Personal and home security standards–we need them badly!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

GPS systems represent an interesting part of CPS deployments. From tiny GPS chips that can track a phone or a person (without their knowing it) to systems installed in boats, airplanes and cars GPS has taken over the directions we get. It is however a distributed system producing expected and consistent results. When a phone or GPS system fails we blame the system.

Many of the things that have embraced the internet are things we rely on. The digital data component of our cellular devices is something we rely on. Have you recently checked your email on your hand held device. So why talking GPS today? Well frankly it is possible to spoof a GPS signal. GPS is all about signal strengthen and you could if you wanted to overload the signal by retroacting a GPS signal in an implied manner.

There is no checksum in a GPS signal. To date no one has done this but you could. Redirecting someone someplace they don’t want to be. Holding their location hostage until they pay for you to release their GPS. Security within CPS is critical. both IT and OT. (Information technology and operational technology). How and what we secure is important.

I’ve talked before about the big issues, the bridges of CPS going forward. Access, Data, Power, Bandwidth are all components of CPS that will ultimately determine the slope of implementation. IoT a marketing term that was coined a few years ago talks about devices that connect to the internet. There are more components of CPS than just IoT. Device to Device to Device remains a piece. CPS is the layer of intelligence between the device and the user. It is also the monitoring of the IoT devices and management of those devices as well.

I have a friend whose favorite saying is “I don’t have to outrun the bear, I just have to outrun you.” That really applies to CPS and the reality of security. I don’t have to be secure, just more secure than the 20 phones or devices next to me. Its why I keep pounding on the concept of standards for personal and home private cloud security. Easy to implement security that gets most people to “minimally secure” rather than their current state of Maximum Exposure.

Tomorrow, that device you love will be at your place of work. The home private cloud you connect to and the personal cloud around you comes into your place of business or the organization where you work. You, without meaning to, just invited a person with bad intentions into your place of work. OT and IT Security teams have to defend against attacks. They once defended the exterior of your organization with Firewalls and layers of security. It was called a tootsie pop (hard exterior, soft interior). But now that soft interior is sitting in the coffee shop across the street. That soft interior is being fed information by thousands of devices. Sun Tzu wrote know your enemy but also know your field of battle. When you friend is sitting in the pocket of someone 2000 miles away from the core security systems you’ve built to protect the information of your organization what happens next? If you time the device out to protect the data you could cost your company sales. Losing sales slowly runs you out of business. If you lose the information you can also lose your business (your competitive advantage leaking out of an android device hacked at 30,000 feet because someone didn’t switch to airplane mode in an airplane).

The enemy was never in front of IT Security, but they could once at least control where the enemy attacked. Now the field of battle has changed and the pencil sharpener your new neighbor gave you could be a listening device. The prize you won (for those of you who love the works of Jean Shepard a Lady’s Leg Lamp) that you brought into the office could actually be a Trojan horse, literally. Seeking open we-fi or Bluetooth connections to take control.

As the field of battle expands its time to at least control as many variables as we can. Its time for a personal cloud security standard. A minimum for what security exists in your personal cloud. Its time for a home private cloud security standard as well. Better security at your cable model or fiber optic network connection. Better security on your devices by default. Yes security can slow you down. But being out of work because your company can’t keep its secrets is a lot worse.

.doc

CPS Security Questioner…