Cyber Physical Systems (CPS) And BYOD Security

Cyber Physical Systems (CPS) 

Technology has changed the world radically. But, to date, the world hasn’t changed as fast as technology to. There are a couple of concepts that are concerning as we head into the reality of CPS-deployed systems. The first is that standards don’t exist.

Many companies are considering the Bring Your Own Device (BYOD) conundrum, evaluating the value and cost (as well as the risk) of allowing employees to bring their own devices to work. The value for the company is that a single device now connects each employee to the company. It also connects them to their life, which means they will always have their work phone with them.

A Peak Inside

It opens a door, and once that door opens, not even Pandora will be able to close it.

My phone is a component of the personal operating space called my personal cloud. When you, as my employer, enable a BYOD program, you are inviting my personal cloud into the Workplace. By default, you are also allowing me to connect my personal cloud to your network. The image that comes to mind here is of Charles Schulz’s character Pig Pen. My personal cloud extends all around me like Pig Pen’s dirt cloud.

Cyber Physical Systems

CPS_for_Manufacturing

(Image Source: Wikipedia)

And there’s another problem to consider. CloudTweaks is full of articles on the ever- expanding reality of the Internet of Things (IoT), more properly called Cyber Physical Systems (CPS). Why CPS and personal clouds? Because your corporate network is connected to every single CPS device my phone is connected to. I am the Trojan horse. I bring the Greek warriors inside your corporate security and, without knowing it, I am also the one that opens the trap door.

Some of the devices I connect to are harmless. But, given that they are simple harmless devices, someone can modify them. Do I care if there is suddenly a red dot in the upper right corner of my home weather station? Nope, I just need to know how much rain is falling on my house. But that dot isn’t a nice dot. It is sort of the modern equivalent of a laser targeting dot. We see them on TV all the time, when the bad guy suddenly realizes there aren’t two guns pointed at him but 200. I can mandate that all BYOD devices have Bluetooth disabled and are not directly connected to the corporate Wi-Fi network, but I am just putting lipstick on a pig, as the old saying goes. Once that phone connects to and moves corporate data, I am at risk as a company.

Homebase

Beyond the personal cloud, there is also the issue of the home cloud. I call it the home-private cloud because it is a stationary-managed solution that provides computation and storage for the people who live in my home. It, along with my personal cloud, are now happily connected to your network. My Trojan horse that I carry in my pocket is connected to an even bigger Trojan horse.

Now, I am not advocating that enterprises send their IT security professionals to every house that connects to their network. There need to be easily managed personal and home-private cloud security standards, and by easy I mean automatically deployed. If you connect to a corporate network, that network can connect to the security control center of your network and verify that it hasn’t been modified or hacked. If it has, quarantine the phone so that the Trojan horse can’t be deployed. The same is true of my personal cloud. Having standards that include easily deployed and managed security settings will at least keep the horse in the barn. It won’t roll the Trojan horse into the middle of your corporate network and then hand it the keys and say, “Have at our corporate secrets.”

We need simple security standards for home-private and personal clouds.  They don’t have to include complex security rules. Rather, they could consist of a single chip in the phone and a single device in your home that will tell you if, in fact, that cloud has been compromised.

Dismantled Trojan horses make great firewood for the winter.

By Scott Andersen

Recovery Experts.png
Hair Loss.png
Cloud For Dummies.png
Byod.png
Gary Bernstein
Cloud Benefits in the HR Industry Cloud computing is the delivery of services like software and databases using the internet. These services are available at affordable rates and help businesses lower operating costs. Cloud computing ...
Dana Gardner
We’re all now part of a massive worldwide experiment about the very definition of work. Remote, in-office — or tightrope walking along some sliding scale between the two? How each business and each worker finds the ...
Hacks
Tether Concerns Tether (USDT) is a type of cryptocurrency known as a stable-coin. It’s price is pegged to $1 USD, with the cash to back the currency held in a reserve bank account. As of ...
Dinesh Varadharajan
How Citizen Development Can Help In our digital age, people can order lunch from their phones and have it delivered in 30 minutes. Citizen development makes work as easy as ordering food from a food ...
Louis
Devops teams are sacrificing focus on security gate reviews to meet tight time-to-market deadlines amid growing pressure to deliver digital transformation and digital-first revenue projects ahead of schedule. Compensation plans for CIOs, devops leaders, and their teams prioritize time-to-market performance, ...