Mengqi He

Wow very interesting article Mengqi. This is concerning as 3d printers are becoming mainstream. Good point on the fact that IT experts as well as industry experts would need to work together in order for this type of attack to be successful. I can see how these attacks can be launched by state sponsored actors with a political agenda, as the resources necessary would easily be available. These attacks could also possibly happen if rogue industry experts start selling their skills, like the tools available on the darkweb. Not sure how this could be defended. There would obviously need to be some form of authentication that compares the printed design against the blueprint, which should be locked up somewhere safe.

I am super paranoid about connect to any open Wifi network. It is so easy to hijack an open wifi or just have a fake one setup. It is just not worth the risk to connect to an open network. One thing to keep in mind, even you if decide to connect on open wifi and you might not even check your email or social media, you are still connecting using those accounts since they are working in the background. They will still be vulnerable to theft.

This article should be a wake-up call for people who often use public Wi-Fi. These statistic numbers are shocking. The way I see this is similar to the driving and texting problem. People in large numbers are aware of local laws against it, but are willing to take the risk regardless. Therefore, better solutions need to be implemented. A quick solution to this would be for State Officials to enact laws requiring top notch security and encryption for all public places providing Wi-Fi.

It wasn’t until I was in this program that I didn’t realize or thought that public hot spots were not safe. I have a totally different outlook on what networks I connect to when I am out. It seems like that organizations need to strengthen their security and strengthen type of encryption that is used for Wi-Fi.

Interesting article Mengqi. Companies should do the contrary, making sure their apps are secured before releasing it to the public It doesn’t matter how fast an app is release, if it has security flaws than it will be a terrible product and customers will not use it. Better to be slow and secured, than fast and flawed. As security is now a hot topic, hopefully companies will take their times and build secure apps.

Rarely do we talk about cyber security in terms of our actual safety, its usually more about our privacy. However, with the advent of electric cars, drones, and any other electrical device that can harm a person, I think a lot of people will start to take cyber security more seriously. It is good to see the aviation industry being pro-active to combat the potential threats to planes by cyber attacks. We should continue to look for ways airplanes are vulnerable and have action plans against it.

Due to the high risk involved and the importance of technology in the aviation industry I’m actually surprised that these measures haven’t already been taken. That being said I’m definitely glad that the aviation industry is aware of the significant impact cyber-related issues could have and are taken the necessary steps to help mitigate these incidents proactively with drafting guides and performance standards.

Mengqi, a great article, and like Ahmed said, we often think about cyber security in terms of keeping our data safe. This sheds a great light on the fact that our lives are so engulfed with technology, that many moments of our day are at risk! It’s so very scary to think of what people with ill intent could do. We choose to let technology into our life to make it easier, but that comes with a price. That ease can be turned against us!

This is something that many companies are encouraging so as to have shared assessments they can reference instead have having their auditors or security staff asses third parties. If the third party can demonstrate a solid program that is independently assessed they can save a lot of time and money by not having all the companies they do business with individually coming in to perform annual assessments.

Wade

One weeks ago, I saw that Yelp was providing a big bounty for people who could find vulnerability in their system. I am glad to see these companies can form an alliance to encourage people who have computer skills. Also, this is a sign of that companies started to value and pay more attentions on cyber security.

Mengqi,

Great article. Having a standard questionnaire that companies can use shows that companies are getting serious about their vendor security. If you think about vendors and the data they handle for companies ultimately the organization is as safe as the vendor. If a vendor is unable to handle data safely they are unable to protect customer data. Having this Vendor Security Alliance (VSA) allows organizations to protect both their data and their customer’s data.

As you will hear from me as we progress through the course, this is often the case. Anonymous is good example, they generally do not actually attack anyone. They talk it up and get unsuspecting dupes to launch attacks. The dupes then get busted.

Wade

Nice article Mengqi! I attended the IANS conference last year in Philadelphia shortly after the Jeep hack was made public. There was an expert in automobile security speaking and he explained that the Jeep hack gained the automobile industry’s attention. He explained that he had been engaged by many automobile manufactures recently to sit in on design sessions to raise security considerations. He also said that the automobile manufactures were willing to show the initiative to consider security and safety in the discussion, however he was not convinced that automobile makers were willing to make some of the trade-offs (i.e. reduced functionality and usability vs. increased security).

I think we’ve just begin to scratch the surface of the potential attack vectors for connected cars and self-driving cars. As these innovations become more complex and autonomous, the need for security will be even greater. It’s going to be extremely important to build strong security into the design of these vehicles to keep drivers safe in the future.

I saw the Jeep presentation at BlackHat. It was pretty impressive. The one thing the presenter did stress is that the manufacturers are starting to listen and lock down some of the vulnerabilities identified. In particular, the remote access vulnerabilities. On the down side, each manufacturer is running proprietary systems making it difficult to research all of the makes and models.

Mengqi,
This is an interesting subject, that will get more attention in the years to come. With Google and Uber experimenting with self-driving cars, the opportunity for hackers to gain access to these self-driving automobiles and cause trouble on the road is increasing. I recall reading an article regarding the Jeep-Fiat hack last year, although all of this technology in cars is great, and designed to make driving safer, it has the potential to be hacked and cause more harm than good because it takes control out of the drivers hands.

Mengqi, great article. I bought a car a few years back with OnStar, I didn’t want Onstar, but it came with the vehicle for 12 months. The salesman asked me why I didn’t want it. I told them, while it’s great that I can call and have my doors unlocked with the service, or find my missing vehicle, the pessimist in me knows it will be days until criminals use these tool for no good!

It’s just a fact of life of doing business in our world. Companies will continue to make technological advancements that “make our life easier”. And there will always be that one person who will look to turn that advancement into something they can profit from.

Maybe I have been watching too many crime shows. I guess the question comes down to freedom or convenience? I personally would not want the service either. I would agree on the surface its convenient when you are in trouble situation. While the system is on the amount of information that the system is using and tracking on your whereabouts can be used as an invasion of privacy

Pretty interesting article. It amazing that we are talking about self driving cars and that sensors can be jammed causing the car to malfunction. Personally I want to be in control of any vehicle that I am driving and not relying on a computer in a car to take me to my location.

This is definitely an interesting article. Our technology has scaled such that risk management was left behind. Innovation is great but also leaves the users exposed in some form or fashion. I applaud you on finding this article! The ‘internet-of-things’ isn’t just automobiles either. Some technologies, for example artificial hearts relay information to doctors via WiFi. If the artificial heart has an IP address, it can be hacked. While connecting things to the internet (homes, medical devices, cars, weaponry, positioning systems, aircraft or UAVs…) opens the public up to the risk of being hacked and be dangerous. Its important that we keep our pace of innovation in mind because we don’t want to fall victim to our own progress.

This article definitely brings the risks of autonomous vehicles into the spotlight. It’s easy to focus on the marvels of self-driving vehicles, but the risks are proving formidable. I read a similar article about successful hacks against the Tesla Autopilot technology. The hackers were able to leverage spoofing techniques and jamming in order to ‘trick’ the sensors into not seeing impending obstacles. Similar attacks have also been successful on Audi, Volkswagen, and Ford vehicles. These attacks could lead to high speed, potentially lethal accidents. Despite the obvious benefits of advancing automotive technology, the inevitable computerization of these vehicles puts drivers at the mercy of hackers. Enhancing security and safety of these vehicles is going to be a top priority for automobile manufacturers and, if the problems persist, a focal point in the legal landscape going forward.

If anyone is interested in perusing the article I mentioned, the URL is:
http://www.forbes.com/sites/thomasbrewster/2016/08/04/tesla-autopilot-hack-crash/#1efbc15fdc93