Preparing for the cyberattack that will knock out U.S. power grids – Stuart Madnick

MIT Sloan Professor Stuart Madnick

MIT Sloan Professor Stuart Madnick

From Harvard Business Review

Cyberattacks are unavoidable, but we’re not going to stop using computerized systems. Instead, we should be preparing for the inevitable, including a major cyberattack on power grids and other essential systems. This requires the ability to anticipate not only an unprecedented event but also the ripple effects that it could cause.

Here’s an example of second-order effects (though not caused by a cyberattack, they’re a good way to think through what could happen in an attack). In February 2017, an area of Wyoming was hit by a strong wind storm that knocked down many power lines. It took about a week to restore power, due to heavy snow and frozen ground. Initially, water and sewage treatment continued with backup generators. But the pumps that moved sewage from low-lying areas to the treatment plants on higher ground were not designed to have generators, since they could hold several days’ worth of waste. After three days with no power, they started backing up. The water then had to be cut off to prevent backed-up waste water from getting into homes. The area had never lost power for so long, so no one had anticipated such a scenario.

Now think about what would happen if a cyberattack brought down the power grid in New York, for example. New Yorkers could manage for a few hours, maybe a few days, but what would happen if the outage lasted a week or more? For an example of the kind of disruption such an attack could cause, consider the 2011 Japanese tsunami. It knocked out both the power lines and the backup generators at the same time. Either event could have been managed, but both occurring at the same time was a disaster. Without power, the cooling systems in three nuclear reactors failed, resulting in massive radiation exposure and concerns about the safety of food and water. The lesson: We need to prepare not only for an unexpected event but also for the possible secondary effects.

Read More »

Security surprises arising from the Internet of Things (IoT) – Stuart Madnick

MIT Sloan Professor Stuart Madnick

MIT Sloan Professor Stuart Madnick

From Forbes

My brother can’t function in the morning until he has a cup of coffee. So I use his daily routine as an example.

Picture my brother stumbling down to the kitchen one morning only to find his internet-enabled coffee maker won’t work. There’s a message on his iPhone: “We have taken control of your coffee pot and unless you pay $5, you won’t have your coffee.” This actually hasn’t happened. At least, not yet.

I have been talking about the security threats to common household items connected to the internet – that is, the Internet of Things (IoT) – for several years now, and unfortunately, every other dire warning has come true so far. Upper management has to take greater notice of risks exposed both in the products they produce and the products that they use and take action to mitigate those risks. Recent events underscore this need.

Two years ago an internet-enabled refrigerator was commandeered and began sending pornographic spam while making ice cubes. Baby monitors have been turned into eavesdropping devices and there are concerns about the security of medical devices, such as computerized insulin pumps. In October, thousands of security cameras were hacked to create a massive Distributed Denial of Service (DDoS) against Dyn, a provider of critical Domain Name System (DNS) services to companies like Twitter, AirBnB, etc. Then there is the recent disclosure of CIA tools for hacking IoT devices, such as Samsung SmartTVs, to turn them into listening devices. These are only a few examples highlighting the threats.

Read More »

The real and growing threat of cyber crime to corporations–Stuart Madnick

MIT Sloan Professor Stuart Madnick

MIT Sloan Professor Stuart Madnick

From CNBC

The cyber threat is real.

If you have control of valuable assets, including trillions of dollars of transactions, as The

Society for Worldwide Interbank Financial Telecommunications (SWIFT) does, your company will be attacked. It’s a matter of when, not if, it will happen. That means you need to develop a sophisticated and multi-faceted approach to cyber-security.

Only a few years ago, corporate cyber-security might have been limited to installing the latest software patch—an activity on a par with, say, facilities management.

However, given the increasing number and magnitude of cyber-crimes, as well as new types of threats, cyber-security now requires a coordinated effort between companies, government agencies and advanced academics with cutting edge insights into the future of technology. In a networked world, no one can afford to go it alone.

Read More »

Maybe the search for the Malaysian Airlines plane needed a chief data officer — Stuart Madnick

MIT Sloan Professor Stuart Madnick

MIT Sloan Professor Stuart Madnick

From Quartz

The search for an airplane lost on a 2,500-mile international journey requires consolidating information from many organizations, both public and private, from all over the world. It involves analyzing vast amounts of radar, sonar, and satellite data, coming from many diverse sources, including military bases, air traffic controllers, naval ships, and other airplanes.

What if the authorities investigating the missing plane had been prepared to manage big data the way many corporations do? What if the investigation had an executive level position responsible for collecting and analyzing all of the dispersed and diverse data that were available and potentially relevant to the search? What if a multinational chief data officer (CDO) had been in place to manage all of the information that was available?

Companies have recognized the value of just such a position for some time. The first reported chief data officer was established in 2003 by Capital One Financial Corp., Yahoo, and Microsoft Germany were early adopters. In little over a decade, hundreds of organizations, including US federal and state agencies, have created chief data officer positions, although the jobs often are given different titles. In time, the initials CDO may become as familiar as CEO, CFO, and CIO.

Driving the trend is the phenomenon of big data—the explosion of information made possible by the great advances that we have seen in recent years in communications, computers, and storage.

Read the full post at Quartz.

Stuart Madnick is co-head of the MIT Total Data Quality Management and MIT Information Quality programs. He is also a professor at MIT Sloan School of Management.