On the Need to Set Boundaries Around an Internet of Things

The March/April 2014 edition of Foreign Affairs includes an article titled As Objects Go Online, which was written by Professor Neil Gershenfeld of MIT, and JP Vasseur, Cisco Fellow and Chief Architect Internet of Things at Cisco Systems.

This article appears to have been published to coincide with a one day IOT Festival held on Saturday, February 22, 2014, on the MIT campus in Cambridge, Massachusetts.

While the enthusiasm of the authors is to be applauded, and the promise of increasing the scope of what I would call “rapid device to device data communication” (which presently depends entirely on one data communications transport — Ethernet, with a set of markup languages running at the application layer) is certainly an important objective (which, should we achieve it, will certainly expand the usefulness of devices, along with the range of what people can do with them), I think a lot of caution should be exercised about the entire notion.

Tellingly, it isn’t until approximately 5 paragraphs from the end of “As Objects Go Online” that the authors address the question of whether it makes sense, from the perspective of data security, to open the Smart Grid to data communications over the Internet of Things, which they champion. In light of the recent exposure of the Heartbleed security hole in the Open SSL protocol, in my opinion, the following claim by Gershonfeld and Vasseur should be very carefully considered by anyone seriously considering the “open” SmartGrid notion: “The history of the Internet has shown that security through obscurity doesn’t work. Systems that have kept their inner workings a secret in the name of security have consistently proved more vulnerable than those that have allowed themselves to be examined — and challenged — by outsiders. The open protocols and programs used to protect Internet communications are the result of ongoing development and testing by a large expert community.” (quoted from Gershonfeld and Vasseur’s article as published on the Foreign Affairs web site).

In the next paragraph they present their argument on the real cause of many of the “Internet” / “Web” serious security problems–human error. I certainly agree with this claim, which points to the predominant role played by human error, poor procedural planning, and a lack of effective risk management when one reflects over the history of successful, malicious attacks conducted over “The Web”. But this is, by no means, to excuse what can only be called shoddy software development at the foundation of the heartbleed problem. Procedures and controls are useless, even when correctly implemented, if the Open Source software the authors laud is, itself, full of holes and bugs.

As I wrote recently in this blog, in my opinion we need much better methods at the transport and application layers of the data communications protocol stack to ensure, at a minimum, the suitability and security of software before we condone using it for something as mission critical as the SmartGrid.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2014 All Rights Reserved


Should Online Security Procedures Run Independent of Users?

Recent disclosure of additional details about the highly publicized compromise of Target’s customer data repositories support an argument for less manual effort to operate methods of securing confidential, user specific data, across online communications. Is this argument plausible? and, if the answer is yes, then to what extent?

I think the best answer to this question is a qualified “yes”. Perhaps online security best practices should be revised. It may make sense to remove the user from the direct application of single sign on technology as cloud, SaaS processes are consumed. If the authentication step can be handled with greater precision, and success, by delegating the actual management of logging into, and then out of a host of applications to another piece of software — another SaaS dedicated to securing the exchange of online credentials between applications and specific users — then, this argument goes, we can have more confidence in at least this step in the online systems processing experience for typical SaaS users.

Identacor is an example of a SaaS targeted to the identity and access management market. These consumers need a better method of managing credential exchange between users and SaaS processes. I recently spoke with Sandy Dalal, CEO of Identacor. Anyone visiting the Identacor site will note the importance of a unique markup language, Security Assertions Markup Language (SAML), to the Identacor solution. As Dalal sees it, implementing Identacor on a SAML core directly satisfies a growing SaaS user requirement for a method of actually removing passwords, altogether, from an online authentication process. Once passwords are relegated to a less important role in the process, then the administrative burden is reduced, as well.

But Dalal explained Single Sign On (SSO) is simply a part of the solution Identacor offers to its customers. He let me know Identacor is ” . . . really in the business of managing [our customers’ online] identities. From the time an employee, or even an external partner joins your company, to the time they leave your company, in all the, sort of, life-cycle access security events transpiring from this association, we can help secure that . . . ”

Identacor has been built with hooks to popular human resources management SaaS offers (he mentioned Workday). He claims these hooks can be used to remove access rights to important, organization-specific applications, as required, as personnel transition out of a client’s company. These hooks operate entirely transparent to the user.

If, as it presently appears, poorly architected, managed, and, finally, implemented, operational risk management controls where at the center of the Target hack, then systems like Identacor are worth a close review by any business looking to remove some of the human factor from these online interactions.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2014 All Rights Reserved


Building a Data Security Model for the Internet of Things

Two executives from Cisco jointly presented a Keynote at this year’s RSA Conference in San Francisco. The Keynote was titled The New Model of Security Christopher Young, Senior Vice President, Security Business Group, and Padmasree Warrior, Chief Technology and Strategy Officer spoke for 26 mins on the topic of the Internet of Things and its impact on data security best practices.

Online security is, and, for the foreseeable future will remain, one of the most important components of any mature ISV’s product platform. Cisco is no exception. But this presentation at the RSA Conference did not provide me with a lot of new information about how Cisco is meeting the challenge.

Cisco has, on a few occasions, created brands for purported industry trends, which somehow never got off the ground. Examples include the Home Technology Integration (HTI) effort, which didn’t deliver on its promise. Is the Internet of Things just another example of one of them?

Regardless of how one answers the question, the important point about the notion of an Internet of Things for this Keynote, is simply the geometric, explosive proliferation of connected devices over the last thirty years. Warrior presented some statistics including a universe, in 1980, of approximately 1K devices, which, today, she claims is approaching (or even exceeding 10 Billion).

Christopher Young depicted the problem all these devices represent to ISVs with security solutions: when the connected device is a highly complex machine like an automobile, then anyone analyzing the points where the connected device is vulnerable to malicious attack, needs to think about sub systems, component manufacturers, etc. In other words, the real conundrum is ensuring all of the OEMs contributing to the production of the final complex connected device are all sharing the same security priorities, architectures, etc.

Young did not offer any examples of how anyone is successfully coordinating OEMs to provision a truly effective security solution for connecting complex devices like automobiles to the Internet, but, one can argue, at least Cisco is aware of the challenge, which is an important starting point.

There is ample precedent for such as policy, of course, within the production of the functional architecture of automobiles and, on an even bigger scale, airplanes. Boeing, Airbus, etc. are quite effective at managing subsystems, and the OEMs responsible for them, to ensure conformance with functional standards. Why not do the same for Internet connectivity?

Warrior also noted a need for device-to-device authentication, which I think makes a lot of sense. Ethernet, unfortunately, does not support the data communications hand shaking required to provide this level of authentication, but Warrior’s comment may actually signal efforts on Cisco’s part to build new data communications protocols on top of, our beneath, Ethernet over TCP/IP communications capable of simulating the type of error checking and authentication required to really control data communications between connected devices.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2014 All Rights Reserved


ProofPoint Uncovers Successful Malicious eMail Activity and Finds Security Holes in the Internet of Things

On January 16, 2014 ProofPoint published a press release, titled ProofPoint Uncovers Internet of Things (IoT) Cyberattack. According to the company, some 750K “Phishing and SPAM emails” were uncovered through ProofPoint’s efforts. The sources of these attacks were traced back to a set of home entertainment centers, televisions and “at least one refrigerator”.

This information should help people interested in the notion of IoT to better understand the range of devices included in the scope of the first significant hack attempt on this type of data communications.. Conspicuously absent from the list of compromised devices included in the release are smart thermostats, electric meters, HVAC systems or even home security systems. But it is increasingly likely the attackers will soon begin to penetrate HVAC systems, etc. Certainly the risk of successful attempts to compromise an HVAC system is a magnitude greater, even than the risk of a rogue smart refrigerator sending spam emails.

The ProofPoint release also helps us better understand why hackers are targeting IoT devices. The malicious exploits amounted to efforts to turn smart appliances into broadcast resources for junk email, and phishing attempts. The objective is clearly nefarious as ProofPoint’s release points out: “Cyber criminals intent on stealing individual identities and infiltrating enterprise IT systems have found a target-rich environment in these poorly protected internet connected devices that may be more attractive and easier to infect and control than PC, laptops, or tablets.” (quoted from ProofPoint’s Press Release. I’ve provided a link to the complete press release earlier in this post).

Consumers of these smart appliance and home convenience devices may want to read ProofPoint’s release before connecting one of them to the Internet. Investors keen on the IoT trend may also want to read the release, if for no other reason than to get a sense of the magnitude of a negative black swan event, and its potential destructive damage on businesses marketing IoT solutions.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved


Security Exploits are Prodding the Public to be More Defensive About Online Services

The stream of news about successful malicious attacks against online SaaS offerings — recently breaking at a non-stop pace — appears to me to be finally prodding the public to take, at a minimum, a more defensive stance about the information these services ask of them. This is, of course, good news for the public, and good news for ISVs offering security solutions for online data communications.

I make this claim based on the frequency of publication, by mass market media outlets like the New York Times, of articles on this topic. Nicole Perloth, a writer for the Times published an article on Sunday, January 12, 2014, titled Stop Asking for My Email Address. This article is noteworthy for a few reasons:

  1. The examples in the article are based on the in-store (brick and mortar) experience of retail customers (including the author, herself)
  2. Each example is accompanied with a security tip
  3. The author admonishes the reader to adopt tighter security measures, and to start exercising them right away

The first point — stories of the experience of retail customers in brick and mortar retail locations — promises more cognizance by average retail product consumers. The vast majority of these consumers still make their purchases at brick and mortar locations. These shoppers are less aware of what online data communications is all about in the Internet era, and even less likely to have a useful idea of the security required to safely use SaaS offers, including e-commerce enabled web sites. So these examples provide them with useful scenarios as they develop better personal data security behaviors.

The author’s illustration of just what it means when Target expands the number of consumers likely affected by the security breach to 70 million, “So we’ll all feign shock that the Target breach did not just affect 40 million people as it previously reported, but well over one-third of America’s adult population.” (quoted from Nicole Perloth’s article, a link to which has been provided above in this post), is to be commended as only the least sensitive cut of readers are likely to maintain a “business as usual” attitude when the statistic is presented in this way.

The best method of protecting oneself from the threat of malicious subversion of cloud, SaaS offers certainly starts, and ends with oneself, my third point. I would have preferred reading how the author managed to gracefully decline the sales representative request for her email address, than to read the “secure” email address she ended up offering, but at least the seemingly “secure” email address is better than a more personal email address.

The important point, of course, is the negative impact a more security conscious consumer will have on the popularity of cloud, SaaS offers. I can’t help but think we will start to see some revenue misses in the next coming quarters from some of the more prominent players in this industry sector.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved


The Market for Cloud, SaaS Security Solutions Heats Up in the Aftermath of SnapChat and Skype Hacks

On Thursday, January 2, 2014, FireEye announced its acquisition of Mandiant. According to an article authored by Danny Yadron and published on the Wall Street Journal website titled CyberSecurity Deal: FireEye Buying Mandiant for about $1 Billion, the acquirer in this transaction is paying roughly ten times the $100 Million annual revenue Mandiant will book for fiscal 2013 (according to FireEye CEO Dave Dewalt, who is mentioned making this estimate in the Wall Street Journal article).

In a post to this blog published on the same day, I presented my notion about the likely condition of consumer sentiment about Cloud, Software as a Service (SaaS) offers in the wake of a well publicized, successful malicious attack on SnapChat, which occurred over the winter holidays, 2013.

Not noted in my post, but worth a mention, is another successful malicious attack on an online service — this time Skype was the victim — occurring over the same timeframe. My point is the volume of these attacks has achieved a critical mass, where consumers can be expected to lose their appetite for Cloud, SaaS offers for fear of exposure to malicious attack by cyber crooks.

So the transaction makes a lot of sense to me, and, further, provides credible support for my claim. I can only conclude the business segment of Cloud, SaaS consumers, which both of the parties in this transaction serve, is displaying a burning need for a security solution reliable enough to support continued use of these Cloud, SaaS offers. Why else would FireEye pay the high multiple required to close this deal?

Another point needs to be made here. This same business segment of consumers apparently wants to keep using these services, and appears to be willing to pay for security. So the low cost and convenience of Cloud, SaaS offers can safely be said to still represents a benefit consumers are willing to pay to achieve despite a list of successful malicious exploits, which is getting longer, day by day.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved


Hack Attack Volume Achieves Critical Mass: What Will be the Effect on Consumer Appetite for Cloud Services?

On January 1, 2014, news broke of another successful unauthorized intrusion by malicious parties into an area of a prominent online service, this time Snapchat, assumed to be secure. The intruders are said to have made off with personal account information on 4.6 million users.

With this successful exploit, it’s safe to save the volume, and severity of malicious attacks on websites offering Software as a Service (SaaS) offers, has reached a critical mass. When a majority of SaaS consumers can be assumed to be familiar with the details of this unfortunate event, will it make sense to start planning for lower levels of demand for these services?

As Doug Gross wrote in an article published on CNN.com titled Millions of accounts compromised in Snapchat hack, “The hack was seemingly intended to urge Snapchat to tighten its security measures.” (quoted from Mr. Gross’ article, a link to which has been provided above).

If this assumption proves true, then the impact of this event may be even greater. Snapchat markets itself as a cutting edge service for consumers in need of a secure venue for sensitive online chats. The big benefit of their service (I’ve not tried it myself), is Snapchat’s purported ability to completely remove any trace of these chats once they’ve been concluded. The consumers of this service are an especially promising cut of online users from the perspective of investment analysts. They all use the service on mobile devices.

The people behind this malicious attack, whether driven by a benign motivation to prompt Snapchat to tighten up on its security features, or not, have now demonstrated the actual lack of security implicit to a SaaS offer targeted to online consumers looking for an advanced method of engaging in highly secure communications with one another. If Snapchat can’t be trusted to be secure, where are we?

As long as online communications are all routed along only one protocol — Ethernet –and an ASCII text application, HTML, is the obligatory application method, the volume and severity of these attacks will likely continue to escalate. The honeypot has become too irresistible for attackers to ignore.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved


A Serious Vulnerability is Exposed in the Wi-Fi Protocol

On October 29, 2013, the New York Times published an article written by Nicole Perlroth, titled “New Vulnerability Found in Apps Using Wi-Fi”. This finding ought to add a heightened level of risk to activities average consumers consider for their online communications needs.

This vulnerability is specifically linked to the iOS O/S, and Apps built for it. There isn’t much new about the technical objective behind this exploitation method. It amounts to another attempt to insert a “man in the middle”, between App users and their data sources and servers. If successful, this exploit can masquerade as a legitimate data source. If successful, this exploit can be used to serve erroneous, misleading information to users engaged in financial transactions — like stock trading — with potentially disastrous results.

Hopefully the revelation of this new serious risk will prod App consumers to put the breaks on some online activities actually fraught with very dangerous risks. Further, whereever possible, App consumers should use a hard wired connection to the network. This is not to say a hired wired connection is inherently more secure than a wireless one, but the extent of risk is more limited and, of most importance, more manageable.

One would also hope Apple would take steps in the aftermath of these findings to quickly contribute to a method of patching this vulnerability. While the Wi-Fi protocol is a data communications standard maintained by the IEEE, it, nonetheless, can plague any/all manufacturers building solutions around it, should vulnerabilities like this one arise. One would imagine Apple will move very quickly to repair this issue.

The upside, if there is any to be found here, lies in an opportunity for resurgence of interest in a multi-protocol networking environment. Certainly, in a world where there were more options for mass market consumption of data services offered with dissimilar protocols, users would have an added layer of security to depend upon.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved


Online Security Problems are too Pressing for the Public to Continue to Ignore

The recent news of an online security problem at Adobe Systems, in my opinion, pushes the marker for cloud SaaS applications further into the land of “clearly a risk I need to think about” purchase decisions for business consumers of technology services. For the record, I received the dreaded notice from Adobe over the weekend of October 6, 2013 that my “Adobe ID” had been compromised.

My login credentials were just one of over 2.9 million sets possibly compromised by this attack. I try to stay vigilant about online security, so I immediately canceled three of our consumer credit cards. But what about other folks? Would they be as prompt as I, and take the steps, right away to cancel cards?

I’m not sure. No one is directing them to take such a step, but without useful guidance the public may fail to take a step like the one I took and, thereby, preserve a level of risk beyond what would otherwise be tolerable.

When I factor in the continued advance of ever more costly purchase transactions offered to the online ecommerce consumer, I can’t help but think we’re racing along a highly dangerous route. Just today, Monday, October 7, 2013, GM announced a campaign to direct dealerships to accelerate online sales of automobiles. I can’t help but think the financial magnitude of these purchases will become a magnetic attraction for the most sophisticated elements in the hacker universe.

With merely one protocol at the application layer, HyperText, and one at the Network layer, Ethernet, it is next to impossible to assure, with 100% certainty, the safety of these online transactions. Especially when one factors in this summer’s NSA scandal, which included credible evidence the NSA had hacked encrypted protocols, leaving no real safety anywhere.

As the risks to vendors grow, there can be little doubt much of the exposure will have to be passed onto the consumer. Whenever we reach this point (I think it’s inevitable we will get there, and likely sooner than later) the balance may tip back towards on premises solutions, and towards multi-protocol computing environments.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved


Building Secure Internet Applications Becomes Increasingly More Difficult as Threats Grow in Sophistication

On Friday, September 27, 2013, The Wall Street Journal’s CIO blog published an article by Steve Rosenbush, Deputy Editor, titled How Advanced Denial of Service Is Raising Stakes in Cybercrime. Two important points arise from a reading of Mr. Rosenbush’s article:

  1. Internet security experts are increasingly pointing to inherent weaknesses in the structure of data communications networks for today’s internet traffic as formidable obstacles to the implementation of reliable defensive systems for cloud computing applications. This article describes the difficulty of protecting trading applications, which depend upon synchronous data communications, from sophisticated subversion attempts
  2. Multi tenant cloud architecture for applications for small to midsize businesses, and even “less than mission critical” applications for bigger businesses, and government agencies, will be much harder to secure, if alternatives to the type of content delivery networks (CDNs) described in this article cannot be found

If the weaknesses of Ethernet data communications architecture remain very difficult to overcome (which is the inevitable conclusion of pt 1), above), then it makes sense to plan on some lessening of consumer appetite for cloud services. After all, service providers, at some point in the future, will simply have to pass through some of the cost of losses directly to consumers. How else can they be expected to continue to unilaterally absorb these costs? Once consumers are made aware of a higher level of exposure, they are likely to pull back.

As well, there will, inevitably, have to be a higher cost for these services, if providers have to plan on the kind of massive infrastructure represented by CDNs (as noted in pt 2), above). Even if the server farms amount to thousands of virtual machines (or tens, or even hundreds of thousands), the CPU cycle costs will be substantially more expensive than today’s norm. The whole infrastructure as a service (IaaS) business will become a much more expensive proposition for vendors. Inevitably, these costs will have to be passed through to consumers.

ISVs planning on cloud offers will likely need to adjust revenue models to plan for higher costs of offering secure cloud systems capable of safeguarding consumers from the type of attackes noted in this article.

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved