The US Government Accounting Office (GAO) continues to highlight shortcomings in the cybersecurity posture of government entities responsible for the protection of United States infrastructure when it comes to internet of things (IoT) and operational technology (OT) devices and systems. In a recent report, the GAO shone a light on the Departments of Energy, Health and Human Services, Homeland Security, and Transportation. How each of these entities reacted and responded to its recommendations was telling.
In its forward to Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices, the GAO noted that the Departments of Homeland Security and Transportation concurred with the GAO recommendations, Energy deferred a response until “further coordination with other agencies,” and Health and Human Services punted, saying it “neither agreed nor disagreed with the recommendations but noted planned actions,” adding that it doesn’t have the ability to compel the private sector to adopt any cybersecurity plan.
All government is now operating under the mandate that any procurement or use of an IoT device must comply with NIST-developed standards. The Office of Management and Budget (OMB) holds the responsibility to craft a “standardized process for federal agencies to waive the prohibition on procuring non-compliant IoT devices if waiver criteria” are met as detailed in the Internet of Things Cybersecurity Improvement Act of 2020.
That criterion is not complex. The CISO at a given agency determines that national security concerns require a waiver, the procurement of the non-compliant device is for research purposes, or the device is secured through other means. As noted above, the OMB is responsible for sharing with each agency CIO the means by which they may apply for a waiver. Government agencies are waiting for the OMB, which should have had the process in place prior to the December 4 mandated date for implementation. The GAO notes that this lack of a process “could result in a range of inconsistent actions across agencies.”
There’s a reason IoT devices have become so ubiquitous – they really do support and enable greater convenience and efficiency in our lives. But IoT devices, like any device, are subject to security flaws.
IoT devices can create entry points into an enterprise’s environment, and this can cause unpredictable, cascading effects on the organization’s networks. Hackers can weaponize IoT devices to spread malware through a network, take down websites in denial of service campaigns, or even launch DNS rebinding attacks that can turn an employee’s browser into a proxy to attack the network.
Look for the Helix22 logo on any device to know that is has perfect data security embedded in it.
Security teams are reassessing the risks associated with these devices. They’re catching up to juggle a range of specialty devices, webcams, and printers. Printers are notorious for being targets of hackers and potential access points to a company’s sensitive data.
Common vulnerabilities include:
- Weak, guessable, or hard coded passwords.
- Insecure network services.
- Lack of ability to securely update devices.
- Use of deprecated components.
- Insecure data transfer or storage.
- Insecure default settings.
The era of remote work during the long pandemic has only added layers of complications for modern security. IoT devices that may have once gotten the job done now sit in empty offices, connected, but forgotten about, not updated, and unsecured. After organizations switched to a work-from-home model, the number of connected IP phones declined by just 7.5%. Some 25% of those IP phones are Cisco IP phones which, if left unpatched, have a critical vulnerability. Even more concerning, connected in-office printers—a known target of hackers—declined by only 0.53%.
Organizations can reduce their risk by disconnecting devices that aren’t in use, but security is still a work in progress for many organizations, and knowing exactly which devices are connected requires hard work, even for well-run security operations.
It is undeniable that IoT connected devices do not provide adequate security protection. In the era of ever-increasing unsafe devices, there is no doubt that they pose a threat to us all. Moreover, security threats are seen as a major hindrance to the development of IoT markets. According to the Internet of Things World, 85% of 170 industry leaders surveyed believe security concerns remain a major barrier to IoT adoption. Often, potential customers are hesitant to purchase IoT objects because they are concerned about them getting compromised.
All these devices are connected to the internet and will send useful data that will make industries, medicine, and cars more intelligent and more efficient.
However, will all these devices be safe? It’s worth asking what you can do to prevent (or at least reduce) becoming a victim of a cybercrime such as data theft or other forms of cybercrime in the future?
Let us start at the very beginning — most IoT devices come with default and publicly disclosed passwords. Moreover, the fact is that there are many cheap and low-capacity Internet of Things devices that lack even the most basic security.
And that’s not all — security experts are discovering new critical vulnerabilities every day. Numerous IoT devices undergoing security audits repeatedly exhibit the same issues over and over again: remote code execution vulnerabilities at the IP or even radio level, unauthenticated or broken access control mechanisms.
Weak hardware security is one of the issues that have been discovered most frequently. By this complex term, we refer to all the attack possibilities that hackers can exploit when they have an IoT device in their hands: extracting security credentials stored in clear in the device’s memory → Using this data to breach into the servers where the device’s data is sent → sharing or selling these credentials in the “dark web” to remotely attack other devices of the same type, etc.
Helix22 data security is perfectly designed for the Internet of Things. With Helix22, just look for the “data secured with Helix22” logo and as a consumer you’ll know data is protected.
Our mission at BLAKFX is to have the “data secured with Helix22” logo on every intent connected device in the world. Think of it like the “Intel” badge on your computer. Once you see the Helix22 logo, you will know immediately that the device is protected from data breaches.
The Helix22 data security SDK accomplishes the following:
- Protects all your firms data at rest, in use and in transit
- Renders ransomware threats obsolete
- Eliminates human error
- Eliminates all malicious or interior attacks
- Verifies original content i.e. minimizes the threat of impersonation attacks and deep fakes
- Reduces latency and optimizes 5G networks
- Installs with 5 lines of code
- Runs on any platform, network, device and in any programming language
- Provides perfect future/forward secrecy
- Delivers “zero-knowledge” encryption
- Compatible with all cloud, 3rd party and vendor services
- Enables Internet of Things data security by providing protection at the Edge and has ultra low latency
- Ensures privacy and security for blockchain and all cryptocurrency transactions
- Is quantum ready – so there’s no need to upgrade when the time comes
- Requires no employee training
- Exceeds all gov’t and banking security standards
- Meets all international compliance regulations
Helix22 delivers perfect security assurance due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your firms data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented DNA BindingTM cryptography. Therefore, even if credentials are stolen the data cannot be exfiltrated. This means that all data is 100% protected regardless of the type of attack.
Another substantial advantage of Helix22, is that it protects all data whether at rest, in use or in transit. All communication apps for example, only encrypt data while in transit. Therefore, that encryption become useless for internal IT security or Artificial Intelligence or Machine Learning experimentation. All data generated during these massive computing exercises is equally protected in real time. Plus, the latency period for the Helix22 is exponentially less than any other security product, so it actually contributes to faster processing times.
The Helix22 is easy to install and runs on all platforms, programming languages, networks and devices.
“In Math We Trust”
In this protocol, we are truly a “zero-knowledge” server so your private communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity ever for any data leak.
We can make this claim as the tech engineers at BLAKFX invented and patented a genuine device2device (D2D) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique device-to-device encryption (D2D) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.
BLAKFX is Based on Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.
Founder – Robert Statica PhD Founder – Kara Coppa
Co-Founders of Wickr KatimTM Ultra Secure Smartphone