August 4, 2020

From Y2K To NYC Parking Meters: Have We Learned Anything About Complacency In Cybersecurity?

By Steve Prentice

Cybersecurity Complacency This past January – in what seems like a different world now – a story briefly hit the headlines and was seen as more of a quirk than a threat. It was soon eclipsed by the enormity of the COVID-19 pandemic, which has occupied the world’s attention ever since. But this story should […]

Cybersecurity Complacency

This past January – in what seems like a different world now – a story briefly hit the headlines and was seen as more of a quirk than a threat. It was soon eclipsed by the enormity of the COVID-19 pandemic, which has occupied the world’s attention ever since. But this story should not be forgotten, because it has roots that extend far back into the past and, more importantly, has serious implications for computing and threat management far into the future. And it starts with some parking meters in New York City.

The problem – as small as it might seem to some – was that immediately after New Year’s Day 2020, some parking meters in NYC stopped accepting credit and parking cards. At fault was the credit card payment software built into the meters. According to the manufacturer, its anti-fraud system had not been updated, which meant the software essentially expired as the calendar turned to January 1, 2020. Technicians were dispatched to manually adjust the individual meters, one at a time, and in the meantime, New Yorkers were still able to pay using coins.

But dismissing this story as a mere quirk would be like walking across a frozen lake and shrugging your shoulders at a small crack that radiates out from your footstep. Small cracks inevitably lead to larger ones and tend to grow exponentially.

The NYC parking meter software bug serves as a very real reminder that the applications and networks we rely on for every part of our lives are still inextricably interconnected, and much of this connectivity includes legacy technology that was built and deployed in an earlier time, usually with a finite life that is quickly approaching its end or may already have done so.

The biggest of these was, of course, the Year 2000 Problem. Collectively known as Y2K, this revealed the hundreds of thousands of systems worldwide using a two-digit date system that meant a move beyond 1999 would be a move backward to 1900. There were worries of aircraft falling out of the sky, power grid shutdowns and all manner of destructive events to come. Fortunately, enough skilled programmers, many brought out of retirement, were martialed, and enough money was spent – estimated at $500 billion globally – to thwart most of the problems.

The fact that nothing bad happened on January 1, 2000, was not hailed as a victory of proactive crisis management, but more like a disappointment that the entire thing had always been a nonevent, and perhaps was overstated from the start. This is a problem that happens with human beings in general. Being wired for reaction and not pro-action, it becomes exceedingly difficult to comprehend threats until they are actually upon us. Endless case studies will be written on this topic by people observing different countries’ responses to the COVID-19 pandemic, climate change, earthquake preparation and much more.

Software glitches will continue to plague us. In 2036 and 2038, two separate computer systems that rely on time-codes will roll over into potential chaos if they are not upgraded or replaced. The 2038 problem affects 32-bit systems relying on time-codes that max out on January 19 of that year, and before that a rollover is expected in 2036 for Network Time Protocol systems.

In all likelihood, the affected systems will have been replaced within the next 16 years, but the dangers still exist. The most obvious place where they exist will be legacy systems once again, following years of patches and layering. But the other and more pressing circumstance may be cases where advance calculation of expiry dates is needed. This may result in computing failures or physical defects in products long before the year 2036 comes around.

The elephant in the room is not so much the software glitches themselves, but the complacency that influences decision making at all levels within an organization. In addition to shrugging away potential risks, humans also tend to avoid situations that make them fearful or uncomfortable. On a personal level this is called procrastination, but on a corporate and strategic level, proactive change may be suppressed due to financial concerns, or potential damage to a reputation. An airline, for example, will likely never want to go to the press to describe a software glitch that may affect flight safety, even if it is being fixed.

These are examples of challenges, both past and future, that organizations need to be aware of. There will be many more – not just in terms of calendar-specific software glitches, but also in terms of data security, as networks continue to connect with IoT devices, phishing crimes grow in sophistication, and threat actors exploit artificial intelligence and machine learning to dig through stored legacy data to find new and innovative ways to prey on organizations worldwide.

Safety and preparation come from having a team of people who understand threats and also know how to speak the language of decision makers whose priorities might lay elsewhere. It is not enough to just be good with cybersecurity. Communication skills and strategic awareness are vital components of this battle. This is why (ISC)² does what they do. Their mandate is to teach and certify cybersecurity professionals who are able to not only understand technical challenges and threats, but who can also play a more involved role in proactive governance of an organization.

For more information, read the Proactive Cybersecurity Beyond COVID-19 white paper.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.
Metasploit-Penetration-Testing-Software-Pen-Testing-Security

Leading Cloud Vulnerability Scanners

Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn’t help with [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more

SPONSORS

Interviews and Thought Leadership

Jeremy Smillie

Securing the Future: Insights from DevSecOps Expert, Jeremy Smillie

Welcome to another insightful discussion on CloudTweaks. Today, we have the privilege of delving into the dynamic intersection of DevOps, Security, and Tokenization with a seasoned expert in the field, [...]
Read more
Srini Kalapala

Driving Growth: Srini Kalapala Discusses Verizon’s Network APIs

Welcome to our interview with Srini Kalapala, Senior VP of Technology and Product Development at Verizon. Today, we explore how Verizon’s network APIs are reshaping global developer landscapes and enhancing [...]
Read more

Karen Buffo, CMO of MixMode, on the Rise of AI in Safeguarding Digital Assets

Welcome to our Q&A session with Karen Buffo, CMO of MixMode, hosted by CloudTweaks. Today, we’ll explore the profound impact [...]
Read more

The Future of Cybersecurity: Insights from Cyber Upgrade’s Founders

AI and Cybersecurity: Innovations and Challenges In the rapidly evolving landscape of technology, where artificial intelligence and cybersecurity shape the [...]
Read more

Navigating Tomorrow: AI and Big Data as Catalysts for Smarter Governance

The Future of Governance In a world increasingly shaped by big data and artificial intelligence (AI), it’s curious why these [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.