by Peter High, published on Forbes
9-7-15
Cesar Cerrudo is Chief Technology Officer for IOActive Labs, a security consultancy with a global presence and deep expertise in hardware, software, and wetware assessments. He leads the team in producing ongoing, cutting-edge research in areas including Industrial Control Systems/SCADA, Smart Cities, the Internet of Things, and software and mobile device security. Also, he has hacked into the devices used by traffic systems in Washington, DC, New York, Seattle, and San Francisco, and found profound vulnerabilities in each. He surmises that the ease with which a sophisticated hacker who, unlike him, has malevolent intentions could bring major world cities to a stand-still as traffic lights could go off of their timers.
Upon discovering these vulnerabilities, Cerrudo shared his findings with the cities he had tested along with representatives from the US federal government, and he was surprised to find that the response was lukewarm at best. He has indicated that there are few cities in the world that are taking these risks seriously enough, but herein, he provides some thoughts on how they might mitigate these risks, and he also has advice for the average person on how they might mitigate their own cyber security risks.
(To read future articles in this vein, please click the “Follow” link above and to the left.)
Peter High: Cesar, last year you traveled to Washington, DC, set yourself up on Capitol Hill, and then hacked the city’s traffic system. You had done the same in Manhattan prior to that. What did the ease with which you were able to do so tell you about the vulnerabilities of the US capital and the US financial capital?
Cesar Cerrudo: First of all, I would like to clarify that I did not hack any city traffic system! What I did was—in a lab–hack some devices used by traffic systems. Then I did some passive tests (not hacking because it would be illegal) to prove that the same devices used on cities around the world were really vulnerable. What I found on lab tests was right. What I did was to look at the device’s wireless communications and device’s configuration to make sure the security problem really existed on a real deployment. I had positive results but I did not perform any attack.
The tests I did were easy to do and doing attacks would be easy too. You just need to have specific hardware that does not cost more than $100 and know the wireless protocol used by the devices. With that hardware and knowledge, doing tests and attacks is pretty simple and can be even done from many feet away since devices use wireless communications.
High: In terms of worst case scenarios, what would be the outcome if a bad actor were to undertake what you did and draw it out further?
Cerrudo: The worst case scenario would be traffic lights, ramp meters, and the like would use improper timing and cause traffic problems. An attack could consist of sending fake information about current traffic to traffic systems so they will make wrong decisions and actions by making traffic lights set improper times for red or green light durations. If an attacker can do this at a critical intersection, traffic problems propagate many blocks away making the problem worse. Depending on the amount of traffic and time of the day, the situation could get really bad causing traffic jams and accidents.
To read the full article, please visit Forbes
Peter High
08-27-2015
Excerpt from the Article:
The newly formed organization, Jefferson, encompasses Jefferson Health and Thomas Jefferson University, representing both clinical and academic entities. Under the leadership of president and CEO Dr. Stephen K. Klasko and his four-pillar model of Clinical, Innovation, Academic and Philanthropy focus areas, the people of Jefferson (19,000 strong), provide quality, compassionate clinical care for patients, educate the health professionals of tomorrow and discover new treatments and therapies that will define the future of health care.
Praveen Chopra joined the company as executive vice president and CIO in March of 2014. In May of this year, his responsibilities aggrandized, and his new title is EVP and Chief Information and Transformative Innovative Environment Officer. As Chopra explains to CIO Insight contributor, Peter High, he has overarching executive responsibilities for creating innovation-driven ecosystem towards the organization’s “health is all we do.”
CIO Insight: Your title is Executive Vice President, Chief Information and Transformative Innovative Environment Officer. I am quite confident you are the only one in the world with that exact title. What does it mean, and what is within your purview?
Praveen Chopra: You are right, I may be the only one. Frankly, this is a new role, which certainly highlights the boldness in our vision of reimaging and creating unparalleled value in “health is all we do”—and is a direct reflection of the way Jefferson values technology and innovation in health care. I oversee areas such as technology innovation and consumer experience, data sciences, business partnering and portfolio management in addition to traditional information technology functions. In this role, I see us building a health care organization of the future. This forward-thinking organization leverages the power of the digital enterprise in a fundamentally different way and creates an innovation driven ecosystem. For example, instead of a siloed, facility-centric functionality, we are focusing now on a creating consumer centric model through creative use of technology. How about starting the care and learning experience with patients and students in their pajamas at their homes holding a mobile device!
Overall, this role is about reinvention—how do we constantly look beyond traditional IT capabilities and services for our clients and focus on the creation and use of technologies that will help our patients, students, community and other various affiliates.
CIO Insight: What are some examples of innovations that your team has developed or are working on?
Chopra: Our Telehealth program, known as JeffConnect, is accomplishing those things I just talked about. Today, a patient has ongoing health-care needs but they can’t always physically get to us—so we have created an on-demand platform and app, now available in the Apple and Google Play stores, whereby any patient can go and request a physician appointment. That physician will be quickly available through video conferencing capability. We’ve rolled this out to our employees and have gotten an overwhelmingly positive response. We have also created a program for family members of our patients who are not able to be at the hospital to participate in physician rounds. The program, known as Virtual Rounds, allows a patient’s loved ones to join a video conference and listen to the care team so the experience is personal and convenient.
To read the remainder of the article, please visit CIO Insight
08-03-2015
WSFS Bank is a $5 billion bank headquartered in Wilmington, Del. It is the seventh oldest bank in the United States still in operation today. Founded in 1832, WSFS Bank was chartered seven days before the city of Wilmington. WSFS operates out of 56 locations in Delaware, Pennsylvania, Virginia and Nevada. In addition to retail banking, the company also has a trust & wealth management division that manages about $1.5 billion in client assets and an additional $10 billion in assets under administration. The Cash Connect division provides cash management services to ATM owners across all 50 states and the company currently manages cash replenishment services for more than 15,000 ATMs. Through Array Financial, WSFS offers mortgage financing services to customers across all 50 states. James Mazarakis is the executive vice president and CIO of WSFS, a role he has had for more than five years. Mazarakis discusses with CIO Insight contributor Peter High cyber-security fraud, digital technology in banking and more.
CIO Insight: You lead technology and operations. What is under your purview in these two areas, and how did your role evolve to take both on?
James Mazarakis: These two areas of the bank had been managed together prior to my arrival. What we have further supplemented since my arrival is our operational risk and application delivery areas. Operational Risk was supplemented because, as everyone is aware, in the last few years we have seen significantly increased cyber-security fraud activities across all types of industries and governmental institutions. Our bank has been proactive in supplementing our capabilities in this area to protect our customers and their confidential information.
We have also further supplemented our application delivery area to allow the bank to build applications that support our customers’ needs. Customer needs have grown very significantly in the last few years and banks have responded by providing more online capabilities and new mobile facilities. We have responded to these needs by issuing mobile and tablet software that address these needs. Our most recent enhancement is WSFS Mobile Cash. WSFS Mobile Cash allows customers to withdraw cash from our branch ATMs by using their mobile phones. In essence WSFS Mobile Cash is a cardless ATM transaction. This product represents the latest in security, convenience and speed in regards to digital technology in banking.
CIO Insight What are some core areas of your current strategy? What are your team and you focused on at the moment?
6-8-2015
Martha Poulter joined Starwood Hotels & Resorts Worldwide just over a year ago after spending 19 years with General Electric, most of it in the financial services side of GE. Her final stop was as CIO of GE Capital. Switching companies and industries is a challenge for most executives, but given how strong GE’s culture is, some executives find it difficult to operate in a new culture, especially one that differs substantially from GE’s metrics-driven, up or out culture.
Sensitive to the need to bring her strengths of experience while deferring to the successes of the team she was inheriting at Starwood, Poulter began her tenure at the company listening more than pontificating. She internalized the strategy that the team was already operating against, and chose to keep most of it, agreeing with the logic of it, by and large. Therefore, she has spent more time capitalizing on the strengths that she found, and was pleased to see that a culture of innovation was already in place, though she has pushed it to an even greater degree. She is now spearheading initiatives related to mobile check-in, development of apps that work with wearables, and further investigating opportunities related to the Internet of Things, all of which we discuss herein.
(To listen to an unabridged audio version of this interview, please click this link: this link. This is the 23rd article in the “CIO’s First 100 Days” series. To read the prior 22 interviews, please visit this link. To read future interviews in the series, please click the “Follow” link above.)
Peter High: Can you talk a little bit about your role and your vision for the IT organization at Starwood here in the relatively early tenure of your time with the organization?
Martha Poulter: Absolutely. As a business we have a really big agenda that focuses on our guests and customers, figuring out how to marry the elements of our core business, which is very service-oriented, very high touch, with the high-tech capabilities that we can bring to bear on that service model. Over the course of several years, you will see that we have had an opportunity to marry those things. Our keyless initiative has taken a very age-old, analog process from our guests and converted it into a very digital process that allows guests to bypass the front desk and go directly to their assigned rooms. So we are very excited about that kind of marriage of high touch and high tech.
Johnson Controls’ CIO Helps 125 Year Old Company Become Leader In The Internet Of Things
10-20-2014
On the face of it, you would not think of Johnson Controls as a leading candidate to be an innovator in the world of the Internet of Things. Johnson Controls is a 125-year-old company based in Milwaukee that produces more than $40 billion in revenue per annum. The origins of the company were in building systems, which was primarily heating, ventilation and air control (HVAC). The company’s diversified in recent times to include three other divisions beyond HVAC:
For the past six years, Colin Boyd has been the chief information officer of Johnson Controls, and he has been one of the leaders in the company responsible for the transformation toward being a leader in this trend. In fact, he said that the companies leadership in the trend predates the name of the trend. The company has been involved in what it calls “the Internet of Buildings” for more than a decade. Boyd’s role has been an important one, and it offers a look inside how the CIO might get more involved in taking advantage of this trends, while being mindful of the number of other divisions of the company that are necessary to engage along the way.
Gartner: Top 10 Strategic IT Trends for 2015
10-07-2014
Gartner Symposium/ITxpo is under way in Orlando. As always, their IT experts have identified what they believe to be the top-ten information technology trends for the year ahead. Strategic technology trends are defined as having potentially significant impact on organizations in the next three years. Here is a summary of the trends:
1. Computing Everywhere
2. The Internet of Things (IoT)
3. 3D Printing
4. Advanced, Pervasive, Invisible Analytics
5. Context-Rich Systems
6. Smart Machines
7. Cloud/Client Architecture
8. Software-Defined Infrastructure and Applications
9. Web-Scale IT
10. Risk-Based Security and Self-Protection
