Content area
Full Text
Watch for a backdoor cyber security assault. The Juniper Networks incident in December 2015 changed how industry looks at device security as hackers exploit deliberate weaknesses being installed into software. End users, integrators, and device manufacturers need to adapt and prepare for this new reality. Follow these cyber security steps.
A software engineer is trying to complete a major block of code, but his boss cut out a large section including some open-source routines downloaded from the Internet. Replacing those routines will add days to the project. He runs to his boss' office and pleads: "I need to use that software in the system!"
"You can't use it. It's been compromised."
The engineer nods, having anticipated that reply. "Yes, it's open-source and came from the Web, but we've used it before. I also talked with the software engineers, and they will do a line-by-line review of the source and object code."
The boss looks up and glances at his award for years of service at an undisclosed location. "You can never be sure something isn't in there," he says.
[http://cfemedia.gcnpublishing.com/openx/www/delivery/ck.php?oaparams=2__bannerid=21815__zoneid=2__cb=1390faff08__oadest=http%3A%2F%2Fwww.selinc.com%2Fce_3360s416]
[http://cfemedia.gcnpublishing.com/openx/www/delivery/ck.php?oaparams=2__bannerid=20907__zoneid=3__cb=7ad33ab51b__oadest=http%3A%2F%2Focreg.controleng.com%2Fonecount%2Freg%2FregisterForm.php%3Fform%3D929%26OCVALIDATE]
[http://cfemedia.gcnpublishing.com/openx/www/delivery/ck.php?oaparams=2__bannerid=21863__zoneid=163__cb=eadfdc981d__oadest=http%3A%2F%2Fwww.hammondpowersolutions.com%2Fabout-us%2Fhps-events%2Fhannover-messe%2F]
That brief scene might sound like something from a suspense movie, but the situation could be very real given recent events in the cyber security community. Most think of software as something that does what it's supposed to most of the time and therefore sometimes neglect lurking danger.
Software engineers trying to write code for devices and industrial systems want to avoid re-inventing the wheel. If someone has already written code to do a certain job, and it works, they don't want to write it again. They'd rather save time by downloading freeware and open-source code off the Web. Or, they could pick up existing code from earlier products with a proven track record. All of this gets cobbled together and loaded into a new device. As long as it does what it's supposed to, nobody needs to know or care where it came from.
This has been the working assumption for quite a while,...