In correlation between decreasing software quality standards and increased demand for convenience, resulting in ever increasing deployment of network connected infrastructure, the risk of exploitation increases exponentially.
This paper outlines the coherent intertwinement between aforementioned factors and factors like cybercrime, and cyber terrorism become a much neglected problem.
Cyber security must become an essential part of such things as the upcoming smart grid.
Information Security – Review Of 2008 And 2009 97 2003Graeme Payne
A presentation to Technology Association of Georgia Security Group on January 29, 2009. The presentation covered a review of 2008 and a look forward to 2009
----
ATTENTION: Please download for high-res-version
---- Digital Strategy is playing an ever greater role in Business. E-Business is a part of Digital Strategy and this brochure describes Lars Hilse's one of a kind E-Business Sales Funnel Theory.
The deep web allows anonymous communication. Bitcoin makes it possible to transfer assets around the globe in seconds, also in absolute anonymity. ISIS has a war chest of over USD $2 billion, seeks to attack the west and is attributed the ability to operate very strategically. Jihadists
have been known to embrace technology. Gaping vulnerabilities in the technology-reliant western
infrastructure make easy targets.
Reference Article1st published in May 2015doi 10.1049etr.docxlorent8
Reference Article
1st published in May 2015
doi: 10.1049/etr.2014.0035
ISSN 2056-4007
www.ietdl.org
Operating System Security
Paul Hopkins Cyber Security Practice, CGI, UK
Abstract
This article focuses on the security of the operating system, a fundamental component of ICT that enables many
different applications to be used in a variety of computing hardware. While, the original operating systems for
large centralised computing focused their security efforts primarily on separating users, operating systems secur-
ity has had to adapt to cater for a wider range of technology, such as desktop computers, smartphones and
cloud platforms, and the different threats that have evolved as a consequence. This article examines some of
the core security mechanisms that every operating system needs and the gradual evolution towards offering
a more secure platform.
Introduction: What is the Operating
System?
All too frequently the words operating system conjure
up thoughts of Microsoft Windows made popular as
an operating system that enabled desktop computing.
However, there have been, and still continue to be a
large number of operating system types and versions
in operation [1] for all sorts of devices. These devices
range from those designed to work with mobile
phones, tablets and games consoles of the consumer
world, through to the servers/laptops, network
routers and switches of the IT industry, as well as em-
bedded devices and industrial controllers from indus-
trial engineering. [Dependent upon the hardware
architecture, the operating systems can be significantly
different to the fuller versions that this paper uses to
illustrate the key security mechanisms.]
In essence, the purpose of the operating system is to
provide a layer above the hardware execution environ-
ment, abstracting away low level details, such that it
appropriately shares and enables access to the mul-
tiple hardware components, such as processors,
memory, USB devices, network cards, monitors and
keyboards. It thus provides an environment in which
multiple applications (ranging from advanced
weather forecasting through to word processors,
games and industrial control processes) can all be po-
tentially executed and accessed by multiple users.
Operating systems have a history and timeline dating
back to the development of the first computers in
the early 50s, given that the users, then also needed
a way to execute their applications or programs.
Since that time operating systems have adapted to
Eng. Technol. Ref., pp. 1–8
doi: 10.1049/etr.2014.0035
take advantage of increases in speed and performance
of hardware and communications. The changes either
enable new functionality and applications or adapt to
optimise the performance of certain hardware, such as
in the case of telecommunications routers and
switches that can have additional networking func-
tions integrated into their operating system. So while
the UNIX and Microsoft Windows family of operating
systems have dominated .
Information Security – Review Of 2008 And 2009 97 2003Graeme Payne
A presentation to Technology Association of Georgia Security Group on January 29, 2009. The presentation covered a review of 2008 and a look forward to 2009
----
ATTENTION: Please download for high-res-version
---- Digital Strategy is playing an ever greater role in Business. E-Business is a part of Digital Strategy and this brochure describes Lars Hilse's one of a kind E-Business Sales Funnel Theory.
The deep web allows anonymous communication. Bitcoin makes it possible to transfer assets around the globe in seconds, also in absolute anonymity. ISIS has a war chest of over USD $2 billion, seeks to attack the west and is attributed the ability to operate very strategically. Jihadists
have been known to embrace technology. Gaping vulnerabilities in the technology-reliant western
infrastructure make easy targets.
Reference Article1st published in May 2015doi 10.1049etr.docxlorent8
Reference Article
1st published in May 2015
doi: 10.1049/etr.2014.0035
ISSN 2056-4007
www.ietdl.org
Operating System Security
Paul Hopkins Cyber Security Practice, CGI, UK
Abstract
This article focuses on the security of the operating system, a fundamental component of ICT that enables many
different applications to be used in a variety of computing hardware. While, the original operating systems for
large centralised computing focused their security efforts primarily on separating users, operating systems secur-
ity has had to adapt to cater for a wider range of technology, such as desktop computers, smartphones and
cloud platforms, and the different threats that have evolved as a consequence. This article examines some of
the core security mechanisms that every operating system needs and the gradual evolution towards offering
a more secure platform.
Introduction: What is the Operating
System?
All too frequently the words operating system conjure
up thoughts of Microsoft Windows made popular as
an operating system that enabled desktop computing.
However, there have been, and still continue to be a
large number of operating system types and versions
in operation [1] for all sorts of devices. These devices
range from those designed to work with mobile
phones, tablets and games consoles of the consumer
world, through to the servers/laptops, network
routers and switches of the IT industry, as well as em-
bedded devices and industrial controllers from indus-
trial engineering. [Dependent upon the hardware
architecture, the operating systems can be significantly
different to the fuller versions that this paper uses to
illustrate the key security mechanisms.]
In essence, the purpose of the operating system is to
provide a layer above the hardware execution environ-
ment, abstracting away low level details, such that it
appropriately shares and enables access to the mul-
tiple hardware components, such as processors,
memory, USB devices, network cards, monitors and
keyboards. It thus provides an environment in which
multiple applications (ranging from advanced
weather forecasting through to word processors,
games and industrial control processes) can all be po-
tentially executed and accessed by multiple users.
Operating systems have a history and timeline dating
back to the development of the first computers in
the early 50s, given that the users, then also needed
a way to execute their applications or programs.
Since that time operating systems have adapted to
Eng. Technol. Ref., pp. 1–8
doi: 10.1049/etr.2014.0035
take advantage of increases in speed and performance
of hardware and communications. The changes either
enable new functionality and applications or adapt to
optimise the performance of certain hardware, such as
in the case of telecommunications routers and
switches that can have additional networking func-
tions integrated into their operating system. So while
the UNIX and Microsoft Windows family of operating
systems have dominated .
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeFrancesco Faenzi
The proliferation of remote accessible applications and always connected systems, including Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) networks, real-time remote control systems, IoT devices and all the distributed management technologies, means that the risk of cyber attacks and potentially dangerous threats are increasing and it can only increase in the next years.
In this report will be analyzed the distribution and the exposition of these systems, found alive inside the european cyber perimeter, and their services along with a deep analysis of evident bad configurations, easy exploitable vulnerabilities, public and private indicators of compromise and even real and known compromissions already happened.
The “Lutech Operational Intelligence - Analysis of exposed ICS, SCADA, IoT and embedded systems in Europe” report hereby presented is based on information provided by Lutech Threat Management Service for Cyber Threat Intelligence (L-TMS/CTI).
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
Cloud Computing is a heavily evolving domain in technology. Many public and private entities are shifting their workstations on the cloud due to its robust, remote, virtual environment. Due to the enormity of this domain, it has become increasingly easier to carry out any sort of malicious attacks on such cloud platforms. There is a very low research done to develop the theory and practice of cloud forensics. One of the main challenges includes the inability to collect enough evidence from each and every subscriber of a Cloud Service Provider(CSP) and thus not being able to trace out the roots of the malicious activity committed. In this paper we compare past research done in this field and address the gaps and loopholes in the frameworks previously suggested. Overcoming these, our system/framework facilitates the collection, organization, and thereby the analysis of the evidence sought, hence preserving the essential integrity of the sensitive and volatile data.
Public services such as electricity, water, hospital management and transport are important for the smooth functioning of our daily lives. The critical nature of these services make these systems a key target for cyber threats. This is why the public sector experiences more incidents than any other industry.
Hence why the public sector needs to focus more on strengthening their cybersecurity strategies to address critical gaps – especially the devices used and policies governing their use.
In this session, Asela addressed some of our critical services and how the lack of security focus has affected their use.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Analysis of exposed ICS//SCADA/IoT systems in EuropeFrancesco Faenzi
The proliferation remote accessible applications and always connected systems, including Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) networks, real-time remote control systems, IoT devices and all the distributed management technologies, means that the risk of cyber attacks and potentially dangerous threats are increasing and it can only increase in the next years.
In this report will be analyzed the distribution and the exposition of these systems, found alive inside the european cyber perimeter, and their services along with a deep analysis of evident bad configurations, easy exploitable vulnerabilities, public and private indicators of compromise and even real and known compromissions already happened.
The “Lutech Operational Intelligence - Analysis of exposed ICS, SCADA and IoT systems in Europe” report hereby presented is based on information provided by Lutech Threat Management Service for Cyber Threat Intelligence (L-TMS/CTI).
Inria - Cybersecurity: current challenges and Inria’s research directionsInria
Inria white books look at major current challenges in informatics and mathematics and show actions conducted by our project-teams to these challenges. Their goal is to describe the state-of-the-art of a given topic, showing its complexity, and to present existing, as well as emerging, research directions and their expected societal impact. This white book has been edited by Steve Kremer, Ludovic Mé, Didier Rémy and Vincent Roca. They coordinated the contributions from researchers of Inria teams (the complete list of contributors is given at the end of the book). Many thanks to Janet Bertot for proof-reading this document, as well as to François Pottier, Gabriel Scherrer, and Benjamin Smith who read parts of it.
Publication date: January 2019
DRIVE | high tech industry? think again! (part 2)CLICKNL
Technological developments move forward extremely rapidly. The connectivity and use of technology continues to grow exponentially, however complex new technology is poorly-understood and little used by many people.
Smart Industry: design to understand & use
The creative industry is able to translate technology into validated, accepted products and services and will make a difference in improving, rethinking and renewing technology-driven products and services that can be used by more people to improve their quality of life.
A broad variety of opportunities at the horizon. Let’s start with a basic in life, we have to eat three times a day. So let us focus on the way we produce and consume food.
Our motto: AgriFood meets High Tech meets Creative Industry
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
In the last years, many public and private organizations have been target of Advanced Persistent Threats (APTs), sophisticated, targeted and persistent threats aimed to steal information like intellectual property, organization or state secrets for economic, technical political, or military reasons. In the future, APTs will probably continue to increase and change their attack patterns.
APTs are very difficult to detect and remove. They can act undetected on network for long time, control the target waiting for the opportunity to leaking out your information. In many cases, skilled and motivated attackers use advanced-intelligence techniques and are able to erase its presence.
Only an early detection and a strong response capability can help organization to face APTs attack. Identification of Threat Indicators and Techniques, Tactics and Procedures (TTP) of attacks as well as information sharing and collaboration can enhance prevention and detection capabilities of organization. In the same time, an effective operative collaboration requires adoption of common methodologies and standards.
The aims of this study are:
• to provide an overview of APTs attack patterns, threat indicators and possible recommendations
• to provide a classification model to facilitate information sharing and enhance defence capabilities
The target group of the publication are the decision makers and security managers of Critical Infrastructure and Institutions The work is intended to share experts’ recommendations in order to correctly prevent, detect and respond to APT attacks.
In order to classify the information gathered in this study and to compare it between the several case studies presented, the publication will use the “Cyber Kill Chain” method.
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...Black Duck by Synopsys
This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats?
Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?
All this and more open source security and cybersecurity news…
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeFrancesco Faenzi
The proliferation of remote accessible applications and always connected systems, including Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) networks, real-time remote control systems, IoT devices and all the distributed management technologies, means that the risk of cyber attacks and potentially dangerous threats are increasing and it can only increase in the next years.
In this report will be analyzed the distribution and the exposition of these systems, found alive inside the european cyber perimeter, and their services along with a deep analysis of evident bad configurations, easy exploitable vulnerabilities, public and private indicators of compromise and even real and known compromissions already happened.
The “Lutech Operational Intelligence - Analysis of exposed ICS, SCADA, IoT and embedded systems in Europe” report hereby presented is based on information provided by Lutech Threat Management Service for Cyber Threat Intelligence (L-TMS/CTI).
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
Cloud Computing is a heavily evolving domain in technology. Many public and private entities are shifting their workstations on the cloud due to its robust, remote, virtual environment. Due to the enormity of this domain, it has become increasingly easier to carry out any sort of malicious attacks on such cloud platforms. There is a very low research done to develop the theory and practice of cloud forensics. One of the main challenges includes the inability to collect enough evidence from each and every subscriber of a Cloud Service Provider(CSP) and thus not being able to trace out the roots of the malicious activity committed. In this paper we compare past research done in this field and address the gaps and loopholes in the frameworks previously suggested. Overcoming these, our system/framework facilitates the collection, organization, and thereby the analysis of the evidence sought, hence preserving the essential integrity of the sensitive and volatile data.
Public services such as electricity, water, hospital management and transport are important for the smooth functioning of our daily lives. The critical nature of these services make these systems a key target for cyber threats. This is why the public sector experiences more incidents than any other industry.
Hence why the public sector needs to focus more on strengthening their cybersecurity strategies to address critical gaps – especially the devices used and policies governing their use.
In this session, Asela addressed some of our critical services and how the lack of security focus has affected their use.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Analysis of exposed ICS//SCADA/IoT systems in EuropeFrancesco Faenzi
The proliferation remote accessible applications and always connected systems, including Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) networks, real-time remote control systems, IoT devices and all the distributed management technologies, means that the risk of cyber attacks and potentially dangerous threats are increasing and it can only increase in the next years.
In this report will be analyzed the distribution and the exposition of these systems, found alive inside the european cyber perimeter, and their services along with a deep analysis of evident bad configurations, easy exploitable vulnerabilities, public and private indicators of compromise and even real and known compromissions already happened.
The “Lutech Operational Intelligence - Analysis of exposed ICS, SCADA and IoT systems in Europe” report hereby presented is based on information provided by Lutech Threat Management Service for Cyber Threat Intelligence (L-TMS/CTI).
Inria - Cybersecurity: current challenges and Inria’s research directionsInria
Inria white books look at major current challenges in informatics and mathematics and show actions conducted by our project-teams to these challenges. Their goal is to describe the state-of-the-art of a given topic, showing its complexity, and to present existing, as well as emerging, research directions and their expected societal impact. This white book has been edited by Steve Kremer, Ludovic Mé, Didier Rémy and Vincent Roca. They coordinated the contributions from researchers of Inria teams (the complete list of contributors is given at the end of the book). Many thanks to Janet Bertot for proof-reading this document, as well as to François Pottier, Gabriel Scherrer, and Benjamin Smith who read parts of it.
Publication date: January 2019
DRIVE | high tech industry? think again! (part 2)CLICKNL
Technological developments move forward extremely rapidly. The connectivity and use of technology continues to grow exponentially, however complex new technology is poorly-understood and little used by many people.
Smart Industry: design to understand & use
The creative industry is able to translate technology into validated, accepted products and services and will make a difference in improving, rethinking and renewing technology-driven products and services that can be used by more people to improve their quality of life.
A broad variety of opportunities at the horizon. Let’s start with a basic in life, we have to eat three times a day. So let us focus on the way we produce and consume food.
Our motto: AgriFood meets High Tech meets Creative Industry
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
In the last years, many public and private organizations have been target of Advanced Persistent Threats (APTs), sophisticated, targeted and persistent threats aimed to steal information like intellectual property, organization or state secrets for economic, technical political, or military reasons. In the future, APTs will probably continue to increase and change their attack patterns.
APTs are very difficult to detect and remove. They can act undetected on network for long time, control the target waiting for the opportunity to leaking out your information. In many cases, skilled and motivated attackers use advanced-intelligence techniques and are able to erase its presence.
Only an early detection and a strong response capability can help organization to face APTs attack. Identification of Threat Indicators and Techniques, Tactics and Procedures (TTP) of attacks as well as information sharing and collaboration can enhance prevention and detection capabilities of organization. In the same time, an effective operative collaboration requires adoption of common methodologies and standards.
The aims of this study are:
• to provide an overview of APTs attack patterns, threat indicators and possible recommendations
• to provide a classification model to facilitate information sharing and enhance defence capabilities
The target group of the publication are the decision makers and security managers of Critical Infrastructure and Institutions The work is intended to share experts’ recommendations in order to correctly prevent, detect and respond to APT attacks.
In order to classify the information gathered in this study and to compare it between the several case studies presented, the publication will use the “Cyber Kill Chain” method.
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...Black Duck by Synopsys
This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats?
Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?
All this and more open source security and cybersecurity news…
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Understanding the Challenges of Street ChildrenSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
Monitoring Health for the SDGs - Global Health Statistics 2024 - WHOChristina Parmionova
The 2024 World Health Statistics edition reviews more than 50 health-related indicators from the Sustainable Development Goals and WHO’s Thirteenth General Programme of Work. It also highlights the findings from the Global health estimates 2021, notably the impact of the COVID-19 pandemic on life expectancy and healthy life expectancy.
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Donate to charity during this holiday seasonSERUDS INDIA
For people who have money and are philanthropic, there are infinite opportunities to gift a needy person or child a Merry Christmas. Even if you are living on a shoestring budget, you will be surprised at how much you can do.
Donate Us
https://serudsindia.org/how-to-donate-to-charity-during-this-holiday-season/
#charityforchildren, #donateforchildren, #donateclothesforchildren, #donatebooksforchildren, #donatetoysforchildren, #sponsorforchildren, #sponsorclothesforchildren, #sponsorbooksforchildren, #sponsortoysforchildren, #seruds, #kurnool
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
Why there will be a Cyber-9/11. Soon (Cyber security, cybercrime, terrorism)
1. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
//WHY THERE WILL BE A CYBER-9/11. SOON
Published on July 29
th
, 2014 //
1//EXECUTIVE SUMMARY
To orchestrate and execute a major cyber terrorism attack, you need to circumvent four major
obstacles:
• Anonymous communication, so that you cannot be interrupted during the planning
• Finding the right specialists with a low ethical standard (or short on cash)
• Transferring assets to pay these specialists untraceably across borders
• Vulnerable infrastructure you can exploit for such attacks.
I have privately funded over two years of research worth over USD $125.000, revealing not
only financial crimes with damages in excess of USD $2+ trillion p. a.
During the research I have come to the conclusion that the aforementioned obstacles can all be
circumvented today, and that vulnerabilities in both in civilian and military infrastructure can
be exploited.
While terrorists of the past had to sacrifice their lives or liberty to create major incidents,
today they don’t even have to leave the comfort or their own home.
Furthermore, these vulnerabilities don’t have to be exploited for classic, terrorist motives.
They can also be used for anonymous extortion of corporations/governments, because attacks
can be targeted in an exceptional fashion.
2//WHY A CYBER 9/11 IS IMMINENT
On July 29th, 2014 Israel became victim to a cyber attack, in which Chinese hackers exploited
their “Iron Dome” missile system, which protects the State of Israel from the rocket attacks
originating from territories of their surrounding adversaries.
This was the most recent example of exploits in network-connected infrastructure, outlining
the massive vulnerabilities even in newer systems being deployed, preceded by the “Stuxnet”
virus, which was probably the first publicly known incident in which a piece of software was
2. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
used to destroy/alter a piece of network-connected infrastructure.
Two main factors, which create a majority of the aforementioned vulnerabilities, are
• The ever increasing demand for network connected infrastructure, and
• The decreasing quality in software, or it’s so called End-of-Life
When combined with the negligence towards technological advancement of governments
attempting to create policy to reduce such risks, the potential devastation becomes
incomprehensible.
3//INCREASING USAGE OF NETWORK CONNECTED
INFRASTRUCTURE
The exponential increase in network-connected infrastructure is due to two main factors:
• Convenience and cost reduction in operational systems
• Monitoring the operation decentralized/without human assets being on location
This exponential increase, while bringing economic benefits along with them, create gaping
holes in any organization’s infrastructure because their deployment is - more often than not -
run on a tight budget, and/or are not sufficiently supervised during installation.
Furthermore, a lot of the operators of such systems are insufficiently trained to understand the
background of the system they are handling.
This leads to a combination of critical factors, making anything from a traffic light to a power
plant very vulnerable.
3. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
4//DECREASING SOFTWARE-QUALITY & END-OF-LIFE
After Microsoft released Windows XP, it became clear that a majority of the focus on security
had been sacrificed for the benefit of such things as “Windows XP Media Center Edition” and
other gadgets built into operating systems.
This diversion was the start to the creation of more consumer-focused operating systems with
gaping security vulnerabilities, which can be exploited in any number of ways.
Further, Windows XP was the last operating system capable of running a majority of the
software, which in turn controlled the connected SCADAs, PLCs, and other network connected
infrastructure interfaces of the world.
XP’s end-of-life/end-of-support in early 2014 has increased the threat of exploitation of such
systems significantly, as a majority of companies operating XP cannot/will not afford the
continued maintenance offered through Microsoft at additional costs.
The end-of-life-problem also applies for software written to control the interfaces between the
operating system and the controller.
The controllers are a difficulty by themselves because their average lifespan significantly
exceeds that of the software running it, or the operating systems, which support them.
In addition to this, the lifecycles of the operating systems have also shortened.
Besides many other factors, it’s the lack of imagination and negligence towards such threats
that elevates them significantly.
5//VULNERABILITIY PROLIFERATION OF NETWORK CONNECTED
INFRASTRUCTURE
For over 2 years I have been investigating the “Deep Web” and Bitcoin, exploiting terrorists
using these channels to communicate and transfer funds anonymously.
While the extent of these communications isn’t that far spread (yet), I recently discovered the
standard passwords and other vulnerabilities of SCADAs and other systems controlling
network-connected infrastructure.
4. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
Exploiting these vulnerabilities can have significant consequences, because an ever-increasing
amount of everyday infrastructure is controlled remotely through the Internet.
Most of these systems are protected more of less sufficiently from the “outside world”, but
once these protection methods have been circumvented, the systems controlling anything
from a traffic light to a power plant, are freely accessible.
6//CONCLUSION
For over two years I have been researching the “Deep Web” and Bitcoin, revealing a lot of
startling crimes being committed therein and financed through Bitcoin.
What makes these two elements of the Internet so attractive to criminals and terrorists is the
fact that it provides
• Almost absolute anonymity in communication through Email and other services
• Untraceable money transfer across borders, even in large sums, with ways to obscure
transactions
Russia recently put out over USD $110.000 for anyone that can make usage of the Deep Web
through TOR traceable.
Looking at the criminal complaint filed against Ross Ulbricht makes it evident, that his
apprehension in context to allegedly running Silk Road, the Deep Web’s number one site for
drug trade (USD $1.2B transactions within 2 years), was only possible because he made
mistakes in the founding stages of his endeavor.
Resulting thereof, it is safe to assume that had these mistakes been avoided, the Silk Road
would still be in operation.
When these to major elements are combined with the fact that the world has tens of thousands
vulnerabilities for criminal elements to exploit, the next step of assembling a team of
specialists is just a matter time.