100's of M2M / IoT blog posts.

The best way to invade a country is not using military force …

by Larry Bellehumeur   |  Oct 05, 2018  

Hello and thanks for reading.

Another day, another story about a failure in cybersecurity.  However, this report is potentially much, much scarier than all others.

A story in Bloomberg Businessweek, if true, would be the worst case scenario for many of us.  Few people fear that a country with a military as powerful as the US could ever be attacked on a broad scale using military force.  It would likely prove to be an act in futility.  However, a truly well orchestrated cyber attack could be just as dangerous.

The report cited over a dozen unnamed sources that claim that China had placed spy chips inside of various pieces of equipment, including some made by Apple and Amazon.  The companies have denied the report, and perhaps there is nothing to it.  However, the idea of such an attack is a threat that is both real and one that could have huge consequences.

Much of the equipment used in the business world is manufactured overseas, often in China.  Think equipment that powers the traffic lights, air traffic control, the power grid and much more.  The idea that there may be a cyber attack on these things is well documented (both by the media and by Hollywood), so there are very large protections in place to prevent this.

But, if the attack came from the device itself, how would you prevent it?

This particular alleged attack was not aimed at causing such havoc but was actually targeted at gaining access to key commercial and government secrets, but is there any reason why it could not be aimed at much more?

I have written extensively at how there is a lack of IoT security among many devices, mostly those in the consumer space.  Having been involved in many high priority and secure deployments, I can tell you this is not the case for most high-risk deployments.  There are strict rules and procedures followed, and I have never been made aware of a successful attack on any of these assets.  However, all of the procedures in the world will not stop an attack from within the components of the device themselves.

It kind of reminds me of the movie Terminator Genisys, where the plot to take over was based on something embedded inside of a new operating system is going to cause huge issues … in this case, we need to learn from Hollywood to know more about what is inside of our devices before we widely deploy them.  This means increased security at facilities and more required testing for possible breaches need to be mandated by the government.

However, will e