ORGANIZATIONAL ASPECTS NOT LEARNED FROM PREVIOUS

24
CHAPTER 3
New and emerging threats of cyber crime and terrorism
During the mainstream phase of an ICT innovation cycle, the whole chain (from 
manufacturer, sales force, and acquisition process at the end-user, system integrator, 
installer, third-party maintenance organization, and the daily operations by the end-
user) largely fails to take cyber security into account. The whole process is focused 
on providing functionality, not on a secure operational environment. It starts with the 
manufacturer’s installation guide which discusses electromagnetic compatibility on 
the first pages, then where to connect the power cord and network plug. Security, if 
at all, is loosely documented after page 60. It even may be surprising that standard 
manufacturer passwords sometimes have been modified. Where ICT is almost hid-
den as part of easier to functionality, people are “unconsciously insecure.” An exten-
sive discussion on this phenomenon and some detailed examples of avoidable cyber 
security failures can be found in 
Luiijf (2013)
.
EMERGING THREATS
From the above, it will be clear that any next ICT innovation cycle will result in new 
threats to end-users and our society. The bright new ICT inventors focus on the new 
functionality, increased efficiency and effectiveness of people and organizations, and 
ease of use. They lack any historic understanding of previous secure design failures 
and of earlier lessons identified in good coding practices.
This means that emerging threats can be predicted in new fields of ICT, especially 
where ICT is deeply embedded in functional systems. Often the threats are old threats 
disguised in a new look. These will allow cybercriminals, hacktivists, cyber spies, and 
states to enter ICT-based systems in an unauthorized way by making use of:
• Weaknesses in the validation of input values and protocol elements causing 
unexpected inputs to be used as a can opener.
• Buffer overflows allowing elevation of access rights to system manager (root) level.
• Man in the middle attacks to near field and wireless communication channels.
• The addition of self-configuring hardware modules to an existing system or 
network providing a backdoor.
• Publically known manufacturer and other default passwords.
• Unconfigured functionality which provides a backdoor.
• Unconsciously insecure managed ICT, often embedded in functions where 
people do not understand that it contains ICT under the “hood.”
The above forms a basis to understand the large number of next innovation areas 
where ICT is embedded and which may provide or already provides such security 
threats and new attack routes. We can distinguish mass products and essential parts 
of critical sectors:
 1.
Modern living: Increasingly, digital TVs are connected to public networks 
and the internet. The many millions of digital TVs with sets of fast video 
processing engines are an attractive source of processing power for cyber 
criminals, e.g., to make them part of botnets. The digital TV soon will become 

Download 5,67 Mb.

Do'stlaringiz bilan baham: