https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Partner content

The cloud and 5G security apocalypse is only a matter of time

The cloud and 5G security apocalypse is only a matter of time

  • Written by Iain Morris / Light Reading
  • 21st October 2022

AMSTERDAM – Network X – Greg van der Gaast recalls his first encounter with hacking at the tender age of 16. “My sister brought home a VHS cassette of the movie Hackers, and what this movie taught me was that if you break into computers you get it on with Angelina Jolie,” he said. “I was highly motivated as a 16-year-old.”

One year later, the man subsequently described as one of the five most infamous hackers on the planet had hacked into a nuclear weapons facility in the US and recorded the largest mass hack on record. There was no sight of Angelina, but he was visited by three men in suits from the Defense Department and another from US immigration – there to remind him of his semi-legal status as a Canadian in the US. “Offered” a job that meant receiving cash payments in a parking lot from federal agents, he spent much of the next three years behind a computer.

Not all of it, though. “I was in a high-speed chase,” he told attendees at this week’s Network X show in Amsterdam. “I also once had to meet an arms dealer with a recording device taped to my testicles, which was uncomfortable, although not as uncomfortable as when I had to remove it.”

These days van der Gaast’s lifestyle involves fewer such hairy moments (ouch). He speaks at trade shows, writes books and runs his own business advising companies on their cybersecurity strategy. And what he sees is scary. His rather peculiar analogy for the state of the security industry is a car factory whose third-floor assembly line spits cars onto a parking lot below, leaving employees to pick over and restore the mangled remains. As cars rain down, and the pile grows, there are not enough people to clean up the mess. And no one asks: “Why are we dropping cars from the third floor?”

The moral of the story is that security breaches usually happen because of bad practice upstream, while the industry’s attention is focused on the downstream disaster in progress. “I’ve seen the same causes for every big breach I’ve witnessed in the last 20 years – I have never walked into a company that had good asset management,” he said. “We keep building on top and on top and on top, not realizing the whole stack is compromised from within. You are not in control of your servers and your repositories or what code goes into your products’ firmware.”

No one knows what’s under the hood

It’s a view shared by Karsten Nohl, a German security expert paid by telcos to hack their systems and report back. As operators rush to “cloudify” their networks, he has found supposedly isolated websites providing a point of entry to IT systems, poor configuration of cloud-management tools, no safe segregation of network parts, reliance on open-source code with scores of unknown authors.

“Patching, hardening, network segregation, EDR [endpoint detection and response] – none of that happens in these networks,” he told Light Reading. “A 5G network we tested before it launched was already outdated by three years.”

The move from traditional vendors like Huawei to an array of smaller vendors with an IT background has simply thrown up a different set of problems.

To read the complete article, visit Light Reading.

 

Tags: 5G Analytics Applications Artificial Intelligence Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software Standards State & Local Government System Design System Operation Tracking, Monitoring & Control Training Wireless Networks Partner content

Most Recent


  • Siyata to showcase new PTT device with body camera during IWCE 2023
    Siyata recently announced it will showcase its new SD7+ device—a handset form factor that integrates body-camera functionality with the company’s rugged SD7 dedicated push-to-talk-over-cellular device—during the upcoming IWCE 2023 event in Las Vegas. Nick Yaeger, Siyata vice president of sales, said the SD7+ will be able to act as a body camera via Siyata’s partnership […]
  • Airbus U.S.: Rebecca Purcell, Bob Baumann discuss MCX, Agnet offerings
      Two members of the business and mission-critical solutions unit of Airbus U.S. Space & Defense—Rebecca Purcell, business analyst for business and mission-critical communications, and Bob Baumann, head of sales for business and mission-critical solutions—talk about the company’s diversified portfolio, including mission-critical communications offerings like MCX services over its Agnet platform. Attendees of the IWCE […]
  • Microsoft Outlook vulnerability could be 2023's 'It' bug
    Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim’s Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it’s becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are […]
  • Getting to know the how—and why—of the telecom cloud
    A funny thing happened during the pandemic: The giant cloud hyperscalers burst into the telecom industry. And now it’s time for everyone to get acquainted with them. Why? Well, it seems increasingly inevitable that a certain percentage – ranging from “a little” to “most” – of telecom operators’ network functions are going to run in […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • iCERT offers NG911 funding input to Senate
  • White House unveils cybersecurity strategy to keep IoT devices safe
  • List of common passwords accounts for nearly all cyberattacks
  • Verizon rules out putting its core in the public cloud

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Siyata to showcase new PTT device with body camera during IWCE 2023 dlvr.it/SlL0mS

23rd March 2023
UrgentComm

Airbus U.S.: Rebecca Purcell, Bob Baumann discuss MCX, Agnet offerings dlvr.it/SlJNqW

22nd March 2023
UrgentComm

Microsoft Outlook vulnerability could be 2023’s ‘It’ bug dlvr.it/SlC3Hh

20th March 2023
UrgentComm

Getting to know the how–and why–of the telecom cloud dlvr.it/SlBbD1

20th March 2023
UrgentComm

Zipline delivery drone docks, charges by itself dlvr.it/SlBNWy

20th March 2023
UrgentComm

State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends dlvr.it/SlBH89

20th March 2023
UrgentComm

6G is shaping up to disappoint, and the industry can blame itself dlvr.it/Sl918J

20th March 2023
UrgentComm

Change is coming to the network detection and response (NDR) market dlvr.it/Sl4cts

18th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.