Software Security on the Defensive
06.11.2018 Rüdiger Kügler
In the past few years, high profile cyberattacks to key Infrastructure have raised serious security concerns around the globe. These are just a few of the more prominent attacks:
- Massive power outages in the Ukraine, resulting from a supervisory control and data acquisition (SCADA) cyberattack, left more than 200,000 people without power for several hours
- Hackers (thought to be Iranian) took control of a dam in Rye Brook, New York when they succeeded in accessing the core command-and-control-system, one of the first reported attacks to infrastructure by another nation
- Hackers from North Korea attacked the Swift Global messaging system, used by banks to move trillions of dollars each day, resulting in a cyberheist of millions of dollars
- Cyberattacks on a number of nuclear power plants across the U.S. and Europe emphasized concerns that malicious actors could weaponize critical infrastructure against the host country
Now, recent reports in the U.S. indicate that military weapons and security systems offer the same attack surface and exhibit many of the same vulnerabilities found in key infrastructure.
The U.S. Pentagon reported in 2016 that a communications system designed to pass secure messages between the U.S. Army’s portable radios and cellular networks around the globe was found to have more than 1,000 cybervulnerabilities, half of which had “a high potential of giving system access to an intruder.”
Furthermore, a recently concluded report from the U.S. Government Accountability Office (GAO) concluded that “nearly all” of the weapons systems in the Pentagon’s $1.7 trillion dollar purchasing pipeline have glaring cybersecurity holes, and that doesn’t include the vulnerabilities that may exist with older weapons systems that are still in operation.
Today, defense companies, are not only forced to prevent unfriendly governments from reverse engineering advanced technology and stealing Intellectual Property, but are required to protect against threats from attacks that could take human lives. As is the case in most cyberattacks, weak password management and software vulnerabilities are the most frequent causes that enable malicious actors to gain access to the system or the network and execute the exploits that were unimaginable just a few years ago, but clearly a danger today.
Security-minded companies like Wibu-Systems continue to advance software protection technology to adapt and stay ahead of ever-emerging threats. For example, our CodeMeter technology enables users to replace weak password-enabled mechanisms with cryptographic login technology using private keys and certificates that are stored in an ultra-secure dongle. We also strongly encourage our developer customers to continuously check for software vulnerabilities using available tools just as we do with our CodeMeter solution to mitigate the risks of introducing potential vulnerabilities into the software during development.
Sophisticated encryption technology, anti-debugging and reverse engineering mechanisms, secure boot protections, authentication protocols and other sophisticated techniques can all be applied to deploy the necessary levels of software security for military and any other application. These advanced protection and security technologies are proven and deployable today.
Contributor
Ruediger Kuegler
VP Sales | Security Expert
After completing his physics degree course in 1995, he was head of project management for software protection, software distribution, internet banking, and multimedia projects. In 2003, he joined Wibu-Systems and, as part of his role, contributed substantially to the development of Blurry Box technology.