Vulnerable Smart Cities, ICANN DNS Hijacking Warning, and a Cyber Security Tycoon [CyberWeekly]
CyberWeekly Newsletter: Weekly Edition
Smart Cities are Most Vulnerable
While the smart home is a cool idea, there have been some very unintended consequences. We’ve heard of disaster stories of security cameras, stuffed animals with nanny cams, and other smart home devices being left publically accessible on the Internet with default login credentials. Despite that Big Tech has still succeeded in convincing consumers to place smart speakers (i.e., Internet-connected microphones) in their living rooms. From a security perspective the initial iterations of the smart homes have been questionable at best.
Therefore it’s no surprise that many cyber professionals cringe at the emerging idea of the smart city, a city that “uses IoT sensors and technology to connect components across a city to derive data and improve the lives of citizens and visitors.” I’m sure you can easily imagine a half dozen cyber security fails, which smart cities can generate. Fortunately, some of the leader who will influence the architecture of these cities have also come to the realization as to how vulnerable smart cities will be.
Entrepreneur magazine highlights that a trade body in India—in association with KPMG—has suggested a five-point plan of action to “enable smart cities to make peace with the cybersecurity needs.” The five points of the plan are:
Establishing a formal cybersecurity framework
Security must be built-in from the ground up
Security should be deployed in integrated form across value chain
Establish cyber resilient and trusted environment
Engage across industry, knowledge bodies and regulatory groups to standardise security measures
Smart homes and smart cities are almost certainly the future. Scepticism from cyber security professionals won’t negate the value and convenience that the entire smart concept offers. However, as a result I suspect that in the near-future there will be demand for cyber security roles that don’t even exist today. That’s on top of the already well-documented shortage of cyber security professionals.
I would suggest staying abreast of the developments in smart cities as there will undoubtedly be future opportunities there for cyber security professionals. You can find the FICCI-KPMG “Cybersecurity in Smart Cities” report here.
ICANN Warns of DNS Hijacking
The Internet Corporation for Assigned Names and Numbers (ICANN) recently warned about the threat of DNS hijacking. If you’re wondering, “Didn’t CyberWeekly warn me about DNS hijacking weeks ago?” The answer is yes! The U.S. Department of Homeland Security (DHS) warned of DNS hijacking attack originating from Iran. So the warning from ICANN isn’t exactly new news, but it is significant for a couple of reasons.
First, geopolitics is full of national biases. While warnings from DHS may resonate with Americans and citizens of nations historically friendly to the United States, it may not carry as much weight with citizens of other countries. It’s not Earth-shattering news to state that not every country in the world has an awesome relationship with America. ICANN however is a non-profit organization, whose Governmental Advisory Committee has representation from 111 states (including 108 UN members).
Second, ICANN wants DNS infrastructure companies to fully implement a security layer—Domain Name System Security Extensions (DNSSEC)—was first proposed 20 years ago. Despite DNSSEC being 20 years old, only 20% of the world’s DNS resolvers show any sign of using it! While the Internet moves fast, I guess infrastructure does not. Want to take a wild guess why companies have not implemented DNSSEC? You guessed it. Higher costs.
Hopefully, this bout of Iranian DNS hijacking will provide a sense of urgency in fully implementing DNSSEC and help keep netizens of all nations more secure online.
Cyber Tycoon
To be honest I’m not a huge fan of the “hero worship” that is often seen in Silicon Valley. That being said, I did find this profile on Jay Chaudhry, the founder of Zscaler Inc., to be pretty cool. According to the Bloomberg Billionaires Index, Chaudhry along with six other cyber security software billionaires are worth a combined $9.5 billion.
That’s not the cool part though. The cool part is how far Chaudhry has come. He grew up in a village in the Himalayas without running water and still seems to maintain a sense of humility to isn’t always seen in the technology sector.
"I do look sometimes back and say, 'Whoa.' My success so far has mainly been because I have very little attachment for money. My obsession is really to make sure that the internet and cloud are a safe place for everyone to do business."
-Jay Chaudhry in interview with Bloomberg
May we all be successful and humble.
Recent Blog
This week I published the article I’m an Army Veteran and Want to Help Other Veterans Build Careers in Cyber Security. The LinkedIn piece is geared toward helping veterans find opportunities for a second (or third) career in cyber security. Veterans are hard workers, fast learners, and have a trained, defensive mindset. They’re a great pool of talent to draw from as we seek to reduce the 2.93 million person talent shortage that we have in cyber security globally (498,000 in North America).
While this article was geared towards military veterans, it does have information that would be useful to anyone seeking to move into cyber security. If you know any veterans (or other perspective career changers), who would be interested in joining our high-growth career field, please share this article. There are so many smart people out there, who just don’t realize there are opportunities for them in technology.
Cool Job of the Week
Las Vegas Sands Corp. — Executive Director - Cyber Security (Location: Las Vegas, NV)
Veteran-Preferred Job of the Week
Emerson Electric Co — Manager, Cybersecurity Awareness and Reporting (Location: St. Louis, MO)
Hope you’ve enjoyed this week’s edition of the CyberWeekly Newsletter. Please share with a friend or colleague.
Click here to subscribe to the CyberWeekly Newsletter.
Stay vigilant,
Oritse J. Uku, Editor-in-Chief
Disclaimer: The opinions expressed in this newsletter are my own.