Traffic bouncer Cloudflare has outlined what it claims is the solution to the perennial internet-of-things security problem: pay it. The company points out what most security experts have been saying for some time: IoT devices are a security disaster, they are going to grow exponentially, and when people can’t even be relied on to update their browsers, having billions of unpatched internet-connected devices is a disaster waiting to happen. And so Cloudflare has come up with its solution: route everything through us.
This does not come as a huge surprise. The company does tend to offer the same solution to every online problem: Distributed denial of service (DDoS) attack? Route your traffic through us. Man-in-the-middle attack? Pay us to deal with your data. Too many spam comments? We have a paid service for that. Need encryption? Guess what? But that doesn’t mean that the company’s new Orbit service is a bad idea. In fact, it may very well be a good or even great idea given the state of the current system for securing online devices. The basic idea is quite simple: in the same way website owners pay Cloudflare to sit in between them and their visitors, IoT manufacturers will pay for the Orbit service to sit between their devices and the public internet.
The manufacturers will configure their devices to only go through Orbit, which gives them (or, most accurately, Cloudflare) the ability to not only shield tech-ignorant consumers from hacking efforts, but also apply virtual security patches across all of its devices at once.
Although this is far from ideal since it introduces a proprietary layer to the open internet, the reality is that it could be a lifesaver for IoT companies, which have persistently shown themselves incapable of carrying out decent security audits on their products and continue to make basic errors, like hard-coding passwords. And, to be fair to Cloudflare, the company has shown itself to be very capable of handling huge amounts of traffic without lag or collapse. The million-dollar-question of course is: how much does it cost? Cloudflare told us that the fee was based on the number of devices and the bandwidth required but wouldn’t provide an exact figure.
If the cost is $10 a year per device and an IoT company can offer the extra security as part of a premium package alongside cloud recording or similar then it is probably a great deal. But if the idea is that it will be supplied for free to customers who buy the product and don’t sign up to an ongoing service fee, then the price is going to have to be much, much lower for there to be any kind of significant take-up. Of course, the biggest security risk comes from companies offering low-price IoT items that don’t require ongoing fees. So while Cloudflare’s new service may help improve mid- to high-end IoT products’ security, the huge risks from the low-end are unlikely go away. So expect plenty more DDoS attacks from zombie webcams.
And then there is the fact that if lots of IoT manufacturers chose to use this service, it would make Cloudflare a single point-of-failure and hence a huge target for hackers. And Cloudflare, like any company using software, is not immune to bugs. Bugs that can provide an enormous wealth of information.
Oh please god no, not another one
One thing we do have to pick on Cloudflare for, however: in the official notice of the new service, the company notes that it is “introducing the industry’s first IoT alliance made up of a group of IoT companies and experts in the field that will be committed to forming best practices and standards for protecting connected devices and ensuring the resilience of the Internet of Things.”
Far from this being the “industry’s first IoT alliance,” this effort will only add yet more overhead and confusion to a massively overpopulated world of internet-of-things alliances, consortiums, organizations, groups, working groups, feuding government departments, security experts pushing for laws, legislators and consumer agencies pretending not to hear, and god knows what else.
Below is a partial list of the people working on IoT security and best practices. We wonder why on earth Cloudflare thinks it’s a good idea to add yet another one to the list.
That barren landscape of Internet of Things standards bodies
- ^ solution (blog.cloudflare.com)
- ^ low-price IoT items (www.theregister.co.uk)
- ^ attacks from zombie webcams (www.theregister.co.uk)
- ^ not immune to bugs (www.theregister.co.uk)
- ^ massively overpopulated (www.theregister.co.uk)
- ^ feuding government departments (www.theregister.co.uk)
- ^ pushing for laws (www.theregister.co.uk)
- ^ consumer agencies (www.theregister.co.uk)
INKAS Group of Companies is pleased to announce the appointment of Mr. Victor Goodman as the new President and CEO of INKAS Security Services Ltd., effective immediately.
FOR IMMEDIATE RELEASE
Toronto, ON, April 26, 2017 – David Khazanski, President, INKAS Group of Companies, announced today the appointment of Victor Goodman as President and CEO of INKAS Security Services Ltd. INKAS Security Services Ltd. is a Cash Management Solutions Company – offering a full cycle of security services to financial institutions, corporate and government organizations.
We are very pleased to have Victor join our global organization as we continue to drive innovation and transform the security industry. I am confident that Victor s wealth of experience in the security sector, as well as his track record of success in business development and M&A will accelerate the growth of the company for many years, said David Khazanski. The security industry is in need of evolution. By offering an intelligent alternative, INKAS can transform the traditional model that exists today . Victor joins INKAS as a goal oriented senior executive with extensive revenue growth achievements in premium brand organizations including Brookfield Asset Management, IBM Algorithmics, CIBC Wood Gundy and Brinks Inc. His proven track record of innovation and execution through a network of international financial services and corporate relationships has enabled him to transition challenged businesses to a highly profitable and dominant market share across multiple industry verticals. Victor holds an Economics Degree from the University of Toronto as well as various post graduate accreditations from Queens University and the London Business School. As well, Victor serves on various not-for-profit boards including the Matthew House a Refugee Claimant Program in collaboration with The Law Foundation of Ontario.
INKAS Group of Companies is in the business of protecting lives and valuables. It is proud of its integrated suite of armored vehicle manufacturing, cash management, environmental and point-of-sale products and services. Its innovative financial and security solutions have strengthened its customers overall profitability and as such, company s growth trend continues to escalate year over year. The company takes pride in our service offering and is constantly exceeding both industry standards & customer expectations. Specifically, INKAS Security Services Ltd. is a cash management solutions company. It fulfills the entire end-to-end value chain of security including its own: truck manufacturing and maintenance, technology innovation, and safe manufacturing. This model, in essence, allows it to control both quality and cost. As a result, the company can pass on this unique industry advantage to its customers with cost effective pricing, superior customer service and flexibility. Company s people its greatest asset – with their commitment to customer focus, safety, security and operational excellence. To attest to this, its customers have ranked INKAS as number one in service level achievement, against that of our largest competitors. INKAS knows that risk mitigation is a key focus for its customers. The company strives to understand the challenges its customers face by considering their specific requirements. As such, the integrated cash management solution has been designed in order to optimize ATM services, cash-in-transit, secure logistics, storage and cash processing.
In order to promote leadership in the industry, INKAS prides itself on being an innovative company. INKAS goal is to bake in a deep level of innovation with every product and service it provides. With research and development being a pivotal factor in its growth, it recognizes the importance of continuing to push the boundaries in order to further elevate INKAS as a brand founded on quality, sustainability and progress.
For more information, please contact:
INKAS Security Services Ltd.
Tel: +1 416-744-3322
Congress needs to fund the government by April 28 or government employees will see a repeat of the 2013 shutdown. While the White House says the chances of the government actually shutting down are unlikely, we at Federal News Radio are answering some of the most pressing questions on the minds of defense workers.
Will I work if the government shuts down?
That all depends on your role in the Defense Department. The government furloughed about half of its civilian force during the 2013 shutdown, a total of about 400,000 civilians. Who works and who doesn t is all based on what positions are considered essential. If you re active-duty military, you will work.
White House ends hiring freeze, mandates workforce, mission restructuring
We can and will continue to support key military operations. We re allowed to do that by law, but the law would force us to disrupt many of our support activities, former DoD Comptroller Bob Hale said during the last shutdown. We wouldn t be able to do most training, we couldn t enter into most new contracts, routine maintenance would have to stop, we couldn t continue efforts to improve contracting and financial management including our audit improvement efforts.
For civilians it s more complicated. DoD released a 2015 contingency plan for the possibility of a shutdown. The plan lays out what positions would work if the government runs out of money. Those positions include jobs needed for the safety of human life or protection of property like civilians who operate and assess intelligence data. Other positions that won t be furloughed are those working in the medical and dental care field and those working in acquisition and logistics for essential operations. Those working in logistics at central receiving points for supplies purchased before the shutdown will stay on duty until they are no longer needed.
Education and training positions are mostly exempted from a shutdown, as are those working on legal activities for essential activities. DoD employees who work in mess halls and child care activities will report to work as will those working with the management of funds for essential services.
If you re a really good federal worker, you should welcome the reorganization plan, OMB says
There s also a wild card option: any activities funded with unobligated, unexpired balances will keep their employees on duty. That means if the account that funds your department still has money, you ll report to work. A full list of essential employee functions can be found here.
Will I get paid?
No, at least not at first. For all intents and purposes the government does not have money during a shutdown. Those who are working are providing pro bono services to the government for the well being of the nation. Don t think you can get out of it just because there is a shutdown either. Employees who refuse to work must comply or face disciplinary action. You also can t take any leave during the shutdown period. Those in the military won t be paid, unless Congress can come up with some sort of exception. In 2013, Congress passed a bill that provided money for the continued pay of the military through the shutdown. After five days of interpretation, Justice Department lawyers decided that bill extended to a majority of furloughed civilians, which brought them back to work and paid them as well.
During that time, paycheck processing pretty much stayed the same; however, there is no guarantee Congress will pass a bill to pay the military this time around. For civilians who had time furloughed, Congress eventually passed a law paying them for their work during the shutdown. If the government shuts down this time, there are no promises Congress will do the same thing.
What if I m a defense contractor?
While military members and many contractors would still go to work during a government shutdown, there are restrictions on what they would be able to do. For example, contractors would still be prohibited from doing inherently governmental work. And military members would be prohibited from performing the duties of presidentially-appointed and Senate-confirmed officials. Hale said things like the war in Afghanistan definitely constitute excepted activities, but that doesn t necessarily mean all military commanders have the authority to carry out their operations as normal.
These are the sort of gray area decisions that our managers and commanders are making right now as they identify excepted and non-excepted, he said. But I think most of the ships at sea would stay there. If there were some that stayed strictly in training and weren t excepted, they would be able to stand down if they had to in an orderly fashion. And we ll have to make some judgment about what that means. Obviously, you can t get the ship back immediately.
What changes might I see?
During the last shutdown DoD saw its support services take a hit. DoD held back care packages to troops in Afghanistan because of abrupt staffing cuts in the military postal system in Europe. The Pentagon curtailed seemingly-minor creature comforts such as cable TV for service members serving overseas. The Armed Forces Network took all but one of its channels off the air because of furloughs at its broadcast center in Riverside, California. The shutdown resulted in a patchwork of disrupted services that varied from installation to installation. For instance, a family child care management office might be at least partially open on one base because it s managed by a military member. At another installation, a similar office might be closed because its civilian-led workforce has not been exempted from furlough by the local commander.
There s also the matter of the Veterans Affairs Department. VA did not accept any new disability compensation claims or issue any decisions on appealed claims during the 2013 shutdown, and it cut back on the number of hours its claims processors worked. Several toll-free hotline numbers for veterans, including those designed to handle claims for education benefits shut down entirely.