Google has a perfect opportunity to be a leader in cybersecurity.

From the company's Android OS, to the purchase of Motorola and the new gigabit fiber optic network to be built in Austin, Texas, to its recent hiring of Peiter "Mudge" Zatko from the Defense Advanced Research Projects Agency (DARPA), this combination of Google intellectual property -- with the Telecom intellectual property all over Austin, Texas -- could be a perfect meeting of money and minds in creating a secure smart city.

When it comes to intelligent traffic systems sending avoidance collision warnings and keeping the power grid operating -- and everything in between -- it’s time for corporate citizens to step up to the plate and responsibly address urban cyber security. If Google plans on being the financial beneficiary of billions of devices, running millions of apps on a new gigabit fiber optic network, then it also needs to take on the upfront responsibility and expense in securing these networks, devices and apps.

And right now, the Android OS and the many apps that run on it could not be further from secure.

The New Enterprise Security Threat

From hacking to hijacking enterprise networks to apps that steal apps, the Android has become a hackers' OS and device of choice. In fact, just to make it a little easier for everyone, even network exploit kits are now available, as is a top 10 list for hacker and penetration testers. This stuff isn’t funny, though. Using tools like this to breach an enterprise network means a lot of different things to many people. It is not about the enterprise -- it is the intellectual property that is kept in an enterprise. My recent interview with professional cybersecurity investigator Tom Quilty made it clear that intellectual property, and even state secrets, may be vulnerable sitting in an enterprise network server.

Taking this one step further, if the enterprise is a control system on an aircraft, then could an Android device be used to, let's say remotely access the controls of an airplane?

Such a situation was actually demonstrated at a presentation given at the Hack in the Box security conference in Amsterdam by Hugo Teso, a security consultant at n.runs in Germany, and is still being debated. To put final emphasis on the seriousness of Android smartphones in the enterprise, the recent popularity of bring your own device (BYOD) is flooding these devices into every enterprise and control system, and already overburdened enterprise managers are sending out the security warnings. Even the Army wants to use smartphones, but has shown recent security concerns in using the devices. We need to understand the smartphone is not just a phone -- it is a PC or even a personal enterprise network device with a lot of power and capabilities.

Current Mobile Security Suites Not Enough


View Full Story
Larry Karisny  | 
Larry Karisny is the director of Project Safety.org and a consultant supporting local wireless broadband, smart grid, transportation and security platforms.