US medical devices vulnerable to hackers
The Internet of Things has been a big buzzword in 2014, a year in which we've seen the arrival of Apple's Watch, Google Glass and Nest, and other such internet-connected devices – some of which are starting to enter enterprise.
Research outfit Gartner says that it's one of the most hyped technologies, and it's clear that infrastructure remains its weak point at the moment; the first wireless networks are being built and hackers could well exploit this latest point-of-entry to corporate networks.
The US Department of Homeland Security confirmed to Reuters that it's investigating two dozen cases of suspected security flaws in medical devices and hospital equipment, saying that these could be exploited by hackers.
According to the report, the products are being reviewed by the agency's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) – and include implantable heart devices from Medtronic Inc and St Jude Medical Inc, as well as an infusion pump from Hospira Inc.
The official – who was unnamed – said that the agency is working with manufacturers to identify the vulnerabilities which could be used to expose confidential data or attack hospital equipment to the point where lives could be at risk.
Meanwhile, at the Glazed wearables conference in east London earlier this week, Akamai – whose content delivery network provides the backbone for around a third of internet traffic - detailed other issues at hand, most notably the strain these devices will put on the internet.
“We can't continue throwing more resources at the problem, which is what we've done till today,” said Dillon, in comments reported by TechWorld. “What's required is a different way of thinking."
China's appeal highlighted despite iCloud hack
It's been an interesting week for Apple which, in addition to launching an array of new iPads and the new Mac OS X Yosemite 10.10, has seen iCloud users come under attack for a second time in recent weeks.
The latest attack came earlier this week when Chinese web monitoring group TheGreatFire claimed that Apple iCloud users in the country were being targeted by hackers seeking personal data in a man-in-the-middle (MiTM) attack. It alleged that the Chinese government was involved in the attack – the same government has also faced mounting criticism from the FBI about alleged industrial espionage.
Nonetheless, despite these allegations, China is a massive market for Apple and that's hard to ignore. Indeed, it's perhaps a sign of the times that Apple CEO Tim Cook met with Vice Premier Ma Kai on Wednesday to discuss views on “protection of users' information”, according to the Xinhua news agency, as well as “strengthening cooperation and in information and communication fields.”
Some observers suggested to SC that Apple might take the route of Google (which re-routed China traffic through Hong Kong in 2010), but that looks unlikely. China is a big money market for the Cupertino giant.
GCHQ head goes out fighting
GCHQ's retiring director general Sir Ian Lobban left his post this week with a strong defence of the agency's actions in light of Edward Snowden's documents which detailed the extensive surveillance carried out by the group.
In a statement to the Churchill War Rooms in London on Tuesday, Lobban said that the agency was ‘never involved in mass surveillance' and ‘actively' looked to ‘minimise intrusion into everyday lives'. He went on to defend his staff as ‘normal decent human beings who watch EastEnders and Spooks'.
Lobban was clearly trying to defend a regime which – as he points out – is charged with protecting the country and yet, despite calls for transparency, it's fair to say that GCHQ is still suffering a reputational fall-out from Snowden's disclosures – earlier this week Belgacom revealed that the alleged GCHQ/NSA APT attack cost the firm £12 million.
CISO lifespan no guarantee of success or failure
The Chief Information Security Officer (CISO) is reckoned to have a tenure of about 18 months at each company, and it could be argued that their reign is often stopped short by a sacking relating to a security incident.
Some industry figures have told SCMagazineUK.com that this is often part of a ‘blame' culture that exists around data breaches, but at the same time, it's clear that good can be also be achieved irrespective of longevity.
As an example, just this week SC revealed how the Bank of England CISO Don Randall is to leave in January, to be replaced by William Brandon, after just 14 months in charge. Randall has been pivotal to the success of CBEST and the Waking the Shark exercises, and yet is stepping aside into a supervisory role.
Others CISOs we've talked to recently have held the same jobs for months or years – Canon's Quentyn Taylor told SC how he's been in the same post since 2000.