Jane's Intelligence Review

Growing device connectivity affects security

09 May 2015
Examples of vulnerabilities and targets in the Internet of Things. Credit: IHS

IHS Aerospace, Defence and Security is pleased to announce the re-launch of IHS Jane’s Intelligence Review (JIR) following consultations with our customers about their evolving requirements. JIR is published continuously online, with content appearing as soon as it has been edited. It is also available as part of our comprehensive coverage of country risk in our Jane’s Military and Security Assessments (JMSA) intelligence centre, and is published once a month as a hard copy magazine.

The new-look JIR will carry regular sections on cyber issues, open-source intelligence analytics, online jihadist activity, and news from around the global intelligence community. Throughout both the online and magazine versions of JIR, we will also be making greater use of insights gleaned from social media intelligence (SOCMINT) that complement our dashboards on social media usage available as part of JMSA.

Additionally, and also following feedback from our customers, we are increasing the volume of visual analytics to include a wider spread of mapping, satellite imagery, infographics, and GIS-based visualisations.

Growing device connectivity affects security

Cyber-attacks are set to increase as more devices are added to the Internet of Things. Milosz Reterski examines the scale of both the cyber and physical security threat.

Cybersecurity firm Symantec reported on 31 March that it had observed new reconnaissance malware, dubbed Trojan.Laziok, circulating among administrative computers in the energy industry, with more than half of the target systems located in the Arabian peninsula. Laziok appeared to be transmitting information about the infected computers' configurations to the attackers, who then dispatched tailored data-theft malware. In addition to traditional corporate espionage, this attack highlights vulnerabilities in physical infrastructure assets. In the energy sector, low oil prices are putting pressure on companies to cut costs, and this may result in sub-optimal security procedures and software updates, including security patches.

US technology firm Gartner estimates that nearly 5 billion devices and pieces of infrastructure will be connected to the Internet of Things (IoT), the network of physical devices connected via the internet, by the end of 2015. This will provide a large attack surface that can be exploited by malicious actors.

Hackers of note have already claimed infiltration of the IoT. The hacker Hex00010 has built his reputation by announcing on his Twitter account multiple infiltrations of air traffic control systems, maritime communications and heating, ventilation, and air conditioning (HVAC) controls. HEX00010 once worked in partnership with jihadist hacker Junaid Hussain (alias TriCk) in TeaMp0isoN, a group known to have hacked the United Nations, the UK's Secret Intelligence Service, and former UK prime minister Tony Blair.

Internet of Things

Cybersecurity advocacy group 'I am the Cavalry' broadly divides the IoT into four overlapping domains: building automation, medical devices, automobiles, and public infrastructure. Facilities managers and homeowners alike are able to control building operations remotely: rooms can recognise occupancy and adjust lighting, temperature, and power levels, and administrators can supervise video and security systems. Many of these building-control systems are installed without a thorough assessment of security risks. Such integration exposes vulnerabilities in other systems. In late 2013, retailer Target suffered a large-scale theft of credit card information after granting network access to a contractor whose own system security had already been compromised.

Want to read more? For analysis on this article and access to all our insight content, please enquire about our subscription options ihs.com/contact

(553 words)