Industrial control systems (ICS) are just as critical to daily life yet cyber protections aren’t always built in, particularly when it comes to decades-old legacy systems. As a result, the need to maintain these older systems is critical. They also don’t have unique identification numbers to help manufacturers alert industrial organizations of new vulnerabilities or recommended upgrades. Without the ICS, operations in utilities and oil and gas would come to a halt, yet new research from RSA revealed energy organizations, alongside government, ranked lowest in cyber maturity, with only 18 percent of respondents classifying as developed or advantaged. Further, incident response (IR) capabilities were reported to be either “ad hoc” or “nonexistent.”.

Source: 3 Steps Towards Building Cyber Resilience Into Critical Infrastructure | Dark Reading

We are reaching a new critical shortage in the workforce. In addition to the health care sector’s impending lack of qualified nurses (and enough teachers to educate new ones) industry experts are sounding a similar alarm for cybersecurity experts.

Since the massive breach at Target in 2013, many other organizations have fallen prey to cybercriminals. The next year saw hacks into UPS, Goodwill, JP Morgan Chase, Sony, and others. Forrester Research predicted that 60% of brands would experience a breach of sensitive data in 2015. That estimate may have been conservative considering that last year, those organizations successfully targeted by cyberhackers included the FBI, Trump’s hotel chain, Experian, and Scottrade, among others.

Source: The Most Critical Skills Gap: Cybersecurity | Fast Company | Business + Innovation

Intel is trying to position itself as a major provider of microchips for various IoT devices. BI Intelligence projects that the global installed base of IoT devices will grow from 4.2 billion in 2015 to 24 billion in 2020. IoT devices have different requirements from traditional PC microchips, and Intel has been placing a greater emphasis on providing low-power chips at a low cost in the IoT space.

At the same time, changing demands are altering seemingly fundamental laws of chip development. The Semiconductor Industry Association (SIA) projects that transistor sizes will stop shrinking after 2021. With the shift to mobile, remote, and battery-operated devices, including those that are central to the IoT, low power consumption has become one of the main requirements for microchips.

This goal is in conflict with the traditional aim of scaling down the size of the chips to increase transistor density. The increase in IoT devices will raise the demand for greater power efficiency in chips, causing a major shift in microchip design for Intel and its competitors.

Source: Intel transition to Internet of Things | Business Insider

It’s not just internet-connected voting systems that will be targeted by foreign powers, warns Schneier

Source: Get ready for an Internet of Things disaster, warns security guru Bruce Schneier | Computing

“The Internet of what? The internet of things is a term you may have heard a lot recently. It features heavily in discussions about our future – and, increasingly, our present. But what is it?

This is a simple guide to the term, the impact it’s set to have, and how it might change your life.”

Source: The Internet of Things: explained | World Economic Forum

Will Whenever the Internet of Things (IoT) is the subject, the discussion tends to veer off into topics of security and safety. When it’s the industrial IoT being talked about, the question of how to keep the company running enters the conversation, too. It all boils down to quality, and how it’s defined for software.

Source: InformationWeek Why Software Quality Standards Matter For Industrial IoT – InformationWeek

British parents haven’t learnt their lesson from the discovery two years ago of a Russian website that offered links to unsecured baby monitors, according to the UK’s privacy watchdog.

This has prompted the Information Commissioner’s Office (ICO) to reissue its wake-up callfrom 2014 to parents over the security of baby monitors. Two years on from the discovery of the Russian site, the ICO says parents still haven’t changed their behaviour, and it’s calling on them to take responsibility for the security of their devices.

Source: Internet of Things security is dreadful: Here’s what to do to protect yourself | ZDNet

The tech firms have concluded that any IoT system can be compromised unless a system-level root of trust is established through a combination of code signing, encryption and authentication.

The resulting Open Trust Protocol (OTrP) combines a secure architecture with trusted code management, using technologies proven in large-scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.

The protocol set out standard practices for installing, updating and deleting applications, and to manage security configuration in a trusted execution environment (TEE).

Source: Computer Weekly Tech firms tackle IoT security with management protocol

Campbell Murray, technical director of Blackberry-owned Encription, led the demo, his British accent confirming why a tea-making device had become the centre of attention.

Murray showed that common security flaws in the WiFi network, including the use of ‘0000’ as a password, enabled him and his colleague Fraser Winterborn, head of R&D at Encription, to compromise the kettle and capture insecure communications including the user’s location.

The entire hack took just 14 minutes, and Murray pointed out that the key takeaway is that no evidence was left behind, and that “the only way to solve these issues is to prevent them”, which businesses fail to do.

Source: BlackBerry hacks a kettle to demonstrate IoT security strain | TheINQUIRER

“The [malware] sample appears to be targeting facilities that not only have software security in place, but physical security as well. ZKTeco is a global manufacturer of access control systems, including facial recognition, fingerprint scanners and RFID. If the sample is run on a workstation with ZKTeco’s ZKAccess software installed, the process will prematurely terminate.

“These systems would be heavily scrutinised by their administrators, and an infection on one of these machines would likely not go unnoticed,” suggest the researchers, Joseph Landry and Udi Shamir of security software and services company SentinelOne, who uncovered the malware.

“It exhibits traits seen in previous nation-state Rootkits, and appears to have been designed by multiple developers with high-level skills and access to considerable resources.”

Source: New malware targeting energy grid actively evades security measures | Computing