Show notes
Eingebettete Geräte („embedded systems“) sind ein fester Bestandteil unseres täglichen Lebens. Diese Geräte, die von Smart Metern bis hin zu industriellen Steuerungssystemen reichen, sind darauf ausgelegt, bestimmte Aufgaben auszuführen und werden in der Regel mit begrenzten Ressourcen gebaut. Natürlich haben „embedded systems“ oder auch OT/operational technology IT-Sicherheitsprobleme. Zusammen mit Thomas Weber spreche ich über die Cyber-Sicherheitsimplikationen dieser zahlreichen Geräte. Wir gehen darauf ein, wo „embedded systems“ überall drin stecken, welche Verwundbarkeiten sie haben und wie man ihre Sicherheit verbessern kann. Wir veranschaulichen das am Beispiel der Smart Meter Diskussion zur intelligenten Steuerung des Stromnetzes. Zum Schluss sprechen wir auch noch über aktuelle Entwicklungen in der EU, wie der EU Cyber Resilience Act, der auch an den IT-Sicherheitsanforderungen von „embedded systems“ Verbesserungen einführt.ShownotesCyberDanube: https://cyberdanube.com/de/Thomas Weber: https://www.linkedin.com/in/thomas-weber-ce/?originalSubdomain=atHow do OT and IT differ? https://www.cisco.com/c/en/us/solutions/internet-of-things/what-is-ot-vs-it.htmlUS NIST Guide to Operational Technology (OT) Security, https://csrc.nist.gov/pubs/sp/800/82/r3/ipdCharacteristics of embedded Systems and IoT, https://www.upskillcampus.com/blog/embedded-systems-characteristics-of-embedded-systems-and-iotEmbedded Software market shares, https://www.gminsights.com/industry-analysis/embedded-software-marketEmbedded System market size, https://www.globenewswire.com/news-release/2023/01/25/2595562/0/en/The-Global-Embedded-Systems-Market-size-is-expected-to-reach-126-7-billion-by-2028-rising-at-a-market-growth-of-5-7-CAGR-during-the-forecast-period.htmlSecurity challenges of Embedded IoT Design, https://www.renesas.com/us/en/document/whp/how-solve-6-top-security-challenges-embedded-iot-design-0OT Security best practices, https://www.beyondtrust.com/blog/entry/operational-technology-ot-cybersecurity-4-best-practicesBenefits of smart meters, https://www.smart-energy.com/regional-news/north-america/potential-benefits-to-society-through-smart-metering-initiatives/amp/Societal benefits of smart metering investments, https://www.sciencedirect.com/science/article/abs/pii/S1040619008001929Demand Response, https://www.iea.org/energy-system/energy-efficiency-and-demand/demand-responseVulnerabilities in smart meters, https://techmonitor.ai/technology/cybersecurity/how-secure-are-smart-metersIT security of the smart grid, https://smartgrid.ieee.org/bulletins/july-2018/security-and-privacy-concerns-in-smart-metering-the-cyber-physical-aspectResiliency of smart power meters, https://www.sciencedirect.com/science/article/pii/S1877050915008492Smart meter security, https://www.researchgate.net/publication/333305127_Smart_Meter_Security_Vulnerabilities_Threat_Impacts_and_CountermeasuresMitigating smart meter security risks, https://eepower.com/technical-articles/mitigating-smart-meter-security-risk-a-privacy-preserving-approach/Microsoft Multiple high severity vulnerabilities in CODESYS V3 SDK, https://www.microsoft.com/en-us/security/blog/2023/08/10/multiple-high-severity-vulnerabilities-in-codesys-v3-sdk-could-lead-to-rce-or-dos/16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure, https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure/Nachtrag: Sicherheit von öffentlichen WLANs und Antiviren ToolsThe Risk of Public Wifi, https://www.forbes.com/advisor/business/public-wifi-risks/#:~:text=One%20of%20the%20biggest%20risks,your%20devices%20without%20you%20knowing.CISA Best practices public WiFi, https://www.cisa.gov/sites/default/files/publications/Best%2520Practices%2520for%2520Using%2520Public%2520WiFi.pdfDie Schlangenöl Branche, https://www.golem.de/news/antivirensoftware-die-schlangenoel-branche-1612-125148.htmlSchutz oder Schlangenöl?, https://www.heise.de/select/ct/2017/5/1488560529789980Do you still need Antivirus?, https://www.security.org/antivirus/do-you-need-antivirus/Is Antivirus Software Becoming Obsolete?, https://www.poweradmin.com/blog/are-malware-threats-making-antivirus-software-obsolete/31 Antivirus Statistics and Trends, https://dataprot.net/statistics/antivirus-statistics/#:~:text=On%20average%2C%20antivirus%20software%20is,25%25%20successful%20at%20detecting%20malware.&text=Statistics%20on%20computer%20viruses%20and,%2Dthe%2Dline%20antivirus%20software.Do you need antivirus protection in 2023?,https://surfshark.com/blog/do-i-need-antivirusYou Don’t Need to Buy Antivirus Software, https://www.nytimes.com/wirecutter/blog/best-antivirus/Understanding Anti-Virus Software, https://www.cisa.gov/news-events/news/understanding-anti-virus-softwareAntivirus and other security software, https://www.ncsc.gov.uk/collection/device-security-guidance/policies-and-settings/antivirus-and-other-security-softwareVirenschutz und falsche Antivirensoftware, https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Virenschutz-Firewall/Virenschutzprogramme/virenschutzprogramme_node.htmlTimecodesHinweiseBlog & Podcast über die dunkle Seite der Digitalisierung: Cyber-Sicherheit, Cyber-War, Spionage, Hacker, Sabotage, Subversion und Desinformation. Kommentare und konstruktives Feedback bitte auf percepticon.de oder via Twitter. Dieser Cyber Security Podcast erscheint auf iTunes, Spotify, PocketCast, Stitcher oder via RSS Feed. Am Anfang folgt noch ein kleiner Nachtrag zur letzten Folge mit den Top 10 IT-Sicherheitstipps, nachdem mich etwas Feedback dazu erreichte.Sound & CopyrightModem Sound, Creative Commons.© Vint Cerf, „Internet shows up in December 1975“, in: IEEE Computer Society, Computing Conversations: Vint Cerf on the History of Packets, December 2012.© L0pht Heavy Industries testifying before the United States Senate Committee on Governmental Affairs, Live feed from CSPAN, May 19, 1998.© Barack Obama, Cybersecurity and Consumer Protection Summit Address, 13 February 2015, Stanford University, Stanford, CA.© Michael Hayden, „We kill people based on meta-data,“ in: The Johns Hopkins Foreign Affairs Symposium Presents: The Price of Privacy: Re-Evaluating the NSA, April 2014.© Bruce Schneier, „Complexity is the enemy of security, in IEEE Computer Society, Bruce Schneier: Building Cryptographic Systems, March 2016.Beats, Bass & Music created with Apple GarageBand

