Several security researches teamed up to show how the Automatic Identification System (AIS) can be hacked.
It may be no surprise to those of us in the IDC, but an article in the current issue of INSECURE magazine1 shows how easy it is to hack, spoof, and disrupt AIS. AIS2 is a global system used to track ships and their location, cargo, destination, etc. It doesn't take a rocket scientist to figure out the possible negative implications of this.
While the article is interesting in its own right, there is a broader lesson for software and hardware designers:
1. Never underestimate the importance of building security into software and hardware
2. Security considerations should be worked through before the first line of code is written
3. Threat modeling3 is a valuable concept to help you consider what threats and attackers/actors could be lurking in your particular domain
4. Got security engineering? Companies are now embracing the fact that security is so important, that separate teams are stood up to continually monitor software development efforts (before, during and after development) for defects, holes, etc. This concept becomes a part of the software development life cycle (SDLC).
In today's digital age, there are many online resources to help educate software/hardware designers on how to create more secure products. For example, a Google search of "web application security" provides a list of useful links including one to the Open Web Application Security Project (OWASP)4. OWASP is a non-profit organization dedicated educating everyone on how to better secure application software.
What do you think?
References
Image: http://www.shinemicro.com/images/AIS.jpg
1 http://www.net-security.org/dl/insecure/INSECURE-Mag-40.pdf
2 http://en.wikipedia.org/wiki/Automatic_Identification_System
3 http://en.wikipedia.org/wiki/Threat_model
4 https://www.owasp.org/index.php/Main_Page
No comments:
Post a Comment