Industry 4.0: Flexible Production Needs Secure NetworkingAs we sit on the edge of the fourth industrial revolution, businesses are preparing for sweeping technological changes that will impact their production. Governments around the world, particularly Germany, through its Industry 4.0 initiative, have tried to help businesses anticipate these changes.

Simply put, Industry 4.0 will help enterprises adjust their production processes very quickly. The idea is to move away from the conventional approach of production facilities serving only one specific purpose. Greater flexibility will be achieved through modularity and extremely high connectivity, based on IP standards for all components. This is a first for the industrial sector because, up to this point, industry-specific protocols, media and controls have been utilized. With Industry 4.0, IP addresses, routers, switches and Ethernet will find their way onto the factory floor and into assembly shops.

Along with cost considerations, the reason Industry 4.0 focuses on IP technology is the public’s experience with it. Hardware, software, and management approaches are constantly being enhanced by IP technology, which has been available for years. IT security technology offers compliance, standards and frameworks, as well as a variety of products for enterprises to choose from.

Up until now, only a few enterprises have put Industry 4.0 initiatives in place in their organizations. These pioneers include financially strong enterprises in highly competitive markets, such as those in the automotive industry. Hopefully, the implementation of Industry 4.0 initiatives will be based on the wealth of experience from the traditional IT industry, especially where security is concerned.

When IT departments are not consulted, gaps in network security could appear. Already, there are some examples of remote access points, installed at client sites by third parties to simplify device maintenance, which were not sufficiently secured and therefore were left wide open to attackers. Another threat are search engines developed to automatically find unsecured remote access points or Internet interfaces with vulnerabilities.

To protect against these vulnerabilities, network administrators can leverage a VPN to easily secure remote access, especially if used with TCP/IP. VPN technology has been available for many years. It can easily be installed, controlled and managed, however, when vigilance and robust IT policies are lacking, there are several ways for vulnerabilities to manifest. Implementation often fails because a third party supplier, not the customer, is responsible for installing the remote access system and information is not adequately communicated. Or the customer’s employees may not recognize a security threat. Or perhaps the documentation is not executed as well as it should be and remote access points are simply forgotten.

Every technology and technological process goes through a hype phase in which promises are made that are tough to keep. Presently, Industry 4.0 may be in this phase. However, the good news is, awareness about Industry 4.0 is being created by the hype. This has helped pave the way for security to be baked in as a fixed and seamlessly integrated component during the planning and introductory phases of Industry 4.0. Governments and enterprises around the globe should pay close attention to the progress of Germany’s Industry 4.0 and once they see its benefits unfold, follow its lead.

 


Want to learn more about remote access VPN?

Remote Access VPNs For Dummies

In Remote Access VPN For Dummies, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now

Home Depot fixes America's household problems. If you're planning a do-it-yourself project, whether it's repairing a leaky faucet or installing new linoleum flooring, you're probably going to visit a Home Depot to buy your materials or get some advice.Home Depot fixes America’s household problems. If you’re planning a do-it-yourself project, whether it’s repairing a leaky faucet or installing new linoleum flooring, you’re probably going to visit a Home Depot to buy your materials or get some advice.

America’s largest home improvement retailer seems to have a repair for everything, but after news that its payment systems had been breached, Home Depot has a lot of work ahead to get its own house in order. It faces a long road as it repairs its reputation, its relationships with customers and its network security.

In what the New York Times speculated could be the “largest known breach of a retail company’s computer network,” a massive breach that affected more than 2,000 Home Depot locations in the U.S. and Canada between April and Labor Day, exposing the credit card information of an estimated 60 million customers.

These are unprecedented numbers, topping the infamous Target breach of last holiday season. By comparison, that attack did not last as long (three weeks), affected fewer stores (about 1,500) and resulted in fewer victims (40 million).

The information security press has been quick to criticize Home Depot for its handling of the advanced persistent threat (APT) attack, particularly for its slow response. Eric W. Cowperthwaite, vice president of Core Security, told the Times, “This is not how you handle a significant security breach, nor will it provide any sort of confidence that Home Depot can solve the problem going forward.”

Lessons from the Target Breach

In KrebsOnSecurity’s original report of a possible breach earlier this month, Brian Krebs reported that Home Depot registers had been infected by “BlackPOS” – the same strain of malware found on Target point-of-sale systems last winter.

And the parallels don’t stop there.

After both network security breaches, customer data surfaced on Rescator, a black market website that peddles stolen credit card information. And what’s more, both Target and Home Depot were attacked when their sales usually spike – Target during the holiday season and Home Depot during the spring, which this year produced a record number of transactions.

Both retailers have also taken similar steps to address the attacks publically. Just as Target did, Home Depot is offering “free identity protection services, including credit monitoring” to any customer who shopped at the store from April 2014 onward.

What’s still unclear is how hackers were able to breach Home Depot’s computer network. In the case of Target, attackers gained remote access to its network by finding a vulnerable point-of-entry in the form of one of the retailer’s HVAC contractors. If that’s also the case here, as it’s been with other prominent companies that have been attacked, it’s yet another reminder of the need for more secure remote access.

Any time a mobile employee or endpoint accesses a corporate network remotely, instead of working within the safer confines of the immediate network, there’s a greater chance that an attacker could exploit a vulnerability if the proper network security measures aren’t in place. In order for a network administrator to map out a complete view of the network, including remote users, tools like centrally managed VPNs are critical. This way, if a breach is detected, an administrator can take immediate steps to halt the attack, from deprovisioning users to revoking network access.

As Home Depot rebuilds its network security infrastructure, this is just one of many steps it will need to take to prevent another attack.


Want to learn more about remote access VPN?

Remote Access VPNs For Dummies

In Remote Access VPN For Dummies, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now

The concept of "Bring Your Own Device" seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they're probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees gain convenience.The concept of “Bring Your Own Device” seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they’re probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees gain convenience.

Of course, it’s never really been that simple or straightforward. And now, following a ruling by the California Second District Court of Appeal, BYOD looks poised to become even more complicated.

Last month, the court ruled that companies in the state must reimburse employees who use their personal phones for work purposes. Specifically, the ruling covers voice call expenses, and reimbursement is not contingent on an employee’s phone plan – even if the employee has unlimited minutes, for example, the employer must reimburse a “reasonable percentage” of the bill.

The consensus in IT circles is that the ruling muddies the water around BYOD. Now that there’s a legal precedent for voice call reimbursement, mandatory data reimbursement could be the next shoe to drop. And why wouldn’t it? Americans rack up more expenses for mobile data consumption than they do for voice calls. Should the law evolve, and if the California ruling sets a national precedent for other states, many companies may find BYOD no longer saves them that much money.

DataHive Consulting’s Hyoun Park has said that the ruling would be a “deal killer” for many companies, while Forrester Research’s David Johnson told Computerworld that BYOD could now be “sidetracked” for some companies as IT and business leaders scrum over how the ruling affects their own policies.

The ‘Rights’ of Employees

The reimbursement issue is one of many that have been whittling away at BYOD’s appeal to workers. Also high up on that list are security concerns. Employers are worried that many workers who participate in BYOD do not use any additional security features beyond whatever came as the default with the device.

In response, employers have clamped down by adding more security, through supplemental applications and software. This not only undermines the whole concept of BYOD – since the devices are no longer fully the employees’ “own – but there has already been a backlash by employees. Half have said they would stop using a personal mobile device for work if their employer forced them to install security applications. That seems like a very clear line in the sand.

Some have even called for some ground rules to dictate the relationship between workers and employers as it relates to BYOD and remote access. Webroot has gone as far as to call for a “BYOD Bill of Rights.” Among its eight principles, employees’ personal information would remain private, security applications would not denigrate speed or performance of a device, and employees would be able to choose whether to use their personal device for work.

One way for employers to create a secure BYOD environment, without infringing on any of the “rights” employees have defined for themselves, is through a VPN with central management capabilities, also in combination with container solutions like Samsung Knox or Open Peak Secure Workspace.

Network administrators can adopt VPNs to create a secure network tunnel through which devices connect to the corporate network. Central management functionality allows a network administrator to take action as soon as a breach is detected, whether that means revoking network access or deprovisioning a user.

The only way BYOD and remote access will continue to grow is if employers and workers are able to achieve consensus and compromise along the security-convenience spectrum.


Want to learn more about remote access VPN?

Remote Access VPNs For Dummies

In Remote Access VPN For Dummies, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now

 That's why people are always so eager to determine what the next black swan will be, so that they can help spare the world some surprise when one does finally strike. The latest prediction comes from Chairman Greg Medcraft of the International Organization of Securities Commissions (IOSCO), who said: "The next black swan event will come from cyberspace. It is important that we pay attention."Sprinkled throughout the course of history are flashpoints that were as unexpected as they were far-reaching. Catastrophic events like the September 11 attacks come immediately to mind, but so too does the birth of the Internet and the rise of Google.

These unprecedented, unpredictable events were given a name in 2007 by author Nassim Nicholas Taleb – black swans. In his book, “The Black Swan: The Impact of the Highly Improbable,” Taleb explains how, in the aftermath of these events, we try to find bread crumbs that could have possibly predicted the event. It’s human nature.

That’s why people are always so eager to determine what the next black swan will be, so that they can help spare the world some surprise when one does finally strike. The latest prediction comes from Chairman Greg Medcraft of the International Organization of Securities Commissions (IOSCO), who said: “The next black swan event will come from cyberspace. It is important that we pay attention.”

Threats of a Different Color

At first, it would seem as though Medcraft’s prediction isn’t all that surprising. How could it be, six months after President Obama announced new cybersecurity initiatives and, in the process, called network security threats “one of the most serious economic and national security challenges we face as a nation”? If the leader of the free world has identified something as a serious threat, then it probably doesn’t check the box for “unexpected” in the “black swan criteria” list.

Of course, that doesn’t make the threat of network security attacks any less dire. A black swan event could theoretically claim more victims than the Target breach, would leak much more damaging information than the Adobe hack, and would be more infamous than Heartbleed.

Consider, for instance, the recently reported NASDAQ breach. If the hackers involved in that breach were after more than information on the exchange’s technology, it may have led to dire consequences for the financial markets.

Where Will the Next Black Swan Land?

What’s most concerning about black swan threats is that, because they’re unexpected, unprecedented and rare, they’re impossible to plan for. It doesn’t matter if you’re an enterprise or the U.S. government.

Where organizations can defend themselves is against white swan threats – those that are expected and more common. The individual elements of a cybersecurity plan, such as firewalls and VPNs with central management capabilities, have proven that they can effectively combat white swan threats. To prevent black swan threats, though, network security administrators have to adopt a big picture view.

It all ties back to a defense in-depth approach to network security. It takes redundancy to keep a network running, should an attack of any kind occur. What’s important is that the effects of an attack do not advance beyond the initial point-of-entry, not necessarily that every attack is thwarted and every threat vector is anticipated. After all, black swan events cannot be predicted.

Incidentally, Taleb also supports a defense in-depth approach to defend against black swan events. He doesn’t use the phrase “defense in-depth” specifically, but when he talks about the best defense being “robustness” – the ability to withstand shocks, even when they’re unexpected – he’s supporting the same principles as defense in-depth.

And why wouldn’t you trust the author who drew attention to black swans in the first place?


Want to learn more about remote access VPN?

Remote Access VPNs For Dummies

In Remote Access VPN For Dummies, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now

Are Connected Cars on a Collision Course with Network Security?Flipping through any consumer publication that rates vehicles, you’ll see all the metrics you would expect – from safety and performance (acceleration, braking, etc.) to comfort, convenience and fuel economy.

What you won’t find is an assessment of the car’s risk of being remotely hacked. Unfortunately, if you happen to drive a 2014 Jeep Cherokee or 2015 Cadillac Escalade, your vehicle would likely have a one-star review in Consumer Reports for cybersecurity.

These vehicles, along with 22 others with network capabilities, were profiled by researchers Charlie Miller and Chris Valasek during Black Hat 2014 earlier this month. They warned that a malicious attacker could hack into a connected car, doing anything from “enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.”

Days later, during the DefCon hacker conference, a group of security researchers calling themselves “I Am The Cavalry” sounded the same alarm, urging the automobile industry to build safer computer systems in vehicles.

The warning comes years after automakers started testing the connected car waters, most notably Ford, as far back as 2010, with its “MyFord Touch” mobile Wi-Fi hotspot. Since then, Google has been in the driver’s seat of the connected car movement. There’s been buzz around Google’s efforts to produce self-driving cars for years, and the smoke signals only grew more prominent after Google moved its head of Android, Andy Rubin, to the robotics division of the company.

While the convenience of connected cars will no doubt increase their popularity, it’s important for manufacturers of all network-ready vehicles to remember the importance of security technology. As we wrote last year about connected cars, attackers don’t care what mobile endpoint they’re hacking – as long as it’s connected to the Internet, it’s a target.

Vehicles: Just One of Many ‘Things’ Hackers Can Target

Although I Am The Cavalry gained recent attention because of its focus on connected vehicles, the hacker coalition has taken a broader approach, by focusing “on issues where computer security intersects public life and human life.”

The group has also advocated for better security over other potential hacker targets, including medical devices, public infrastructure and home electronics. As the growth of the Internet of Things has shown, computer security now intersects public life at nearly every turn!

One proposal put forth by I Am The Cavalry for defending against cyberattacks is the concept of “safety by design” – essentially, that vehicle computer systems are segmented and isolated, so that a problem with one does not impact the performance of another.

Sound familiar? It’s similar to the concept of defense in-depth, which uses redundancy to create a comprehensive, multi-tiered security infrastructure. One of the first steps enterprises should take in building this infrastructure to prevent connected devices from breaching corporate networks is implement a centrally managed VPN.

It doesn’t matter whether you’re using a VPN to secure a connected car, an employee’s phone or tablet, a smart sensor or some other Internet of Things device that relies on machine-to-machine (M2M) communication, the connection needs to be secure before a device accesses the internet or a corporate network and begins transmitting sensitive information.

What’s most important is that our collective ambition to improve technology isn’t surpassed by our ability to keep up with necessary cybersecurity mechanisms. In the case of connected cars, it’s probably best that we all “tap the brakes” and consider the security apparatuses that need to be in place before these next generation vehicles are on every highway in the country.


Want to learn more about remote access VPN?

Remote Access VPNs For Dummies

In Remote Access VPN For Dummies, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now