.

 

Perfect tools used to protect these units are next-generation firewalls, DNS filtering, malware

 

protection, anti-virus software and email security solutions. Any organization that tends to keep

 

data safe must apply multiple layers protection approach across the computers, networks,

 

programs and data.

 

       In today’s computer environment with increasing rapid technological advancement,

 

information security has become the necessary issues facing corporations and private and public

 

enterprises. Three examples on how these technologies affect cyber security are obvious in the

 

part they play in network security in a computer network. A computer network is a group of two

 

or more computer systems linked together while a software system is a type of computer

 

program that is designed to run a computer’s hardware and application programs. Computer

 

network system is a layered model, the software is the interface between the hardware and the

 

user application (Wigmore, I.,1999)

 

       Network security is obviously the beneficiary of emerging technology, especially if you

 

try to a network system. Defending a network system cannot be achieved without incorporating

 

software systems. For example, Intrusion Detection System can be configured in a computer

 

hardware device to defend a computer network and alert the administrator of any unusual traffic

 

trying to come through the network.  Also, software can be deployed to defend the network in

 

the form of IPS/IDS systems. What makes defending network and software complex is that cyber

 

threat is extremely dynamic as adversaries can continually change the Internet Protocol (IP)

 

addresses from which they conduct their operations (Doodley., K. 2016).

 

Because some of these malware change behavior over time and the web is always

 

evolving, and computing environments blur the lines between personal computers and

 

applications that reside on networks. So it is practically impossible to defend network system

 

without defending software systems. Once an internal machine is breached, the entire network is

 

at risk, because of the difficulty in preventing the spread of malware from within the

 

organization (Livemore, L., 2010)

 

        Emerging technology has shown a clear need to increase awareness

 

training for employees to be able to use their skills to incorporate emerging technology with the

 

technol;ogy they have before. This training is very important  because, phishing and social

 

engineering attack success is dependent on humans. As emerging trends continue to evolve,

 

security professionals will need to be able to protect against threats that might exploit

 

enterprises; however, people are not going away and so it is important to continue to develop

 

programs to help inspire a culture of security.

 

       Cyber security is very similar to traffic security where certain security culture is needed

 

in order to achieve the situation where most actors behave lawfully. Creating cyber security

 

culture can be accomplished only by raising awareness of all computer users. In this respect,

 

government should not be the one to play roles in supporting emerging technology. All

 

individuals have a great role to play in creating a more secure information society in the long run

 

(Klaar, T., (2011)

 

       In conclusion, the industry just needs to face the current day reality. They must realize

 

that the majority of the infrastructure is owned by the private sector and the majority of actors in

 

cyberspace are companies and individuals, governments need to create effective public-private

 

partnerships for securing cyberspace and responding the incidents as they occur.

 

When cyber incidents occur, the government and organizations should already have  a plan in

 

place for both types of attackers which will provide assistance to potentially impacted entities,

 

analyzes the potential impact across critical infrastructure, investigates those responsible in

 

conjunction with law enforcement partners, and coordinates the national response to significant

 

cyber incidents (DHS, 2017) The DHS is working very close in coordination with operators of

 

critical infrastructure, to ensure greater unity of effort and a whole-of-nation response to cyber

 

Nations or Organized Crime sponsored cyber attacks we use to think have different motives, just

 

like you mentioned, it is very hard to differentiate their individual or collective agendas.  All the

 

levels described above are vulnerable to cyber disruptions and attacks, which are easy to

 

organize, hard to attribute, and asymmetric (Klaar, T., (2011)

 

 

References:

 

Ahmed, I. (2012) SCADA Systems: Challenges for Forensic Investigations. Retrieved September 30, 2018 from https://scadahacker.com/library/Documents/White_Papers/IEEE%20-%20SCADA%20Challenges%20for%20Forensic%20Investigators.pdf

 

Casey, F, (2011) Digital Evidence and Computer Crime Retrieved September 26, 2018 from  https://www.elsevier.com/books/digital-evidence-and-computer-crime/casey/978-010-08-092148-8

 

http://www.fiercehealthcare.com/mobile/ipad-allows-docs-to-remotely-manage-pacemakers

 

Doodley, K., (2016) Defending Network Infrastructure Against Attack – Part. Retrieved September 21, 2018 from https://www.auvik.com/media/blog/network-infrastructure-security/

 

Dolan, B.; “Medtronic Launches First App for Implantable Devices,” Mobihealthnews.com, Retrieved September 28, 2018 from

http://mobihealthnews.com/11508/medtronic-launches-first-app-for-implantable-devices

 

DHS (2012) Privacy Impact Assessment for the Gaming System Monitoring and Analysis Effort

Retrieved September 25, 2018 from https://www.dhs.gov/sites/default/files/publications/privacy/PIAs/privacy_pia_sandt_gaming_oct2012.pdf

 

DHS, (2017) DHS Role in Cyber Incident Response. Retrieved September 19, 2018 from https://www.dhs.gov/cyber-incident-response


 

 

Please reload

Featured Posts

According to Cisco, Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed...

The Practice of Cyber Security is based on People, Processes, and Controls Technology.

May 10, 2018

1/3
Please reload

Recent Posts
Please reload

Archive
Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square