It’s now been 5 years since the first release of the NIST Cybersecurity Framework. Originally aimed at operators of critical infrastructure, the framework has been updated to also support the needs of private sector organizations in the U.S., primarily to help them assess and improve their ability to prevent, detect and respond to cyber attacks.
Historically, healthcare has been slow to implement disruptive technology tools that have transformed other areas of commerce and daily life. One factor that’s been cited for this lag is the regulation that accompanies medical products. Until recently, the US Food and Drug Administration (FDA) has required strong oversight of even small software updates proposed for medical devices.
The VPNFilter attack is actually quite sophisticated. The hackers might utilize a domain name generation algorithm (DGA) for the first phase in the attack. When DGA is combined with persistency on the routers and other devices, it appears that rebooting them doesn’t help mitigate communication with the C&C server. Even if the FBI successfully took down the original C&C server responsible for distributing the plug-ins and communicating with the infected devices, the devices can still use DGA to randomly generate a new host that can assert botnet control. This is the first botnet that we can say achieves persistency and is resilient to C&C server loss.
The global community of IoT manufacturers and commercial customers has had several serious wake-up calls pertaining to system security and cyberattacks. The first significant IoT cyberattack was against a Iranian nuclear facility in which malware was used to disrupt and impair the centrifuges in the plant, causing physical damage that shut the plant down.
The Internet of Things is at the core of every enterprise in the digital disruption taking place in industry today. This is clearly shown in Industry 4.0 where IoT plays a crucial role in orchestrating the coordination efforts among people, devices, machines, systems, and entire production lines. From manufacturing and utilities to critical infrastructure and healthcare, IoT plays a critical role in predictive maintenance, resource monitoring and procurement, and operational improvements.