Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning builders. How's it going today? Um, a little excited this morning. Uh Finally kind of got things rolling yesterday. Um, talked a bit about on the show about the new website that is up and running. Of course it's bare bones, it's minimum, but, you know, it's something and, um, that's what a lot of this is about.
It's sort of like a little incremental wins, um, that add up pretty quickly. So this is the 13th episode already of mornings with Mark. Um And, uh, I think, uh each time it's getting a little better, hopefully fingers crossed, let me know. Um uh But I think I'm, I'm getting a little more um clarity as to the next little while, but what I want to talk about about, um where I wanna be, um helping people understand and educate.
Um, and that uh starts, you know, with these small little wins. So the website was up yesterday. Um And I had a really interesting conversation yesterday with uh Miles Park at NPR and I'll link to the, um resulting article down below a couple of quotes from me in there.
Um And it was a really fascinating discussion. It was around, um, us election systems, um, and cyberattacks. Now that's a really tense issue. It's a really difficult issue to talk about sometimes. Um, because obviously it's very political, it's also very important. But what I wanted to kind of pull out of that conversation I was having with miles was a lot of the time people look at one specific aspect of a system as opposed to the whole thing.
And when it comes to security, I think this is actually probably one of our biggest problems in cybersecurity is that we're all about system security, not systems security. So we think about one particular aspect, can we lock down this web application as opposed to the old overall system and its security?
So what does that process or workflow look like? Are we securing that? Um And that's really true in the context of elections. So, um there was a really interesting report, a threat assessment done by the Canadian Communications security establishment a couple of months ago again, I'll link that down below and they were analyzing the threats to Canadian Canada's democratic process through cyber attack.
And it was very pragmatic essentially. It said, um you know, from looking at a systems point of view, things are looking good just like in other democracies where there are a lot of checks and balances to make sure that the final tally of the vote, what really matters is true.
It's fair. It is accurate and the voter registration systems and all this type of stuff, um all the way through can maintain their integrity where it found weaknesses was on the edge. So, um influencing people over fake news over. So for media, you know, pushing one viewpoint out disproportionately and that's understandable, that's what social media networks are built for.
They're built for anybody to be able to share their point of view like I'm doing right now, you know, all I had to do was log into my Facebook account and hit live and I'm going live, anybody can do that. I can put money behind this to boost this up and get out of the audience.
So it's not surprising that people with a nefarious or malicious intent would do that as well. There's things we need to take steps, we need to take there on the user side, on the network side and that's being done. Um And also it saw the CC report also called out the individual members may be at risk.
So and because the system's uh core is so secure attacks are being pushed out to the periphery and that, you know, outside of the elections, we see that all the time in corporations, really strong data centers, really strong cloud deployments. So cybercriminals start attacking users because users are connecting unsecured to unsecured wifi, they're going home behind commercially available routers and logging into corporate systems.
So there's weaknesses there where this kind of ties by to some of the stuff that I'm really excited and rolling on the next little while here over the next few weeks, the next few weeks, maybe months, depending on how it goes, it's tying to operational technology.
So I gave some talks last year about it. I've written a little bit about it, but really, I haven't been sharing the depth of the research where I've been diving into things like connected cars, like robots, like drones, like manufacturing lines, smart cities, all this kind of stuff.
You've seen some stuff from Trend Micro itself, some really great reports. And again, I'll link to those down below because I think they're really fascinating, but I look at these things more systematically, so not specific. Hey, robot 123 is vulnerable to this. I think the overall system is far more interesting and that's where operational technologies really kind of come into play.
If you look at the example of like a car, take your car, cars, take years to develop, right? And they go through any number of regulations, there's really strict safety standards, there's a lot of things we worry about because essentially it's a 拢3000 super fast, potentially deadly machine.
But it's also extremely convenient. It helps us get around, we can go on vacation, we can get the kids to school, we can pick up groceries, all this kind of stuff. There's pros and cons here, but it's something that we as a community are concerned about.
So we make sure that we have regulations around who can drive them. We make sure that we have regulations around how they're built safety standards, all this kind of stuff. But where it's really lacking is on the digital side because essentially more and more these cars are computers, they're robots and worse yet, you know, the latest, the 2018 S and a lot of the 2017 s have connected Lt and Wi Fi, they're cell enabled Wi Fi hotspots that are also wired up to the car.
And of course, it turns out the way cars communicate internally is completely unsecured because it was designed with a completely different mindset. And again, it comes down to systems thinking, yes, my wife, access point is secure, but everything that sits around it is totally insecure.
This is not a good overall security systems design, even though each individual component might be secure on its own. And I think that's extremely fascinating and I think that's, that's something I love diving into and looking and helping educate people around because that's how we have to approach everything, whether that's something as massive and important as a national election to something as simple as your home.
Um from a technology perspective, not obviously running your house, um uh to uh you know, corporate networks, everyone's impacted this way. And I think from a cybersecurity perspective, we really need to shift our viewpoint. Um to looking at the holistic approach as opposed to the individual components that we default to.
Um what do you think? Uh what have you, what have been your experience is here? Are you comfortable just thinking about endpoint or individual components as opposed to the system? Is the system too much, too big to handle lots to discuss here. Always hit me up online at marknca next up in 10 days.
As I keep getting the email reminders, I will be shorter than 10 days. I'll be at south by southwest. I'll be on site from the Friday on forward. Speaking on Monday 12th about rogue robots and the potential for cyber attacks. We are very much tied into this topic of operational technology.
If you're on site itself by, give me, give me a call or, um, sorry, hit me up on Twitter and, uh, maybe we'll meet up for coffee or beer or something like that. Um, if you're following along at home, I'll make sure to be pushing a lot of content around this because I think it's fascinating.
What do you think? Let me know in the comments below and I hope you guys have a great day.
