Bach Seat

Once upon a time, back in 2005, there was a time when “using the Internet” always meant using a computer. Today getting on the Intertubes is an expected feature for many devices. The next digital frontier is the physical world, where the “Internet of Things.” The Internet of Things will bring an online ability to objects.

Twine Sensor Connects Household Objects to the Internet

 Tested.com notes a Kickstarter project from two MIT Media Lab alums who developed a way to make the Internet of Things more available. A small, durable “Twine” sensor listens to its environment and reports back over Wi-Fi. The creators hope their new product will let regular users, even those without programming knowledge, digitally manage their surroundings.

A basic Twine unit senses temperature and motion, but other options like moisture detection, a magnetic switch, and more can be added using a breakout board. The various sensors and built-in Wi-Fi can be powered by either a mini-USB connection or two AAA batteries, which will keep it running for months. Twine readings get wirelessly loaded into the appropriately named Spool web app, where users can set simple if-then triggers that create SMS messages, tweets, emails, or specially configured HTTP requests.

For a donation of $99 or more will get you a basic unit when they ship in March.

Related articles

• Twine wants to put your things on the internet (gizmag.com)

THE SMART FRRRIDGE. Chilly Forecast for Internet Frrridge

The Smart Frrridge is a new version of the familiar kitchen apparatus. According to Medienturn the new fridge comes with a built-in computer that can be connected to the internet. It is one of a growing class known as “Internet appliances” that include not only smartphones but also web-enabled versions of typical household appliances.

The refrigerator keeps an eye on the food in it by using RFID technology, a digital camera, and image processing. These technologies allow the fridge to keep track of what’s in it, how long has this been there, should it be trashed?

To keep in contact with the Smart Frrridge all you have to do is to pick up your mobile phone and call. It will be able to suggest a menu that uses the foods inside and generate a shopping list of the missing ingredients and place the order online.

The Smart Frrridge cab also be used to watch television, listen to music, to take a photograph, save it to an album, or post it to a website, or send it to an email recipient. The comes with a docking station you can just dock in your Apple (AAPL) iPod or iPhone and start using all your favorite cooking apps.

Related articles

• First Looks: Belkin Fridge Mount for iPad 2 (ilounge.com)
• Futuristic RFID Refrigerator – In My Fridge Displays What’s Inside Without the Need to Open It (TrendHunter.com) (trendhunter.com)

SCADA: How Big a Threat?

There are reports of two recent cyber attacks on critical infrastructure in the US. Threatpost says the hacker who compromised the water infrastructure for South Houston, TX, said the district used a three-letter password, making it easy to break in.

There are also reports that a cyberattack destroyed a water pump belonging to a Springfield, IL water utility. There are mixed reports that an attacker gained unauthorized access to that company’s industrial control system.

According to DailyWireless, Supervisory Control And Data Acquisition (SCADA) software monitors and controls various industrial processes, some of which are considered critical infrastructure.

Researchers have warned about attacks on critical infrastructure for some time, but warnings became reality after a highly complicated computer worm, Stuxnet, attacked and destroyed centrifuges at a uranium enrichment facility in Iran.

German cybersecurity expert Ralph Langner found Stuxnet, the most advanced worm he had ever seen. The cybersecurity expert warns that U.S. utility companies are not ready to deal with the threat.

In a TED Talk Langner stated that “The leading force behind Stuxnet is the cyber superpower – there is only one, and that’s the United States.”

In a recent speech at the Brookings Institution, he also made the bigger point that having developed Stuxnet as a computer weapon, the United States has in effect introduced it into the world’s cyber-arsenal.

Related articles

• Don’t Say I Never Told You: Researcher Warned Congress Of Stuxnet Variants 10 Months Ago | threatpost (powersthatbeat.wordpress.com)
• FBI acknowledges more SCADA attacks, increases cyber budget (nakedsecurity.sophos.com)

New NIST Report Sheds Some Light On Security Of The Smart Grid

DarkReading reports the National Institute of Standards and Technology (NIST) released a report (PDF) by the Cyber Security Coordination Task Group. The report from the Task Group which heads up the security strategy and architecture for the nation’s smart power grid includes risk assessment, security priorities, as well as privacy issues.

The smart grid makes the electrical power grid a two-way flow of data and electricity allows consumers to remotely monitor their power usage in real-time to help conserve energy and save money. DarkReading says researchers have raised red flags about the security of the smart grid. Some have already poked holes in the grid, including IOActive researcher Mike Davis, who found multiple vulnerabilities in smart meters, including devices that don’t use encryption nor do they authenticate users when updating software. He was able to execute buffer overflow attacks and unleash rootkits on smart meters.

Tony Flick, a smart grid expert with FYRM Associates, at Black Hat USA talked (PDF) about his worries over utilities “self-policing” their implementations of the security framework. “This is history repeating itself,” Mr. Flick said in an interview with DarkReading.

According to DarkReading, the report recommends smart grid vendors carry out some pretty basic security practices:

• Audit personally identifiable information (PII) data access and changes;
• Specify the purpose for collecting, using, retaining, and sharing PII;
• Collect only PII data that’s needed;
• Anonymize PII data where possible and keep it only as long as necessary;
• Advanced Metering Infrastructure (AMI) must set up protections against denial-of-service (DoS) attacks;
• Network perimeter devices should filter certain types of packets to protect devices on an organization’s internal network from being directly affected by denial-of-service attacks;
• The AMI system should use redundancy or excess capacity to reduce the impact of a DoS;
• AMI components accessible to the public must be in separate subnetworks with separate physical network interfaces;
• The AMI system shall deny network traffic by default and allows network traffic by exception;
• Consumers’ access to smart grid meters be limited. Authorization and access levels need to be carefully considered.

Related articles

• Utilities caught flat-footed in smart-grid security (zdnet.com)
• How Smart Grid and Broadband Work Together (blogs.cisco.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.