The recently discovered security threat in CPUs from nearly a dozen manufacturers poses a low risk to corporate networking gear, so operators have time to test vendors’ patches thoroughly.
That’s the take of security experts contacted by SearchNetworking following the discovery last week of the Spectre and Meltdown vulnerabilities that affect Intel, AMD and ARM chips. In response, Cisco and Juniper Networks have released patches rated medium and low risk, respectively, for a variety of products.
The low risk of Spectre and Meltdown to switches and routers means network managers have the time to thoroughly test the patches to minimize their impact on hardware performance, experts said.
“If you’re getting a firmware update, you need to patch,” said Rob Westervelt, analyst at IDC. “[But] the issue is whether you just deploy the patch or test it thoroughly and make sure you don’t break any applications or anything else.”
Roughly 20 CSOs and IT security professionals interviewed by IDC were taking a methodical approach to applying Spectre and Meltdown fixes across all systems.
“While it is top of mind, it’s not something that they’re immediately jumping on to patch,” Westervelt said. “They are using established best practices and testing those patches first.”
Network performance at risk
Westervelt warned there is the possibility network performance will suffer. “In some cases, it could be very costly.”
Rob Westerveltanalyst at IDC
Indeed, Microsoft reported in a blog post patches for the PC and server versions of Windows would range from minor to significant, depending on the age of the operating system and the CPU. “I think we can expect a similar variety of performance impacts across other [vendors’] products,” said Jake Miller, a senior security analyst at IT consulting firm Bishop Fox, based in Tempe, Ariz.
Security pros expect hackers sophisticated enough to exploit the hard-to-reach vulnerabilities to target mostly servers in large data centers that host cloud computing environments. Because of the level of expertise needed to take advantage of the flaws, hackers working for nation states are the most likely attackers, experts said.
Exploiting the CPU holes would involve crafting code that takes advantage of how some processors anticipate features computer users will request next. In preparation for those requests, processors will load into memory valuable data and instructions that hackers can steal.
“The threat is significant, but currently is limited to highly sophisticated attackers and hacking groups with the means to carry out multi-staged targeted attacks,” IDC said in a research note. “Financially motivated cybercriminals are more likely to continue to use more accessible, time-tested methods to retrieve passwords and sensitive data.”
Nevertheless, even a low risk to networking gear is worth the time needed for fixing. “It’s better to be safe than sorry,” said Jonathan Valamehr, COO and co-founder of cybersecurity company Tortuga Logic Inc.
Manufacturers are adopting industrial IOT technology at high rates and the vast majority are satisfied with the results, yet it appears that most are not yet taking advantage of benefits like advanced analytics.
These were some of the results gleaned from a new survey from Bsquare, a Bellevue, Wash., firm that provides IIOT services and products. The 2017 Annual IIOT Maturity Study examines the adoption attitudes and progress of IIoT technology across three industry segments — manufacturing, transportation, and oil and gas — according to Dave McCarthy, Bsquare senior director of products.
The main impetus for conducting the survey was to determine how companies are adopting IIOT applications and the overall satisfaction with the results, McCarthy said.
Bsquare conducted the 2017 Annual IIOT Maturity Study in August 2017 with more than 300 respondents from companies with annual revenues of at least $250 million, according to McCarthy. The respondents were evenly divided among the three industry groups and all were senior-level personnel with direct operational responsibilities. The survey made no mention of Bsquare or its products and services.
The survey indicates that enthusiasm for IIOT applications is very high, but the majority of projects are still at a relatively low level.
According to the survey, 86% of the respondents are currently adopting IIOT applications and 84% of the adopters believe that the applications are very or extremely effective. Further, 95% responded that the IIOT applications are having a significant or tremendous impact on their industry.
However, the higher-level benefits that IIOT promises may not yet be realized. The survey shows that 78% of IIOT projects are focused on connecting devices and machines, while 83% involve data visualization. Projects that involve higher-level functionality are in the minority, with only 48% of respondents doing advanced analytics on the data collected by IIOT devices, and just 28% are automating the application of insights derived from analytics.
Dave McCarthysenior director of products, Bsquare
McCarthy believes that satisfaction from IIOT applications may be high because more than half of the 84% who believe the applications have been effective are less than one year into the IIOT implementation.
“This could mean that they’re in the honeymoon period because they’re doing some things that they’ve never done before and even if they are very simple things it seems like they’re a huge step forward and they’re happy about it, or they’re doing things in a POC or pilot environment where it’s always easier to do things in a lab than at scale,” he said. “But there’s a huge drop in people who are collecting data and people who are using it in some way with a dashboard or monitored activity. People feel that they have to collect this data even if they don’t know what they want to do with it.”
Other key findings from the survey:
Of the 86% of organizations that are adopting IIOT applications, most are in construction and transportation (93%), followed by oil and gas (89%) and manufacturing (77%).
The organizations are using IIOT applications primarily for connecting devices and forwarding data (78%), real-time data monitoring (56%) and advanced data analytics (48%).
The majority of the respondents (73%) plan to increase their investments in IIOT over the next year, while at the same time almost all acknowledge the complexity of IIOT deployments.
Don’t start the 4th Industrial Revolution without me
The 4th Industrial Revolution is happening right now, driven by leading manufacturing organizations and largely enabled by cloud technology, according to a new report from Plex Systems, a provider of cloud ERP systems based in Troy, Mich.
The third annual “State of Manufacturing Technology (SoMT) Report” surveyed more than 150 manufacturers on their attitudes about and how they are actually using next-generation technologies in their manufacturing processes, according to Andrew McCarthy, Plex Systems vice president of communications. The survey participants represented manufacturing companies in a variety of industries, including automotive equipment, industrial parts and systems, aerospace, high technology, plastics, and food and beverages.
“What we found from the survey is that as a result of the cloud, this promise of ubiquity or universal connectivity that’s often talked about as out in the future is stuff that these organizations are doing today,” McCarthy said. “There are simple examples like the deployment of consumer mobile devices on the shop floor, all the way to things like wearable technology in the shop floor environment, and using location-based services to get contextual information from a piece of equipment.”
Some of the reasons for this increased adoption include lowered barriers to connectivity and the rapidly decreasing costs of next-generation technology and equipment, McCarthy said.
“We find that customers are experimenting with those capabilities to figure out how to stand up a new stack because they don’t have to make a material investment in them,” he said.
Overall, the survey indicates that next-generation technologies are very important to manufacturers today, primarily enabled by the cloud; however there are also significant challenges to be overcome, including a widening skills gap for manufacturing workers.
Some of the specific findings from the survey:
Eighty percent of respondents said the technology was either important or very important to their ability to innovate.
Ninety percent said that they are using cloud-based applications in some form, which is twice the number as the 2016 survey.
Seventy percent said that the cloud has made it easier to manage fluctuating customer demand.
Forty-five percent said that the cloud contributes significantly to new product research and introduction.
Thirty percent are focusing on implementing a digitally connected supply chain now, and another 30% expect to implement it in the next five years.
Thirty-five percent believe that a shortage of skilled workers will be the biggest challenge to organizational growth in the next year, and the most needed skills are lean manufacturing (68%), mechanical engineering (48%) and data analysis (48%).