Have you encountered system types that are more vulnerable than others?
I think IoT is vulnerable, but infrastructure IoT, a/k/a IIoT, is even more vulnerable. These are systems and power grids. You see that with the Dark Energy hack that happened against Ukraine from Russia in 2015, and you see that [with] the NotPetya attack that Russia launched against Ukraine, and even some of these more recent attacks as Russia – of course – is attacking Ukraine since they are in an all-out war with them.
This is because the IIoT infrastructure is not designed for security. It already has a lot of flaws, and then you put it in the hands of people who don’t necessarily understand cybersecurity. So what will they do? You’re calling a result with no password or default passwords, and that’s just a recipe for trouble. This is an area that I have specialized in a lot and [am] I’m trying to learn about it because I think the IIoT has the potential to cause massive chaos.
You see it happening live in Ukraine – which is darkly fascinating to read about and my heart goes out to the Ukrainian people, but you see all these things in theory and now you see the actions. It’s scary to see how devastating [it is] if you only attack this critical infrastructure with cybersecurity methods. They can shut down an entire country, so that’s a lesson in how important this continues to be.
America and other western countries need to keep this in mind so they can protect their assets because there are many of these gaping holes in our security, even at home in the US or whatever other country you are watching this video look at.