Editorial: Oh Security—Where Art Thou?

ACM Trans. Embed. Comput. Syst. Pub Date : 2015-03-25 DOI:10.1145/2742044

S. Shukla

{"title":"Editorial: Oh Security—Where Art Thou?","authors":"S. Shukla","doi":"10.1145/2742044","DOIUrl":null,"url":null,"abstract":"As I write this editorial for Volume 14, Issue 2 of the ACM Transactions on Embedded Computing Systems, I am riled up with the concern that my medical data, together with many personal information might be in the hands of some identity thief—post the security breach of my health insurer Anthem. It seems that tens of millions of customer data might have been stolen by hackers, which could include me and many of my colleagues. This is not the only one on our mind these days. Right before the winter holidays of 2014, a German steel plant was struck by hackers—they manipulated and disrupted the control system of the plant and caused physical damages. Also, who can forget that the breach of SONY Entertainment caused an uproar right before that—and ended up determining the fate of a movie's impending world wide release? These are but a few highly publicized cases. According to the reports I read, most government information systems around the world are targeted hundreds of times a day by hackers—malicious or benign. We have created a digital world – the interconnected world of devices, machines, and systems, and the flip side of all that is the incessant attacks and insecurity. While the Anthem breach leaves us with the possibility of loss of privacy, identity theft, and other malicious use of our personal information by miscreants, the attack on the German steel plant leaves us with the possibility of cyberattacks that could lead to another Bhopal disaster or a Chernobyl, depending on how sophisticated and massive the attack might be on existing chemical or nuclear plants. On top of all these, the extant cybersecurity of all these systems are not only insufficient, they are also often retrofitted without a proper proof of security. While in the past such systems have been isolated from the prying eyes of hackers through air gap and obscurity, it is no longer the case. The IP convergence that provides the comfort of browsing the live data on the state of the plants from the offices and home of engineers also created the Achilles heel of such systems. With the growth of handheld devices and high-speed wireless networking, there is no going back on that—while we stand exposed to possibilities of huge industrial accidents in the hands of hackers who might be even state actors. In this brave new world, we need to make cybersecurity …","PeriodicalId":183677,"journal":{"name":"ACM Trans. Embed. Comput. Syst.","volume":"310 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Trans. Embed. Comput. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2742044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

As I write this editorial for Volume 14, Issue 2 of the ACM Transactions on Embedded Computing Systems, I am riled up with the concern that my medical data, together with many personal information might be in the hands of some identity thief—post the security breach of my health insurer Anthem. It seems that tens of millions of customer data might have been stolen by hackers, which could include me and many of my colleagues. This is not the only one on our mind these days. Right before the winter holidays of 2014, a German steel plant was struck by hackers—they manipulated and disrupted the control system of the plant and caused physical damages. Also, who can forget that the breach of SONY Entertainment caused an uproar right before that—and ended up determining the fate of a movie's impending world wide release? These are but a few highly publicized cases. According to the reports I read, most government information systems around the world are targeted hundreds of times a day by hackers—malicious or benign. We have created a digital world – the interconnected world of devices, machines, and systems, and the flip side of all that is the incessant attacks and insecurity. While the Anthem breach leaves us with the possibility of loss of privacy, identity theft, and other malicious use of our personal information by miscreants, the attack on the German steel plant leaves us with the possibility of cyberattacks that could lead to another Bhopal disaster or a Chernobyl, depending on how sophisticated and massive the attack might be on existing chemical or nuclear plants. On top of all these, the extant cybersecurity of all these systems are not only insufficient, they are also often retrofitted without a proper proof of security. While in the past such systems have been isolated from the prying eyes of hackers through air gap and obscurity, it is no longer the case. The IP convergence that provides the comfort of browsing the live data on the state of the plants from the offices and home of engineers also created the Achilles heel of such systems. With the growth of handheld devices and high-speed wireless networking, there is no going back on that—while we stand exposed to possibilities of huge industrial accidents in the hands of hackers who might be even state actors. In this brave new world, we need to make cybersecurity …

查看原文本刊更多论文

社论:哦，安全——你在哪里?

当我为《ACM嵌入式计算系统汇刊》第2期第14卷撰写这篇社论时，我非常担心我的医疗数据以及许多个人信息可能会落入某些身份窃贼的手中——比如我的健康保险公司Anthem的安全漏洞。看来，数以千万计的客户数据可能已经被黑客窃取，其中可能包括我和我的许多同事。这并不是这些天我们脑子里唯一的问题。就在2014年寒假之前，一家德国钢铁厂遭到黑客袭击——他们操纵并破坏了工厂的控制系统，造成了物理损失。此外，谁能忘记索尼娱乐公司的泄密事件在此之前引起了轩然大波，并最终决定了一部即将在全球上映的电影的命运?这些只是少数被高度宣传的案例。根据我读到的报告，世界上大多数政府信息系统每天都会被黑客攻击数百次，无论是恶意的还是良性的。我们已经创造了一个数字世界——一个设备、机器和系统相互连接的世界，而这一切的另一面是不断的攻击和不安全。Anthem泄露事件给我们带来了隐私泄露、身份盗窃和其他不法分子恶意利用我们个人信息的可能性，而对德国钢铁厂的攻击则给我们带来了网络攻击的可能性，这可能导致另一场博帕尔灾难或切尔诺贝利灾难，这取决于对现有化学或核电站的攻击有多复杂和规模有多大。最重要的是，所有这些系统的现有网络安全不仅不足，而且经常在没有适当的安全证明的情况下进行改造。虽然在过去，这样的系统通过空档和隐蔽的方式与黑客的窥探隔绝，但现在已经不是这样了。IP融合提供了从办公室和工程师家中浏览工厂状态实时数据的舒适感，但也创造了此类系统的致命弱点。随着手持设备和高速无线网络的发展，我们已经无法回头了——同时，我们也面临着黑客(甚至可能是国家行为者)手中发生巨大工业事故的可能性。在这个美丽的新世界里，我们需要让网络安全……

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Trans. Embed. Comput. Syst.

自引率

0.00%

发文量