Program Summary for the April 10th – Digital Forensics, the “Internet of Things” and Infrastructure Security – with Jerry Morris

A Presentation with

 Jerry Morris

April 10, 2018

SMART Homes, SMART Hospitals, SMART Cities, SMART Highways, SMART Cars, SMART Factories, SMART Energy Systems…is this really so smart these days?“The U.S. and British governments on Monday accused Russia of conducting a massive campaign to compromise computer routers and firewalls around the world — from home offices to Internet providers — for espionage and possibly sabotage purposes…It was the two countries’ first such joint alert. ‘We have high confidence that Russia has carried out a coordinated campaign to compromise . . . routers, residential and business — the things you and I have in our home,’ said Rob Joyce, the White House cybersecurity coordinator. (Washington Post 16 Apr 2018)

The “Internet of Things (IoT)” lets us stay connected to friends, family, shopping, news, and emergency services. It reduces our energy usage, increases manufacturing capabilities, and saves us money. It protects our communities, powers our cars, and keeps the lights on across the country. The IoT is the fastest digital capability on the planet, but as MAJ Jerry Morris artfully illustrated in his presentation, it is also vulnerable to cyber attacks.

Jerry walked us through the history of Industrial Control Systems (ICS) and how the legacy of systems designed and built in the 1970’s, in the early days of computers and the internet, has influenced both the accessibility and security of our information and operational computer systems today. Back in the infancy of the “world wide web” computer processors and memory were limited and the developers “in the basement” were not thinking about operational security.

Fast forward to today and we are surrounded by sophisticated hackers, with on the job training, and low-cost technologies that can cause immense damage to our lives and well-being. So, who our cyber adversaries and what do they want? A host of governments (Russia, China, Iran, and North Korea) have used the internet to attack essential nodes in the Internet of Things including critical energy and communications infrastructure, healthcare systems, transportation controls, government and military agencies, private companies, and even academic research institutions.

With ominous names of computer viruses and worms such as Black Energy (Russian attacks on Ukraine), Not Petya (Russian attacks on U.S. election machines), and WannaCry (North Korean attacks on hospitals and healthcare systems across the globe) and even Suxnet (U.S.-Israel attacks on Iran’s nuclear centrifuges), today’s wars are being fought as much on the keyboard as the battlefield…and the U.S. is one of the big players on both defense and offense.

So, what do we do to stop or at least slow down the attacks and how do we harden ourselves to avoid catastrophic impacts to our health, political institutions, and economy? Lucky for us, Jerry is spending his free time pursuing a PhD in Computer Information Security at Northcentral University. That makes him one of the next generation “white hats” that are developing cyber forensics tools that can rapidly detect intrusions, design more modern control systems with operational security built-in, and engineer systems to detect attacks and attribute the attackers.

Deftly answering a myriad of questions, Jerry encouraged us to support the investments by the U.S. Government and private sector to upgrade antiquated cyber infrastructure across the country. He also reminded us that cybersecurity starts at home, so it is incumbent upon all of us to be vigilant, keep our systems upgraded with the latest virus protection, use Virtual Personal Networks (VPN) for communications containing sensitive information, and recognize that there are no silver shields to protect us from cyber attacks.

All was not doom and gloom in his outlook, he sees progress being made to upgrade not only our hardware but also our cyber laws and regulations. And to just to prove how relevant National Security Forum events really are, while Jerry was talking Mark Zuckerberg (CEO of Facebook) was on the hot seat in front of Congress pleading mea culpa for having shared the personal information of 87 million users with Cambridge Analytica, a firm who in turn used the data to target ads to sway the 2016 U.S. Election. Congress is now poised to consider some of those new laws and regulations that Jerry said we desperately need.

In the meantime, remember cybersecurity starts…at home in Northern Nevada!

MAJ Jerry Morris is an Armor Officer in the Nevada National Guard with over 20 years of combined active duty service.  He was previously interim professor of Military Science at the University of Nevada, Reno and holds two BS degrees in both mechanical engineering and business with an MBA in Finance and is currently pursuing a PhD in Computer Information Security at Northcentral University. 

The links to Jerry’s presentation and “cheat sheet” are below