Zombies. Few issues are as compelling for government CIOs -- especially when the zombies are coming to get you.
Zombies were front and center in Montana last night when someone hacked into a television station's emergency warning system and broadcast the news of an imminent zombie apocalypse.
The incident is just the latest in a series of false zombie alerts spread through official channels. Several years ago, hackers in Gainesville, Fla., changed the message on a mobile traffic alert sign to warn of attacking zombies.
Zombie Attack Sign
Portable traffic signs have come under attack from zombie-loving hackers.
An article in The Gainesville Sun reassured readers that no attack was in progress, but the fact that official warning mechanisms can be hacked is an issue that government CIOs must deal with. I spoke with Nelson Hill, CIO of the Florida Department of Transportation, who explained that his department takes a multi-dimensional approach to keeping signs and other FDOT assets secure.
"Obviously protecting anything that is public-facing is something we're very careful about," Hill said. He continued, "We take every precaution to make sure they're protected against hacking." The first step the department takes is segmenting the network into three major components.
Hill explained that the network is divided into the "traditional" network, known as MyFlorida.net; the Intelligent Transportation System (ITS), which is the traffic control, monitoring, and notification network; and the network used by the Florida Turnpike system, which handles the financial transactions of the millions of cars passing through toll plazas each month. Hill says that the segmented system carries both benefits and costs for IT executives.
He began explaining, "The larger and more segmented the network, the more difficult it is," but quickly amended his response. "It makes things more difficult from a security policy perspective, but it makes them easier from an operational standpoint," Hill said. As an example, he said, "I don't have to worry about back-door attacks from ITS because [the networks are] segmented," adding that ITS has far more points of access from the Internet due to its function as an alert and information system for the public.
Other segmenting benefits come from the cost side of things. Hill says that the turnpike authority's financial transactions create a special burden. He explained:
Because they deal with credit card data they're under PCI standards. They require those operations to have very, very strict security controls because they handle millions of credit card transactions per month. If we didn't have a firewall between the traditional network and the turnpike then we'd have to put the entire network under PCI standards.
The traditional part of the network is protected by the next security step, the firewalls, and anti-malware software that every CIO demands for the networks under their control. Even so, Hill says that these well-understood threats aren't his most pressing concerns. He said:
It's easier to protect against things like that rather than phishing scams, where a bad guy will send an email that looks like it's from someone you know and has a link. When you click on the link it installs a piece of software that sniffs your data. These advanced persistent threats are much more costly to protect against.
Software development practices and standards sit at the third level of protection for the FDOT networks. "We have coding standards that protect against things like SQL injection. We can help mitigate against cross-site scripting. You can put things in place when you build your website to protect against these attacks," Hill said. The multiple levels and approaches help keep threats at a manageable level for most situations.
Ultimately, though, zombie attacks and hackers must be handled with a common set of criteria and response possibilities. Hill said, "You have to look at the risk and decide what you're willing to accept based on the money you have available to protect against the threats." Where do you put the money for a zombie response in your budget? The hackers would surely love to know.
@kstaron: I agree with you. With the endless access to so many online content, anyone who has the slightest interest in the field of hacking can get expertise and then test it in the "field". I don't know if this is ever going to end.
After I stopped laughing at seeing the "zombie attack, evacuate now" sign. I can appreciate the seriousness of this. Even though this was a kid that was too bored for his own good and decided to be funny, the ease with which he breached the system means there are far too many people with more malicious intents tht could strike, and they are way more scary than zombies.
Wait a minute. This sounds ironic to me. Are the companies and organizations that are getting hacked the same companies and organizations that claim there is a skills shortage out there? Are these the companies and organizations that are getting rings run around them by the unwashed, unskilled masses out there?
@Sara- I wish I had been thrown out of the best hotels in Vegas.
Seriously, we've got to get rid of the Robin Hood attitude around hacking. This looks like a victimless crime, but it isn't because it shows the way for others. Oh well, I don't think there's anything that can be done about it until someone goes too far.
The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
4/29/2014 - Join Dell and Intel for an interactive discussion about implementing, refining and improving your virtual environment. Specifically we’ll discuss pain points virtualization can solve and those that it can create and how to prevent them.
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: firstname.lastname@example.org
Dell's Efficiency Modeling Tool The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise. Read the full report
Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.