Applying Cyber Situational Awareness

May 30, 2017
A Certified Ethical Hacker offers tips and tricks to protect yourself and your organization from cyber criminals lurking within the Internet.

We’ve all heard the saying “there is no delete button on the Internet,” but we secretly hope that when we take that unflattering photo off Facebook, it’s gone for good. Well, attendees at the Automation Conference & Expo last week saw for themselves that’s simply not the case. A presentation by a Certified Ethical Hacker (CEH) showed the audience how easy it is to resuscitate an old, seemingly deleted MySpace account—pictures and all.

Although that may seem trivial in today’s world of cyber threats, it was just one example shown by the presenter—who remained anonymous as he is part of InfraGard, a collaboration between the FBI and the private sector to protect critical infrastructure. To make the information relevant to the audience, the CEH—using a hacker search engine called Shodan—was able to show a communications layer exploit that captured MQTT discussions between devices running on the Internet, ranging from soda machines to industrial valves.

Though he did uncover thousands of devices exposed on the Internet, he explained how MQTT devices can be protected through a Software Defined Perimeter (SDP), otherwise known as the Black Cloud. The SDP uses single packet authorization so the receiving devices are “blackened” and therefore hackers can’t see it. The audience was also informed that the popular development tool, Raspberry Pi, is not secure and would be the first thing a malware program would scan for in the enterprise.

The CEH further explained there are multiple layers of exposure, including the invisible threats to the privacy of people tapping their keyboards. Marketers use human behavior analytics to track what you click on and serve up advertisements that support your interests. Hackers, however, use digital profiling for pattern matching to identify the ways you connect to the Internet, watch your behavior and obtain your log-in and password information. At the end of the day it is not you they want; they will use you as a way into your company.

“Hackers are in your life for two years before they hit your company,” the CEH said.

Because we live in the land of the Internet of Everything, everything from a refrigerator to your cellphone is an opening into the enterprise. So how do we protect ourselves and our companies? First and foremost, be aware of what you are posting on social media—even a simple picture can provide clues to the cyber criminals. Install browser add-ons like Ghostery that can block tracking technologies, turn off location services on your phone and, of course, encrypt data moving between smart devices.

Practice cyber situational awareness, the CEH said. “When you talk to someone, you think about where you are, how loud you are being, what the subject is. Take that same mindset and apply it to cyber. Think before you connect.”

About the Author

Stephanie Neil | Editor-in-Chief, OEM Magazine

Stephanie Neil has been reporting on business and technology for over 25 years and was named Editor-in-Chief of OEM magazine in 2018. She began her journalism career as a beat reporter for eWeek, a technology newspaper, later joining Managing Automation, a monthly B2B manufacturing magazine, as senior editor. During that time, Neil was also a correspondent for The Boston Globe, covering local news. She joined PMMI Media Group in 2015 as a senior editor for Automation World and continues to write for both AW and OEM, covering manufacturing news, technology trends, and workforce issues.

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.

Micro Motion 4700 Coriolis Configurable Inputs and Outputs Transmitter

The Micro Motion 4700 Coriolis Transmitter offers a compact C1D1 (Zone 1) housing. Bluetooth and Smart Meter Verification are available.