CSS News Round-Up: Converged Security Risks for Infrastructure Include Water and Energy Systems

News Round-Up – Get a Quick Rundown of What You Need to Know

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

Converged Security Risks for Infrastructure Include Water and Energy Systems

Help Net Security discusses the risk of human machine interface (HMI) systems being hacked, which could potentially allow attackers to contaminate the water supply or commit other attacks. With more vulnerabilities discovered in the past year, Help Net notes it is of concern that cyber attackers are likely to gain access to critical infrastructure systems and cause physical damage in the process. Adding to the difficulty of securing these important devices are the facts that they are not easy to patch and are typically not dealt with by IT and security teams.

Experts Quitting Toronto’s Smart-City Project Due to Privacy Concerns

As Sidewalk Labs furthers its project to transform part of Toronto, Canada into a smart city model, more concerns are being raised over privacy, says The Guardian. Privacy expert Dr. Ann Cavoukian recently dropped out of the project as a way of shedding light on the potential of surveillance and misuse of personal data as the project is executed. She voiced that while she had hoped the city would ensure privacy, her privacy concerns had not been addressed. A major factor in the uproar is the company noting that the information collected by the smart city could be accessed by third parties.

IoT Hacker Set to Pay $8.6 Million in Damages

The man who developed the IoT botnet in order to carry out an attack on Rutgers University, Paras Jha, will be paying $8.6 million as restitution in addition to six months of house arrest, according to SC Magazine. Jha will get 2,500 hours of community service and 5 years of supervised release. The botnet was used to compromise cameras, video recorders, routers, and more in the attack he executed with Josiah White and Dalton Norman. According to the article, Jha had previously released the code for the botnet intentionally allowing others to make their own version and let him stay anonymous.

Manufacturing Companies Becoming Prime Targets for Cyberattacks

A recent article by Tech Republic discusses the reasons that manufacturing companies are becoming a large target for cyberattacks. Tech Republic says that these companies have begun to obtain more and more important data, which gets the attention of cybercriminals. Additionally, it may be a result of the manufacturing industry’s apparent weakness of security while other industries have become more protected. Associated risks include data breaches, intellectual property theft, industrial espionage, disruptive innovation, lack of access to necessary talent, regulation problems, and strong global competition.

Security Vulnerabilities Discovered in Pacemaker Programmer Devices

The Food and Drug Administration (FDA) has claimed that Medtronic’s devices used to change pacemaker settings or check its battery power have a security vulnerability, according to Security Week. The issue reportedly allowed threat actors to bypass authorization and changed the functions of the device when it is connected to the Internet. The article notes that Medtronic has implemented a manual update for each device that disables access to Medtronic’s network and prevents unauthorized updates via the Internet.