Latest attacks underscore need for cybersecurity in next-generation critical communications

One the great things about my job is that I get to talk with a bunch of really smart people about some of the things that technology will enable us to do in the near future. I’m always amazed by the engineering wonders that continue to squeeze more efficient use from each slice of spectrum and pack more processing power into tinier packages.

As stated in this column space before, there is no doubt in my mind that the next generation of critical-communications systems—leveraging IP-based architectures—eventually will deliver much greater performance, functionality, flexibility and convenience of use. In addition, automated IP rerouting schemes and increasingly dense networks should make these critical systems more resilient to man-made and natural physical attacks.

But as we plunge headlong into becoming more and more dependent on key IP-based systems—be it FirstNet, next-generation 911 (NG911) or smart grids for utilities and other critical-infrastructure entities—the one nagging concern is the ability to secure these crucial assets from cyberattacks.

Just in the past few days, we’ve seen hackers shut down a massive commercial enterprise (Xbox Live) for several hours, hold a Los Angeles hospital’s computer system hostage for ransom, and learned of U.S. plans to launch a cyberattack that would have crippled Iran’s power grid.

Of course, these are just the latest in a long line of episodes involving data breaches and cyberattacks on myriad systems. In the commercial sector, industry giants like Apple, Sony, Target and Home Depot—not to mention the Ashley Madison website scandal—have all been victimized. Hackers reportedly have demonstrated the ability to hack into airplane engine controls and automotive vehicle controls, and we have barely scratched the surface of potential issues regarding aerial drone and self-driving cars.

In the Ukraine, a cyberattack caused a significant power outage.

Public-safety and government entities have suffered from significant attacks, as well. Multiple public-safety agencies have paid hackers after having their computer systems rendered useless by ransomware, as happened at the Los Angeles hospital. The Office of Personnel Management (OPM) last year acknowledged that more than 20 million personnel records were stolen.

Even the National Security Administration (NSA)—an international master of computer espionage—suffered a major black eye in this regard with the ongoing revelations from former contractor Edward Snowden. Whether you consider Snowden to be a heinous traitor or a modern-day civil-rights leader, the bottom line is that he took a treasure trove of classified information out of the most secure organization in the world—and NSA officials reportedly did not realize he had done it, even months after Snowden executed his plan.

As one source said, “If the NSA can’t secure its stuff—or at least realize that Snowden had done something after the fact—what chance do the rest of us have?”

This is especially true for the Internet of Things (IoT), an exciting technological initiative that is expected to result in 50 billion devices being deployed by 2020, according to some estimates. But the only way those astronomical figures will become reality is if IoT devices are relatively inexpensive, and inexpensive devices typically have little, if any, security integrated (and even devices with security functionality may not be safe, if users simply leave default passwords in place).

Hackers already have stolen millions of records via VTech children’s toys, and even Mattel’s Hello Barbie dolls have been shown to be vulnerable. Reports that a refrigerator was used to send spam e-mail may not have been true, but there is little argument among industry experts that IoT proliferation promises to greatly expand the “attack surface” that hackers can exploit.