Zombies Strike Again

Curtis Franklin Jr., Executive Editor | 2/12/2013 | 20 comments

Curtis Franklin Jr.
Zombies. Few issues are as compelling for government CIOs -- especially when the zombies are coming to get you.

Zombies were front and center in Montana last night when someone hacked into a television station's emergency warning system and broadcast the news of an imminent zombie apocalypse.

The incident is just the latest in a series of false zombie alerts spread through official channels. Several years ago, hackers in Gainesville, Fla., changed the message on a mobile traffic alert sign to warn of attacking zombies.

Zombie Attack Sign
Portable traffic signs have come under attack from zombie-loving hackers.
Portable traffic signs have come under attack from zombie-loving hackers.

An article in The Gainesville Sun reassured readers that no attack was in progress, but the fact that official warning mechanisms can be hacked is an issue that government CIOs must deal with. I spoke with Nelson Hill, CIO of the Florida Department of Transportation, who explained that his department takes a multi-dimensional approach to keeping signs and other FDOT assets secure.

"Obviously protecting anything that is public-facing is something we're very careful about," Hill said. He continued, "We take every precaution to make sure they're protected against hacking." The first step the department takes is segmenting the network into three major components.

Hill explained that the network is divided into the "traditional" network, known as MyFlorida.net; the Intelligent Transportation System (ITS), which is the traffic control, monitoring, and notification network; and the network used by the Florida Turnpike system, which handles the financial transactions of the millions of cars passing through toll plazas each month. Hill says that the segmented system carries both benefits and costs for IT executives.

He began explaining, "The larger and more segmented the network, the more difficult it is," but quickly amended his response. "It makes things more difficult from a security policy perspective, but it makes them easier from an operational standpoint," Hill said. As an example, he said, "I don't have to worry about back-door attacks from ITS because [the networks are] segmented," adding that ITS has far more points of access from the Internet due to its function as an alert and information system for the public.

Other segmenting benefits come from the cost side of things. Hill says that the turnpike authority's financial transactions create a special burden. He explained:

Because they deal with credit card data they're under PCI standards. They require those operations to have very, very strict security controls because they handle millions of credit card transactions per month. If we didn't have a firewall between the traditional network and the turnpike then we'd have to put the entire network under PCI standards.

The traditional part of the network is protected by the next security step, the firewalls, and anti-malware software that every CIO demands for the networks under their control. Even so, Hill says that these well-understood threats aren't his most pressing concerns. He said:

It's easier to protect against things like that rather than phishing scams, where a bad guy will send an email that looks like it's from someone you know and has a link. When you click on the link it installs a piece of software that sniffs your data. These advanced persistent threats are much more costly to protect against.

Software development practices and standards sit at the third level of protection for the FDOT networks. "We have coding standards that protect against things like SQL injection. We can help mitigate against cross-site scripting. You can put things in place when you build your website to protect against these attacks," Hill said. The multiple levels and approaches help keep threats at a manageable level for most situations.

Ultimately, though, zombie attacks and hackers must be handled with a common set of criteria and response possibilities. Hill said, "You have to look at the risk and decide what you're willing to accept based on the money you have available to protect against the threats." Where do you put the money for a zombie response in your budget? The hackers would surely love to know.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
nasimson   Zombies Strike Again   2/28/2013 2:06:38 PM
Re: Way more scary that zombies
@kstaron: I agree with you. With the endless access to so many online content, anyone who has the slightest interest in the field of hacking can get expertise and then test it in the "field". I don't know if this is ever going to end.
nasimson   Zombies Strike Again   2/28/2013 1:57:27 PM
Re: Wait a minute.
@stotheco: This might have been the consideration of many of the companies already, I believe. 
kstaron   Zombies Strike Again   2/21/2013 11:48:00 AM
Way more scary that zombies
After I stopped laughing at seeing the "zombie attack, evacuate now" sign. I can appreciate the seriousness of this. Even though this was a kid that was too bored for his own good and decided to be funny, the ease with which he breached the system means there are far too many people with more malicious intents tht could strike, and they are way more scary than zombies.
eethtworkz   Zombies Strike Again   2/16/2013 9:18:01 AM
Over 30 Real Vulnerabilities Discovered in EAS
Curt,

I have been reading some very interesting Information on this issue.

What Mike Davis (from IoActive)submitted regarding Decoders and Encoders connected to the Internet was beyond stunning!!!

Over 30 Actual Vulnerabilities!!!

And this inspite of the fact that the Department of Homeland Security spent so much in the last Decade or so on "Strengthening Internal Defenses" or was that all just a Sham???

You gotta wonder when they can't even change Passwords on any of the Default Internet Facing Devices!!!

Good Article!

http://www.informationweek.com/security/attacks/zombie-hackers-exploited-emergency-alert/240148682

 

And if the situation is so bad(and casual) in the US,how bad can it be overseas where Governments have much Smaller Defense and IT budgets???

The thoughts are too scary to ignore!
stotheco   Zombies Strike Again   2/15/2013 1:34:39 AM
Re: A Tip of the Hat
It's only funny until it's not. It's also only harmless, until it's not. There comes a time when these seemingly harmless jokes cause real damage where some people will be affected seriously.
stotheco   Zombies Strike Again   2/15/2013 1:33:55 AM
Re: Wait a minute.
You have a point Rich. Maybe it's time they swallowed their pride and--gasp!--hire the hackers who gave them hell. It's like hitting two birds with one stone.
Rich Krajewski   Zombies Strike Again   2/14/2013 10:54:48 PM
Wait a minute.
Wait a minute. This sounds ironic to me. Are the companies and organizations that are getting hacked the same companies and organizations that claim there is a skills shortage out there? Are these the companies and organizations that are getting rings run around them by the unwashed, unskilled masses out there?
batye   Zombies Strike Again   2/14/2013 6:40:20 PM
Re: Hackers are just malcontents with time on their hands
Dave, I'm agree with you, but in the case of hacking public brodcasting system... - I think it should be treated the same way under the law as the treason or act of war...
David Wagner   Zombies Strike Again   2/13/2013 4:47:52 PM
Re: Hackers are just malcontents with time on their hands
@CMTucker- I couldn't agree more. Hackers aren't heroes. But we always treat criminals that look frightening with more severity. One only has to look at the prisons white collar criminals go to.

I think we should start sending hackers to the same prisons murderers go to. In a week they'd go straight. :)
David Wagner   Zombies Strike Again   2/13/2013 4:45:59 PM
Re: A Tip of the Hat
@Sara- I wish I had been thrown out of the best hotels in Vegas.

Seriously, we've got to get rid of the Robin Hood attitude around hacking. This looks like a victimless crime, but it isn't because it shows the way for others. Oh well, I don't think there's anything that can be done about it until someone goes too far.
Page 1 / 2   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Curtis Franklin Jr.
Curtis Franklin Jr.   4/11/2014   7 comments
In 1960, Carroll Shelby was told he had two years to live. He spent the next 50 years making the most of that two-year sentence.
Curtis Franklin Jr.   4/8/2014   15 comments
Speed. It's what every user and every enterprise wants from IT. And it's what we're talking about this week on E2 Radio.
Curtis Franklin Jr.   3/28/2014   25 comments
It took Microsoft CEO Satya Nadella about two months to put his mark on the company. And his first mark could completely change enterprise IT.
Curtis Franklin Jr.   3/27/2014   2 comments
Interop 2014 takes place in Las Vegas March 31 through April 4, and Enterprise Efficiency will be there to bring all the excitement to our community members who can't make it to the annual ...
Curtis Franklin Jr.   3/25/2014   12 comments
Interop is almost here. The start of Interop Las Vegas, March 31 through April 4, signals the close of E2 Radio's series of live Interop Preview episodes. Don't fret, though: We're sending ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
4/16/2014 - Learn what is new in SQL 2014 and gain the competitive edge in the marketplace. Join us for Gain the Competitive Edge with SQL 2014.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
SPONSORED BY DELL
CASE STUDIES
EBOOKS
PUBLIC SECTOR RESOURCES
VIDEOS
WHITE PAPERS
WINDOWS SERVER 2012 RESOURCES
A Video Case Study – Translational Genomics Research Institute
e2 Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   12 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   5 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   8 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   16 comments


Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   6 comments


New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   11 comments


The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments


We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments


Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments


Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments


Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments


On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments


Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments


A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments


VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments


Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments


Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments


Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments


The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.