twitter facebook rss

2017 InfoSec Predictions

Posted by on January 4, 2017.

As usual, we have the requisite Information Security Predictions for the coming New Year:

Netanel Rubin certainly agrees on that last item, claiming the increased use of smart meters which utilize insecure encryption and known-pwned protocols is a large threat. The utility hacker and founder of Vaultra derided global governmental efforts to install the meters as reckless, saying the “dangerous” devices are a risk to all connected smart home devices.

Here are my predictions:

  • The majority of businesses and consumers will continue to ignore the changing threat landscape
  • We will continue to connect anything and everything to the Internet (needed or not)
  • We will continue to believe the Internet will always be available, so we will continue to rely on it for banking, emergency response, traffic and SCADA systems
  • We will continue to learn nothing from recent history

To be sure, there will be no slowing down of this pervasive cyber universe… until it breaks on a large scale. When it does, get ready for invasive government oversight.

The other day I was setting up a WiFi router access point to practice a small bit of hacking. As I was plugging in the power brick for the device, I notice it had a UL stamp. Underwriters Laboratories (UL) is a global independent safety science company with more than a century of expertise. UL claims to help safeguard people, products and places in important ways, facilitating trade and providing peace of mind.

My WiFi router’s power supply design was reviewed, tested and carried an approval from UL. The actual access point itself… not so much. No, the actual item that could be used to break into my local network or participate in a DDOS attack had no stamp of approval. That device’s design was reviewed by “who knows”, certified by “no one”, and carried the stamp of “quales desit”.

It might surprise you to learn (it did me) that UL actually has a Software and Security discipline for cyber security. I hold many certs and I have been in this business a long time. I never had the opportunity to hear a vendor say, “You know our product carries a UL CAP (Underwrites Laboratory Cybersecurity Assurance Program) stamp of approval”. I never learned about UL CAP in any certification course.

UL CAP is a perfect example of why I so push to professionalize the Information Security profession. How do such potential paradigm shifts in this nascent cyber universe get traction with no core and no leadership? My little power supply is certified to be safely plugged into the power line, but my Internet Router carries no such certification to be safely plugged into the Internet.


One thought on “2017 InfoSec Predictions

  1. “We will continue to learn nothing from recent history”

    This prediction is true overall, not only to the infosec field.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Martin Zinaich | Tags: , ,