Cybersecurity Recommendations Include Getting Critical Systems Off the Web

Jul 11, 2017

People around the world have been getting a crash course in cybersecurity in recent weeks. Ransomware attacks have crippled everything from traffic cameras in Australia, multi-billion dollar international companies, healthcare networks, and the Ukrainian electricity grid.

Analysts have caused the attacks worrisome, concerning, and other adjectives clearly intended to not cause mass hysteria. But they also warn that attacks are likely to continue and get worse.

Earlier this spring, the MIT Internet Policy Research Initiative released recommendations for securing “critical infrastructure” from cyberattacks.

“The really critical categories are energy, particularly electricity, followed by communications, finance, and transportation,” said Joel Brenner, a senior research fellow at the Initiative. Brenner has also served as a top advisor to the NSA on cybersecurity issues.

The fundamental problem is that the internet was not designed with security in mind. It was a tool intended for a limited number of people to communicate -- people who knew and trusted each other. 

“What will really astonish many is that until 1992 it was against the law to use the internet for anything having to do with commerce,” Brenner said.

Once the world started using the internet as the backbone for national and international finance, military communications, and just about everything else, its vulnerabilities became obvious, he said.

“If you want to make sure that switches can’t be manipulated to change a train track from some other country, then you have to re-isolate those to some significant degree,” Brenner said. “I think there will be opposition to this, but we found no disagreement about it among the experts.”

Brenner isn’t recommending that we go back to the 1980s in all areas of life. He’s saying that there are certain key controls that must be isolated from the internet to ensure public safety.

In one area of cybersecurity, he sees a lot of room for improvement -- consumer electronics that allow people to access security cameras via the internet. Many have no safeguards in place to keep hackers out. Brenner said manufacturers of these cameras should be liable for any financial losses they cause.  

“I can’t think of any area of social and economic life where you can sell insecure or unsuitable goods and services into the stream of commerce and face no liability for it,” he said. “That is not only anomalous, I think it’s untenable; it’s got to change.”

Saying he won’t comment on the Trump administration’s performance broadly, Brenner praised the administration for taking action on cybersecurity earlier in his term than both George W. Bush and Barack H. Obama.

“They’ve said a lot of the right things,” he said. “It remains to be seen how they follow through. As you know, in all these areas the truth is in the follow through. They’ve got a good recipe; let’s see what they actually cook.”

Joel Brenner will be speaking at the New Bedford Science Café on Tuesday, July 11, 6:00 to 8:00 PM. The event will be located at the Waterfront Grill, 36 Homer’s Wharf, New Bedford. The event is free.