It’s
a scenario that many people would prefer not to imagine: you’re
speeding down the highway at 70 mph, and an unknown adversary takes
control of your car, disconnecting your brakes and eventually crashing
you into a ditch.
That’s exactly what happened to Andy Greenberg, a writer for Wired magazine, in 2015. True, the incident did not exactly catch him by surprise: he had volunteered to be a “digital crash test dummy” in an experiment staged by two cybersecurity advocates, Charlie Miller and Chris Valasek. Together, they were out to demonstrate the serious security vulnerabilities associated with internet-enabled entertainment systems, a feature of many vehicles now coming off the assembly line.
With Greenberg behind the wheel of a Jeep Cherokee, the two hackers began to wreak havoc: blasting the interior with frigid air, blurring the windshield with wiper fluid, then disconnecting the transmission and, eventually, the brakes. Even though he was in on the stunt, the writer found it increasingly difficult not to panic – especially as an 18-wheeler bore down on his crippled vehicle.
Greenberg survived to tell the tale, warning that the rush to add internet-enabled features and services is outpacing our ability to secure them from intruders. “Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone,” he wrote for Wired.
Hackable cars are only one of the emerging security nightmares arising from the proliferation of internet-enabled devices, or the Internet of Things (IoT), as the phenomenon is commonly dubbed. Across a wide spectrum of industries, companies are eager to harness the capabilities – and, in many cases, the potential cost savings – that come with an IP address.
The result, too often, is a wide-open back door for cyber criminals and a raft of unsuspected consequences for businesses and consumers.
An
internet-enabled HVAC system, for example, was the initial point of
entry when hackers compromised the Target Corporation’s internal network
in December 2013, staging one of the most infamous data breaches to
date. The thieves appropriated domain access privileges and disguised
themselves as admins, then tunneled their way into database servers,
gaining access to the Personally Identifiable Information (PII) of 70
million customers and stealing 40 million debit and credit card
credentials – which they then sold on the black market.
And it all started because of a convenient, cost-saving new feature added to many HVAC systems: network access. Such access enabled the vendor in charge of heating and air conditioning services to remotely monitor energy consumption and temperatures at individual stores.
An expanding attack surface
Staying ahead of the security problems posed by the dizzying array of networked devices is a key priority at Capitol Technology University, long known for its cutting-edge undergraduate, graduate and certificate programs in cybersecurity. The university was among the first to offer a doctorate in the field, starting in 2010.
Today, Capitol continues to upgrade its curriculum and provide new resources in response to quickly evolving trends. The pool of students seeking cybersecurity expertise is changing as well. No longer merely a concern for specialists, cybersecurity is becoming everyone’s business.
William Maconachy, vice president of research at Capitol Technology University and a revered pioneer in the field, believes the general public can no longer afford to remain blissfully ignorant.
“Tremendous vulnerabilities are there as a result of our becoming so web-reliant. Web reliant equals web vulnerable,” he said.
While the potential to wreak financial havoc is serious, Maconachy says it’s the implications for personal privacy that keep him up at night.
He cites, as an example, the experience of a friend who installed a home security video system, only to discover that it was being hacked. Instead of providing security to him and his family, the cameras were being used by an outsider to spy on their activities.
“The invasion of privacy is becoming a big thing,” Maconachy says. “It’s not just about thieves stealing money off of your credit card, bad as that is. We’re talking about serious intrusions into a person’s life space.”
Dr. Jason M. Pittman, a professor of cybersecurity at Capitol, sees a cybersecurity arena that is becoming increasingly complex and decentralized.
“The single most pressing area over the next five years will be low-power, embedded devices. These devices will accelerate in their penetration into daily life because of the huge benefit to society,” he said.
Pittman and his colleagues are working to bring about a fundamental change in attitude among stakeholders in cybersecurity technology, including application developers, businesses that offer services, and the consumers that use them.
“We need to massively rethink our approach to developing technology. Improving quality of life and reducing inane burden is the purpose of technology. But we need to begin producing technology that innately includes cybersecurity features,” Pittman said.
“Secondly, we need to develop a collective ability to move faster when vulnerabilities are announced. Adversaries will always have n+1 steps while we only have n steps. We need to leverage that,” he said.
“We need to evolve a view in which cybersecurity is a baseline attribute.”
Capitol offers cybersecurity degrees at the undergraduate, master's, and doctoral levels. Click here to request information about graduate level programs. For our undergraduate programs, click here.
That’s exactly what happened to Andy Greenberg, a writer for Wired magazine, in 2015. True, the incident did not exactly catch him by surprise: he had volunteered to be a “digital crash test dummy” in an experiment staged by two cybersecurity advocates, Charlie Miller and Chris Valasek. Together, they were out to demonstrate the serious security vulnerabilities associated with internet-enabled entertainment systems, a feature of many vehicles now coming off the assembly line.
With Greenberg behind the wheel of a Jeep Cherokee, the two hackers began to wreak havoc: blasting the interior with frigid air, blurring the windshield with wiper fluid, then disconnecting the transmission and, eventually, the brakes. Even though he was in on the stunt, the writer found it increasingly difficult not to panic – especially as an 18-wheeler bore down on his crippled vehicle.
Greenberg survived to tell the tale, warning that the rush to add internet-enabled features and services is outpacing our ability to secure them from intruders. “Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone,” he wrote for Wired.
Hackable cars are only one of the emerging security nightmares arising from the proliferation of internet-enabled devices, or the Internet of Things (IoT), as the phenomenon is commonly dubbed. Across a wide spectrum of industries, companies are eager to harness the capabilities – and, in many cases, the potential cost savings – that come with an IP address.
The result, too often, is a wide-open back door for cyber criminals and a raft of unsuspected consequences for businesses and consumers.
An
internet-enabled HVAC system, for example, was the initial point of
entry when hackers compromised the Target Corporation’s internal network
in December 2013, staging one of the most infamous data breaches to
date. The thieves appropriated domain access privileges and disguised
themselves as admins, then tunneled their way into database servers,
gaining access to the Personally Identifiable Information (PII) of 70
million customers and stealing 40 million debit and credit card
credentials – which they then sold on the black market.And it all started because of a convenient, cost-saving new feature added to many HVAC systems: network access. Such access enabled the vendor in charge of heating and air conditioning services to remotely monitor energy consumption and temperatures at individual stores.
An expanding attack surface
Staying ahead of the security problems posed by the dizzying array of networked devices is a key priority at Capitol Technology University, long known for its cutting-edge undergraduate, graduate and certificate programs in cybersecurity. The university was among the first to offer a doctorate in the field, starting in 2010.
Today, Capitol continues to upgrade its curriculum and provide new resources in response to quickly evolving trends. The pool of students seeking cybersecurity expertise is changing as well. No longer merely a concern for specialists, cybersecurity is becoming everyone’s business.
William Maconachy, vice president of research at Capitol Technology University and a revered pioneer in the field, believes the general public can no longer afford to remain blissfully ignorant.
“Tremendous vulnerabilities are there as a result of our becoming so web-reliant. Web reliant equals web vulnerable,” he said.
While the potential to wreak financial havoc is serious, Maconachy says it’s the implications for personal privacy that keep him up at night.
He cites, as an example, the experience of a friend who installed a home security video system, only to discover that it was being hacked. Instead of providing security to him and his family, the cameras were being used by an outsider to spy on their activities.
“The invasion of privacy is becoming a big thing,” Maconachy says. “It’s not just about thieves stealing money off of your credit card, bad as that is. We’re talking about serious intrusions into a person’s life space.”
Dr. Jason M. Pittman, a professor of cybersecurity at Capitol, sees a cybersecurity arena that is becoming increasingly complex and decentralized.
“The single most pressing area over the next five years will be low-power, embedded devices. These devices will accelerate in their penetration into daily life because of the huge benefit to society,” he said.
Pittman and his colleagues are working to bring about a fundamental change in attitude among stakeholders in cybersecurity technology, including application developers, businesses that offer services, and the consumers that use them.
“We need to massively rethink our approach to developing technology. Improving quality of life and reducing inane burden is the purpose of technology. But we need to begin producing technology that innately includes cybersecurity features,” Pittman said.
“Secondly, we need to develop a collective ability to move faster when vulnerabilities are announced. Adversaries will always have n+1 steps while we only have n steps. We need to leverage that,” he said.
“We need to evolve a view in which cybersecurity is a baseline attribute.”
Capitol offers cybersecurity degrees at the undergraduate, master's, and doctoral levels. Click here to request information about graduate level programs. For our undergraduate programs, click here.
But
in the latest case – involving rideshare giant Uber – the breach itself
may not be the most significant part of the story, argues cybersecurity
expert Dr. Jason M. Pittman, who teaches at Capitol Technology
University.
While data-sharing arouses alarm in some quarters – especially when that data gets hacked -- the reality is more complex.
“Scripting
is more on the rise – Python, for instance,” Sabbah says.
“Object-oriented programming is still a big thing but the momentum is
really with scripting now. It’s easier to learn and quicker to write.”
But
with large data breaches on the rise, like the recent breaches in
security with Equifax and Uber, consumers have the right to be concerned
about the safety of their information once it hits the internet.
Dr. Jason Pittman, DSc, professor, cybersecurity program
Many
companies make as much as one quarter of their annual revenue during
the last three months of the year, according to Symantec. Cyber
criminals – always on the lookout for opportunities to exploit
vulnerable systems and unsuspecting users – often have extra leverage
during these critical shopping days.
But
what if you take precautions and are successfully targeted anyway?
According to Butler, it’s important to get in touch right away with the
proper authorities so that they can investigate.
They
are looking for individuals who not only understand cybersecurity, but
are fully at home in the world of data. That means fusing two sets of
skills that traditionally have belonged to different domains within
education – cyber and business analytics.
Cyber
analysts combine cybersecurity skills with the analytics knowledge
needed to identify such patterns. This powerful combination offers the
hope of stopping cybercriminals and adversaries before they can act.
We
asked Dr. Curtis KS Levinson, a leading cyber policy expert, to
identify some of the hot-button legal issues impacting the cyber arena.
Dr. Levinson is the US Cyber Defense Advisor to NATO and also runs a
private consultancy specializing in compliance, continuity/recovery,
governance, and security issues.