Quick survey of today’s cyber news . . .
***
Computerworld’s Darlene Storm with a disturbing thought: pacemakers may be vulnerable not only to hacking, but “a worm with the ability to commit mass murder.” This from a presentation given during a security conference in Melbourne. It has been well known, for a while, that pacemakers and other medical devices are susceptible to hacking. Taking that one step further, the researcher explained that “he could rewrite [a pacemaker’s] onboard firmware,” possibly creating an “anonymous assassination” worm. Scary stuff if true.
Along similar lines, Ben Weitzenkorn for NBCNews on how medical malware is running rampant in U.S. hospitals.
***
Joseph Menn reported for Reuters on the White House’s view on Huawei, the much criticized Chinese telecomm. According to the article, the White House found no evidence that Huawei had actually spied for the Chinese government, but did find evidence that Huawei’s products were risky due to backdoors. That finding largely corroborates the House Intel Committee’s report.
Of course, there was no evidence of active spying. I think the presence of backdoors, in conjunction with Huawei’s ties to the Chinese government, is more than enough. Along those lines, the Reuters article cited two officials who “were most concerned about the capability for future spying or sabotage.”
In short, Huawei is still a risk.
***
Mathew J. Schwartz, for InformationWeek Security, on the cyber-espionage campaign we’re witnessing in the Middle East.
***
John Reed wrote for Foreign Policy on how the White House is still going forward with that cyber EO. After SecDef Panetta’s speech, several lawmakers have advocated for another push on cybersecurity legislation. Nevertheless, the White House is still crafting that cyber EO. I think that’s wise. Although SecDef Panetta “has made clear that inaction is not an option,” inaction has been the #1 option. I doubt that legislation gets passed in a lame duck session. And for better or worse, this cyber EO has followed the path of cyber ROEs: we get word that its coming soon, then wait a few weeks, then get word its coming soon, then wait a few months, etc.
***
Ann M. Beauchesne, VP of the U.S. Chamber of Commerce’s National Security & Emergency Preparedness Department, wrote an op-ed in the New York Times. Pretty standard argument: information sharing is important, any cyber legislation must focus on information sharing and not hurt business.
***
Finally, via Reuters, the Canadians are beefing up their cybersecurity spending . . .
4 Pingbacks