Tag Archives: cybersecurity

Special Report: 2018 Predictions for 5G, Security, Blockchains (Part 1)

By Ernest Worthman IEEE Senior Member

Dear Reader,

This is the time of year many of us editorial types stare deeply into our crystal balls to talk about what we think will happen next year.  What makes this both interesting, and fun, is to observe the topics and the sometimes widely differing opinions and positions we take when we discuss this.

Many of these tend to be similar – a short, high-level, flyover across a wide landscape of many topic and there are a ton. That is useful, since it puts a quick read on these topics so one can get a quick picture of them.

Therefore, not wanting to be left out, I thought I would throw my hat in the ring. However, I am looking to narrow the field down to maybe a half-dozen, or so, of these topics, that promise to be the most disruptive, I want to look at them with a bit more depth, and address, what I believe, to be the one or two biggest spoilers that will affect their trajectory and traction. Then, at the end of the year, revisit and see how well, or poorly I did.

Cheers,

Ernest Worthman
Executive Editor
Applied Wireless Technology

5G: When Will Hype Become Reality?

There was a lot of talk in 2017 that 2018 will see 5G appear. Depending upon from whom you get your information, it is anywhere from already being here to being several years out; this in spite of the 3GPP ratification of the Non-Standalone (NSA) 5G New Radio (NR) specification.

I have been somewhat critical of the NSA-NR spec. While it offers a set of bounds that can be used as early guidelines, unless it becomes a very well adhered to spec and the NSA has the goal of becoming “S,” it can cause more problems than it solves. Lets’ be honest, it was only created because of the pressure to keep 5G on target.

We will see some 5G movement in 2018. The trick is to continue to separate the hype from reality. The fact remains that mmWave 5G is still in the development and trial stage and that segment, along with enhanced mobile broadband (eMBB), will not be out in 2018. What we will be seeing is fixed wireless in the mmWave spectrum and some 5G-like deployments at lower frequencies where propagation is well understood.

However, there are spoilers:

·      Show me the money – while some companies, like Qualcomm, are willing to develop 5G (or 5G-like) products, not everybody is in the same boat. There are many possible use cases for 5G, but most companies are not willing to throw a lot of money at it until they are reasonably convinced they are going to get some ROI. While everybody wants 5G, it is still a bit nebulous as to what, when, how and where.

·      While the need for additional spectrum and densification is definitely an issue, there are several advancements and emerging platforms/technologies, in existing systems, that are picking up some of the slack (carrier aggregation, small cells, MIMO, network slicing, network functions virtualization and software defined networks, etc.). These can be applied, to some degree or another, to 4G networks. There is also some new spectrum coming on line (not enough, but it helps).

·      Second spoiler is NSA-NR. It is also nebulous, even though a rather impressive list of companies has signed up for it, because some of the big players are absent. How many of those, if any, will commit to it in 2018 is yet to be seen.

So, while 5G will, certainly, be a hot topic in 2018. Exactly how far and what segments of the platform will deploy, however, is uncertain.

Security: Increasing Awareness in 2018 but Little Action

Security is a universal concern. I do not see a universal shakeup in the security segment in 2018 unless there is a major breach of some sort. By that I mean an attack on some critical infrastructure component (power, transportation, satellites, the internet, etc.). Luckily, this country’s infrastructures are fairly well secured at a high level, but much of its hardware is old and patched. This works against the best efforts to secure it, and offers many opportunities for compromise.

It is also fairly decentralized and segmented (unlike smaller European, Asian and African, etc., countries where everything and its control is in one place) so even a major attack isn’t likely to bring the entire segment down. However, attacks are becoming more sophisticated, and 2018 is likely to see much wider and more coordinated attempt to disrupt major infrastructure. That will permeate across a much larger attack surface. The worst-case scenario is a coordinated attack against many individual entities to produce an order of magnitude greater end result.

On the commercial side, a recent statistic claims that 90 percent of businesses do not feel they are adequately prepared for a cyber-attack. Of that, 70 percent say they cannot either find or allocate sufficient resources to fully staff and fund the security vector. Therefore, this sector is beginning to look to cloud computing as a both a permanent and temporary solution.

The residential sector has a slightly different challenge While a breach on a business levies a substantial cost and affect a large cross section of people and resources, a breach on a consumer target is much more contained and affects far few components, initially. Moreover, the majority of such attacks are because these grades of devices just do not come with anything other than basic, easily compromised security, if any.

Security will gain orders of magnitude of eyeballs in 2018. It will become more and more visible as other technologies, platforms and ecosystems evolve, but it will remain behind the curve unless a pandemic or catastrophic cyber breach of unprecedented proportion occurs.

Major spoiler here is inaction. Many entities (both people and organizations) still do not see security as a top priority – simply because it has not happened to them. There are some exceptions; military, government, cloud players, etc. who are on it more than others are. However, for consumer, medical, smart home and devices and platforms used by players who are not as on it, ratchets up the level that can be exploited.

Whether 2018 makes significant strides in cybersecurity is anybody’s guess. It really depends on how cybersecurity is, or is not, taken seriously by ALL segments, industries, players and platforms. Considering the movement in both 5G and the Internet of Everything/Everyone (IoX), until that happens, the risk to the whole is much greater than the risk to the parts.

Blockchains and Cryptocurrency: The New Frontier

The biggest disrupter of 2018 will be blockchains, mainly due to the proliferation and movement of cryptocurrency.

Anybody who has followed the wild ride of Bitcoin has to recognize that cryptocurrency will cause a major disruption in the currency landscape. This has just begun and 2018 will see a myriad of changes come about. Not that hard currency is going away any time soon, but cryptocurrency will become a force to reckon with. 2018 will see cryptocurrency gain significant traction and widespread acceptance.

Blockchains are the engine behind cryptocurrencies; thusly they will see significant traction, as well. From the IEEE’s electronics360: In short, a blockchain consists of one digital ledger that is distributed across the network (the blockchain). All transactions are logged with the time, date, amount and participants, and grouped together with other transactions that happen within a certain time frame. Those transactions are identified with a mathematical computer-generated code, and linked to the previous block of transactions.

A blockchain’s characteristics include:

  • Blockchain’s key characteristics are what give bitcoin and similar networks the potential to disrupt, completely, the status quo in a number of industries including banking and finance, real estate, law and health care.
  • It is decentralized so no one entity can control its value through, say, changes in monetary policy.
  • A merchant account can easily be set up in seconds without the typical bureaucracy and subsequent fees and questions.
  • It is anonymous. Transactions are not linked to personally identifiable information.
  • It is transparent. Everyone in the blockchain has the same information in the form of a distributed ledger. The technology is open source so anyone can see how it works.

There is a huge fog of uncertainty around these platforms, especially with mobile payments. Not what they are but how they are going to fit into today’s society. These are uncharted waters for the mainstream, although there is a wealth of knowledge of their functionality in certain area (the dark web, for example).

The next 12 months will see the traditional financial infrastructure take a hard look at cryptocurrencies. Banks and regulators realize they are here to stay so M&A’s will begin to broaden. As well, applications will begin to appear and the benefits of them will become attractive to many players. Security will improve, wallets will replace exchanges and rules and regulation will be a top priority. How long it will take for all of this to play out is unknown. For example, the latest 451 Alliance report on digital wallets shows slowing of adoption, of them by consumers.

The spoiler here is the chaos in the platform and how long it will take these issues to sort out. The coming year may not, likely, see this segment move as fast as some predict.  The reasons for that is that there are literally hundreds of different cryptocurrencies out there and more on the way. How to apply a universal set of rules and create order from chaos, in the segment, is a real challenge. 2018 will start to sort that out. Additionally, a significant spoiler vector is the lack of regulation. That is a major issue that has to be resolve before cryptocurrencies go mainstream.

Nevertheless, cryptocurrencies are here to stay. It is just a matter of when they go mainstream.

 

New ‘Smart’ Routers Bring Needed Security

By Ernest Worthman, IEEE Senior Member

How often the ingenious find opportunity in failure! The number of OEMs installing security on consumer devices still has not hit critical mass. Therefore, there continues to be wireless (and wired, of course) device manufacturing community delivering product without any, or even bare minimum, security features.

That is not good news. With the continuing evolution of the Internet of Everything/Everyone (IoX) and the 5G infrastructure, continuing along this path is a recipe for disaster. In fact, some believe 2018 may be the year when the IoX becomes the vehicle for that major security breach experts have been warning about.

Here is why. Many of these devices (“smart” phones/tablets, appliances, security systems, home control, vehicles, etc.) are extremely “nosey.” By nosey I mean they are intimately connected, via home or mobile networks and the internet, to the lives of the consumer. And in many cases not just a piece of the user’s makeup. Virtually everything users, and those connected to them, do, is partly or wholly available on these devices.

These devices are becoming increasingly more intelligent in the sense that they all have, to one degree or another, a level of computer sophistication – some are extremely sophisticated. Further, with the next generation of AI, which is highly visible in devices such as Alexa, Google Home, Apple HomePod, and similar devices, it becomes an ecosystem that is ripe for a major breach.

Now, back to the beginning. Fortunately, some vendors are sensing an opportunity situation. While many are still counting on security being provided in the user’s software layers, others are developing hardware that is capable of placing a much tighter security blanket around these unsecured devices and networks.

Several manufacturers have developed a “smart” router. Now, this does not mean they have the same level of sophistication as dedicated encryption devices (which should be in every Internet-enabled device), but it does ratchet up the security profile a notch or two. Security and hardware vendors, such a Norton, Optimum, Netgear, Linksys and others are all seeing the wisdom (and opportunity) in stepping up to the home security plate. This is a huge step forward in this segment of the industry.

Now, is this enough? No. However, what this does is put a filter on what comes and goes into and out of the network. It is only effective for the area it is securing, however. If devices are outside of this net (smartphones/tablets/other mobile platforms, for example) all bets are off. However, they can be extremely effective in the home circumference, which is the biggest security vulnerability in today’s network infrastructure.

Now, their security protocol is not bleeding-edge. They have simply optimized some easily addressed issues. One being hardware resources. These devices are a bit more expensive than your run of the mill routers because they have upped such things as memory, both R/W and flash. They also contain a more sophisticated CPU – both of these aid in the router’s ability to function outside of the dumb router box.

With larger memory cores and more sophisticate processors, the router can dedicate more resources to keeping current in real time. For example, they implement cloud connectivity. While that may not seem all that significant, it is the best way to keep it current. This is a critical metric because the nature of having devices receive updates and patches, automatically, is woefully ignored by device manufactures.

Those same resources allow additional or expanded security protocols to be integrated – not just standard WEP and WPS. They also have the ability to monitor traffic more thoroughly and apply better algorithms, both in number and sophistication to recognize threats.

The final advantage and the pièce de résistance is app manageability – the capability to manage the router and all connected devices from your smart product. After all, we measure our cool factor in today’s wireless world by that metric. I have more apps than you do!


Ernest Worthman is the Executive Editor/Applied Wireless Technology. His 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT. His technical writing practice client list includes RF Industries, GLOBALFOUNDRIES, Agilent Technologies, Advanced Linear Devices, Ceitec, SA, and others. Before becoming exclusive to publishing, he was a computer consultant and regularly taught courses and seminars in applications software, hardware technology, operating systems, and electronics. Ernest’s client list has included Lucent Technologies, Jones Intercable, Qwest, City and County of Denver, TCI, Sandia National Labs, Goldman Sachs, and other businesses.  His credentials include a BS, Electronic Engineering Technology; A.A.S, Electronic Digital Technology. He has held a Colorado Post-Secondary/Adult teaching credential, member of IBM’s Software Developers Assistance Program and Independent Vendor League, a Microsoft Solutions Provider Partner, and a life member of the IEEE. He has been certified as an IBM Certified OS2 consultant and trainer; WordPerfect Corporation Developer/Consultant and Lotus Development Corporation Developer/Consultant. He was also a first-class FCC technician in the early days of radio. Ernest Worthman may be contacted at: eworthman@aglmediagroup.com.

The Clear and Present Danger of Corporate Access to Your Data

By Ernest Worthman

There is little doubt that, in this era, data is power. Players like Microsoft, Google, Amazon, wireless carriers, content providers, retailers…hmmm, come to think of it, I cannot really find any company that is not head over heels in love with data.

Not that this quest is not useful, it certainly is. The more you know the better you are able to accomplish any number of advantageous things. In this day of intense competition, those with the best data win.

However, there is a dark side and it has been around for a while in various forms. From smart TV’s spying on you to Internet crawlers mining your data to carriers following your every move to the latest Amazon Echo and Google Home, data is flying.

Concern about data is finally beginning to get some attention. Some have been warning about the massive data collection process by everyone and anyone since the beginning and now they are finally being heard. The questioning is starting. Google, Amazon and Facebook, are being assaulted by those who feel their data collection methods are questionable. There are questions over antitrust issues, Russian interference, consumer privacy and device security.

The concern is over the huge amounts of personal data that such mega corporations are amassing, A poignant point is brought up by Frankin Foer, author of the new book titled World Without Mind: The Existential Threat of Big Tech over the buckets of data these companies are collecting. Foer points out that such “troves of data are portraits of our psyche.”

The scary part about all of this is that the more data collected about you, the more able these players are to affect and alter our behavior.

The argument can be made that we are responsible for our data. In the end, that is true, unless the data is collected without out consent, in one form or another. And therein lies the rub. Collecting private data whether it is wireless or otherwise, has become an art form by the “collectors.” And while their methodologies are legal, if only by a hair, they tend to coerce us, not necessarily by force, but more by wearing us down with endless diatribes in print so small no human can possibly read it without getting a headache or worse, or denying us something if we don’t accept. Yes, we give them consent, but not by reputable means in many cases.

Take for example the End User License Agreements (EULA) that come with software. How many of us really read them, let alone understand them? These EULAs, basically, give away all of your rights to privacy, confidentiality and any type of performance assurance. And what about web sites? Do most people really understand what it means when that little blurb on the bottom says we are required to let you know we use cookies. That is all they say, they do not tell you that these cookies are a data-mining tool nor do they give you the opportunity to say no. Nor do they disclose all the other data being collected as you trip, merrily, across the web.

Now let us move on to smartphones. If you try to limit the data collection (location tracking, for example) you get all kinds of “oh my gosh” warnings that other apps may stop working and/or network performance may suffer. These kind of scare tactics are common across just about every segment.

Lastly, what about the security of this data? Everybody says, “your data is secure with us, trust us…” Just ask Equifax.

There is little doubt that this direction is going to continue as is. Data is too valuable to these giants.

In the end, what needs to be done is hold these data-mining companies responsible for the data and require that they let you know, in plain English what they are up to. Not with legalese or doublespeak or the endless droning of redundant micro text. And do not penalize you if you decide not to let them track, mine, collect and store every move you make.

Nothing is that important to me that I must give up my data to have it. You are welcome to my data, but only what I decided you can have.


Ernest Worthman is the Executive Editor of Applied Wireless Technology. His 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT. His technical writing practice client list includes RF Industries, GLOBALFOUNDRIES, Agilent Technologies, Advanced Linear Devices, Ceitec, SA, and others. Before becoming exclusive to publishing, he was a computer consultant and regularly taught courses and seminars in applications software, hardware technology, operating systems, and electronics. Ernest’s client list has included Lucent Technologies, Jones Intercable, Qwest, City and County of Denver, TCI, Sandia National Labs, Goldman Sachs, and other businesses.  His credentials include a BS, Electronic Engineering Technology; A.A.S, Electronic Digital Technology. He has held a Colorado Post-Secondary/Adult teaching credential, member of IBM’s Software Developers Assistance Program and Independent Vendor League, a Microsoft Solutions Provider Partner, and a life member of the IEEE. He has been certified as an IBM Certified OS2 consultant and trainer; WordPerfect Corporation Developer/Consultant and Lotus Development Corporation Developer/Consultant. He was also a first-class FCC technician in the early days of radio. Ernest Worthman may be contacted at: eworthman@aglmediagroup.com.

Fighting IoT Security Issues at the Sensor Level

By Ernest Worthman

One of the biggest enablers of the Internet of Everything (IoX) are sensors. They will be, literally, everywhere – billions and billions of them. And, nearly every one of them has the potential to become a security vulnerability. Such sensors will control many of the components of any number of devices and many are wireless. It is quite possible, and presently, quite easy to seize one of these sensors and remotely control them. Alternatively, in more complex units, tunnel into the sensors’ network.

We know this. That is not the problem. The problem is how to find a solution that is inexpensive and effective to embed in these devices (many of which are very simple, with little processing power and/or memory, and inexpensive). Yet, regardless of their stature, they are just as vulnerable as their bigger, more expensive brethren.

The industry has been struggling with that for quite some time. However, we are starting to turn the corner. Companies are coming up with novel solutions. One such solution comes from a company called SecureRF.

While I do not usually talk about company solutions, I think this company is on the right track. The security algorithms they have developed are addressing this tiny embedded device market. Such devices need two things: low bit-count computing (to run on 8-bit microprocessors) and low power consumption. SecureRF has done this with something called group theoretic cryptography. This is cryptography done with small numbers, (5- to 8-bit). That means these algorithms can run in their entirety (as opposed to breaking up 16- or 32-bit code) on an 8-bit processor.

The result is efficiency in two critical performance areas of limited-resource devices – speed and power consumption. This is a real win-win for these tiny embedded devices and a glimmer of hope that the IoX will not be just one big security hole.

Why the Equifax Hack Was No Surprise

By Ernest Worthman

One thing is as certain as death and taxes. If a device or system is connected to the Internet, it can be hacked

A couple of times per month, I like to pen a diatribe about security with some useful information, rather than just rake the usual story data about what happened, to whom and why. In this piece, I want to drill discuss a tangential issue – negligence.

One thing is as certain as death and taxes. If a device or system is connected to the Internet, it can be hacked – period. What is amazing is that people who should know that, somehow think they are either immune to hacking, don’t believe it will happen to them or just aren’t interested enough to implement the necessary firewalls. To me, this is utterly amazing, considering the vast amount of hacking going on.

In spite of best practices in security, some cyber-attacks cannot be prevented, but the vast majority can. However, they are not and for a reason that, in this day and age, is ludicrous – simple negligence. And, this seems to be the case with Equifax.

The reason they were hacked is common across many platforms, wireless or otherwise, a blasé attitude about security. To wit, they knew about, but failed to apply the patch to the Apache Struts, a Java application used to power front-end and back-end platforms. However, the pièce de résistance is that they knew the vulnerability was in their system and that a patch was available – they just hesitated – strike one. Then, according to Brian Krebs, a security expert, “an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: ‘admin/admin’” – strike two. I wonder if there is going to be a strike three. But the first two strikes can be chalked up to negligence.

This is the kind of stuff that gets a company buried in mounds of litigation, with the real possibility of ending its reign. The same is likely to stratify to individuals, as things get more complex and ubiquitous. So far, Equifax is looking at $70 billion in lawsuits; on top of the $20 billion it had to shell out to repair the damages from the breach (It probably would have cost them a few 10s of thousands to apply the patch promptly).

Now, Equifax is only one of the latest victims. Given the emergence of the Internet of Everything/Everyone (IoX), vigilence is going to have to become a top priority for everyone – from the home router to the cloud to mega-corporations. This act is wholly preventable.

With the ubiquity of the IoX, two things, education and the understanding of the ramifications of being negligent, become tantamount. Eventually, there will be a much larger attack surface than ever before. The bad guys know that and will seize every opportunity to capitalize on it. Negligence, whether gross or simple, costs money. It is incumbent upon all of us to get smart about it, and the damage being negligent can cause.


Ernest Worthman is the Executive Editor of Applied Wireless Technology magazine. A Life Member of the IEEE, his 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT.