Cyber Security: How a Software Glitch can Kill People
I had a completely different Money Morning prepared for you today. I was going to weigh in to Joe Hockey’s narrow-minded comments. You know the ones. Where he said Australians should just get a good job that pays well. That way it’s easy for everyone to afford a house.
I had the whole thing ready to go. And then I saw something else that terrified me more than the ignorance of Australian politicians. It’s a topic that I’ve been following closely for a couple of years now. So I figure, rather than join the throngs condemning Mr Hockey, I’ll alert you to an actually important story.
I call it the most important issue of the 21st century. And I stick by that comment. I often feel like a broken record talking about it. I’ve literally gone on about it so much it does feel a bit like I’m going in circles.
I talk to people about it everywhere I go. Because everywhere I go I see examples of how big an issue this is.
I’m (again) talking about cyber defence. The importance of cyber defence cannot be understated. There is no system in the world that is safe from hackers. Literally no system. Anywhere.
But there are companies that can thwart attackers. No one will ever be able to completely stop it. But they can make it harder.
It’s like a burglar walking down a street and seeing two houses. One has a gate, some cameras and alarms. He could break into it. He’s got the skills. But the house next door has its front door wide open. Which one do you think he’s going to choose?
The point is that everyone in the street should have security. You lock the doors when you head out don’t you? Well you should also do the same when you’re online.
In our world everything is connected and online. Your most vital information is kept in an online world, supposedly under lock and key. My guess is that you probably use internet banking. You probably have email. And you probably have a phone that has WiFi, Bluetooth, NFC and mobile data.
You’ve probably been in a reasonably new car. That means it will have multiple engine control units (ECUs). It might also have radar systems, tyre pressure monitors, Bluetooth and other wireless connections.
Or if you’re on a plane you only need to look at the back of the seat in front of you to see an entire entertainment network. This network permeates through the entire plane. And then there are all the electronic and computer based systems that fly the plane, track it and communicate with the outside world.
If you’re in any confusion about the increasing reliance transport systems place on computers, let me clear it up for you.
On May 9 this year an Airbus A400M crashed in Spain near Seville. Four crewmembers died in the accident.
As with all air accidents an investigation took place. According to the BBC, ‘Plane-maker Airbus discovered anomalies in the A400M’s data logs after the crash, suggesting a software fault.’
Source: BBC / Associated Press
Click to enlarge
Someone or something accidentally deleted important files that control the torque of the engines. With the engines relying heavily on automated systems, this meant the propellers didn’t spin fast enough and couldn’t power back up.
The plane simply fell from the sky.
As a result all A400Ms are out of action. This includes planes that the UK, France, Malaysia, Turkey and Germany have already taken delivery of.
Of course this isn’t a commercial passenger plane. However it’s another example of how the simplest system failure can have dire consequences. And if a malicious attacker can remotely access a system and just delete some crucial files, they can effectively take control of a plane.
I bring all this up not with the intention to scare you. It’s to bring to your attention the absolute need for cyber defence systems to ensure this kind of thing doesn’t happen, or at least doesn’t happen regularly.
Sometimes not even the best cyber teams in the world are safe from attack. This week Kaspersky Labs also discovered they had been under attack.
Kaspersky are one of the world’s leading cyber security and research companies. They’re the ones that discovered the Carbanak attacks on the world’s 100 biggest banks.
But they found in their own networks malware designed to spy on them and find out who they were researching. What’s worrying is that after Kaspersky looked at it they found similarities to the stuxnet malware used by Israel and the US.
Kaspersky said it was an upgraded version that appears to be government-made malware. Engadget reports that,
‘This “Duqu 2.0” not only tried to obtain details about Kaspersky’s investigations and detection abilities, but remained remarkably stealthy. Pre-release software was necessary to catch it, and there were attempts to throw researchers off the scent by suggesting that China or Eastern Europe was to blame.’
It’s an incredibly brazen piece of cyber espionage. And I’m sure it’s not the only one. But luckily enough Kaspersky found it, because that’s what they do. And the malware wasn’t able to seriously compromise any of their systems or clients.
But it was there, and that’s reason enough for concern. The simple fact is nothing is 100% safe. However, with an increased focus on cyber security and white hat hackers working on defending our cyber world, we can thwart many of the malicious attackers.
There are some great companies working away on this. There are at least two Aussie companies that have world-class cyber defence technology. They are literally bringing in some of the world’s biggest companies as clients.
Of course there are more. In fact I’ve identified six I think are the best of the best when it comes to cyber defence.
These companies, along with your own increased awareness, will help to protect our digital world.
Hopefully over the next few years people’s mindset will change. As we all come to realise how significant cyber defence is, we just might be able to maintain control of our digital world.
But if we keep it as an afterthought then perhaps we’re all doomed.
Sam Volkering [+],
Editor, Money Morning