Industry 4.0: Flexible Production Needs Secure Networking

As we sit on the edge of the fourth industrial revolution, businesses are preparing for sweeping technological changes that will impact their production. Governments around the world, particularly Germany, through its Industry 4.0 initiative, have tried to help businesses anticipate these changes. Simply put, Industry 4.0 will help enterprises adjust their production processes very quickly. The idea is to move away from the conventional approach of production facilities serving only one specific purpose. Greater flexibility will be achieved through modularity and extremely high connectivity, based on IP standards for all components. This is a first for the industrial sector because, up to this point, industry-specific protocols, media and controls have been utilized. With Industry 4.0, IP addresses, routers, switches and Ethernet will find their way onto the factory floor and into assembly shops. Along with cost considerations, the reason Industry 4.0 focuses on IP technology is the public’s experience with it. Hardware, software, and management approaches are constantly being enhanced by IP technology, which has been available for years. IT security technology offers compliance, standards and frameworks, as well as a variety of products for enterprises to choose from. Up until now, only a few enterprises have put Industry 4.0 initiatives in place in their organizations. These pioneers include financially strong enterprises in highly competitive markets, such as those in the automotive industry. Hopefully, the implementation of Industry 4.0 initiatives will be based on the wealth of experience from the traditional IT industry, especially where security is concerned. When IT departments are not consulted, gaps in network security could appear. Already, there are some examples of remote access points,...

No Quick Fixes for Home Depot After Record Cyberattack

Home Depot fixes America’s household problems. If you’re planning a do-it-yourself project, whether it’s repairing a leaky faucet or installing new linoleum flooring, you’re probably going to visit a Home Depot to buy your materials or get some advice. America’s largest home improvement retailer seems to have a repair for everything, but after news that its payment systems had been breached, Home Depot has a lot of work ahead to get its own house in order. It faces a long road as it repairs its reputation, its relationships with customers and its network security. In what the New York Times speculated could be the “largest known breach of a retail company’s computer network,” a massive breach that affected more than 2,000 Home Depot locations in the U.S. and Canada between April and Labor Day, exposing the credit card information of an estimated 60 million customers. These are unprecedented numbers, topping the infamous Target breach of last holiday season. By comparison, that attack did not last as long (three weeks), affected fewer stores (about 1,500) and resulted in fewer victims (40 million). The information security press has been quick to criticize Home Depot for its handling of the advanced persistent threat (APT) attack, particularly for its slow response. Eric W. Cowperthwaite, vice president of Core Security, told the Times, “This is not how you handle a significant security breach, nor will it provide any sort of confidence that Home Depot can solve the problem going forward.” Lessons from the Target Breach In KrebsOnSecurity’s original report of a possible breach earlier this month, Brian Krebs reported that Home Depot registers had...

Who Will Foot the Bill for BYOD?

The concept of “Bring Your Own Device” seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they’re probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees gain convenience. Of course, it’s never really been that simple or straightforward. And now, following a ruling by the California Second District Court of Appeal, BYOD looks poised to become even more complicated. Last month, the court ruled that companies in the state must reimburse employees who use their personal phones for work purposes. Specifically, the ruling covers voice call expenses, and reimbursement is not contingent on an employee’s phone plan – even if the employee has unlimited minutes, for example, the employer must reimburse a “reasonable percentage” of the bill. The consensus in IT circles is that the ruling muddies the water around BYOD. Now that there’s a legal precedent for voice call reimbursement, mandatory data reimbursement could be the next shoe to drop. And why wouldn’t it? Americans rack up more expenses for mobile data consumption than they do for voice calls. Should the law evolve, and if the California ruling sets a national precedent for other states, many companies may find BYOD no longer saves them that much money. DataHive Consulting’s Hyoun Park has said that the ruling would be a “deal killer” for many companies, while Forrester Research’s David Johnson told Computerworld that BYOD could now be “sidetracked”...

The Next ‘Black Swan’ Event: A Cyberattack?

Sprinkled throughout the course of history are flashpoints that were as unexpected as they were far-reaching. Catastrophic events like the September 11 attacks come immediately to mind, but so too does the birth of the Internet and the rise of Google. These unprecedented, unpredictable events were given a name in 2007 by author Nassim Nicholas Taleb – black swans. In his book, “The Black Swan: The Impact of the Highly Improbable,” Taleb explains how, in the aftermath of these events, we try to find bread crumbs that could have possibly predicted the event. It’s human nature. That’s why people are always so eager to determine what the next black swan will be, so that they can help spare the world some surprise when one does finally strike. The latest prediction comes from Chairman Greg Medcraft of the International Organization of Securities Commissions (IOSCO), who said: “The next black swan event will come from cyberspace. It is important that we pay attention.” Threats of a Different Color At first, it would seem as though Medcraft’s prediction isn’t all that surprising. How could it be, six months after President Obama announced new cybersecurity initiatives and, in the process, called network security threats “one of the most serious economic and national security challenges we face as a nation”? If the leader of the free world has identified something as a serious threat, then it probably doesn’t check the box for “unexpected” in the “black swan criteria” list. Of course, that doesn’t make the threat of network security attacks any less dire. A black swan event could theoretically claim more victims than the...