A cyber-terrorist could wreak
havoc by exploiting vulnerabilities in the ever-increasing connectivity of
smart devices and their mechanical counterparts.
There has long been concern about a “cyber 9/11” that could cripple
the country’s financial, energy and transportation networks. A debilitating
attack late last year on electrical grids in western Ukraine has given the
United States new cause for concern.
The incident, the first known power outage caused by a cyber-attack,
disrupted electrical transmissions, leaving 80,000 customers without power for
several hours. This watershed event in cyber-security is not only the latest example of hackers causing
physical harm—it's also a clear indicator of things to come if we don’t work
now to minimize the physical threat of cyber-attacks.
The veil between virtual and physical attacks was lifted as early as 2007,
when the U.S. Department of Homeland Security launched a complex cyber-attack
on a diesel-powered electric generator in eastern Idaho. The remote attack from
a DHS terminal took over the computerized controls of the generator and forced
it to do the equivalent of shifting a car into reverse while barreling down a
highway. The undue stress on the generator's mechanical components caused it to
shake violently, spew out black smoke and explode.
Since then, we’ve seen the Stuxnet worm trick 1,000 Iranian centrifuges
into self-destructing, the Shamoon virus corrupt 30,000 systems at Saudi Aramco,
and this latest episode that downed Ukraine’s electric grid. Unfortunately,
this is only the beginning.
The nexus between virtual threats and physical damage occurs at the
electronic controls of mechanical processes: the computer screen at the nuclear
plant where employees monitor temperature and pressure, or the interface on
your console that puts your car into self-parking mode or—one day
soon—self-driving mode. With the right sequence of code, a cyber-terrorist
could wreak indiscriminate and widespread havoc by exploiting vulnerabilities
in the ever-increasing connectivity of smart devices and their mechanical
counterparts.
For the time being, the complexity involved in physical cyber-attacks make
it much more likely that large industrial systems, such as power plants or
factories, will be targets rather than personal electronic devices. After all,
a skilled counterfeiter wouldn’t waste his time making $1 bills when he could
be making $100 bills.
Such an attack might involve hacking into an industrial control system
through a “backdoor.” This tactic exploits the fact that many of these systems
are connected to the Internet, but they haven’t been updated with security
patches since the machinery was installed—often years before.
The newly introduced malware could cause equipment to overheat, overload or
even self-destruct, while engineers who are watching compromised computer
screens are none the wiser. This scenario could put employees at risk and lead
to damaged systems, interrupted operations, expensive repairs and lost
productivity costs.
However, the exponential growth of connected smart devices—the Internet of
things (IoT)—will eventually expose even ordinary machinery to the same kind of
risk, and with even more points of entry. Engineered auto accidents exploiting
your car’s connectivity with your phone or your watch could become as plausible
as the manufactured blackout that hit western Ukraine last year.
So, how can we minimize this physical threat from cyber-attacks?
First, the most important thing to do is to develop and maintain awareness.
A basic understanding of the kind of threat that’s out there can give you and
your staff the drive to install updates and patches from manufacturers as they
become available.
It’s also important to be aware that more mobile devices are connected to
each other and to the Internet, so don’t spend all your time securing your
laptop at the expense of your smartphone or wireless router. And managers need
to ensure that employees understand and follow this process.
Finally, if you’re overly concerned and have money in the budget, you might
want to seek out a cyber-security expert who can assess your risk and offer
ways to mitigate it.
For the regulators, owners and operators of critical infrastructure, the
burden of defending against the physical threat is heavy. The most effective
way to do this is to consider worker safety and cyber-security as the same
goal.
Thanks to the risks associated with operating heavy machinery, plants and
factories are required to maintain stringent safety standards. But that
consensus is absent when it comes to securing control systems because most
industries don’t yet fully appreciate the real risks workers face (and their
company's bottom line) from compromised machinery. But, the safety consensus is
absent when it comes to securing control systems because most industries don’t
fully appreciate the risk compromised machinery poses to workers—and a
company’s bottom line.
Second, the general practice right now is to have an IT team secure
networks, while engineers manage industrial control systems. This gap needs to
be bridged so that adequate resources are used to secure the software that
controls equipment.
Lastly, though the onus for combating evolving threats falls rightfully on
the firms themselves, only federal regulation can pull together the patchwork
of local cyber-security standards that govern thousands of American utility
companies to a much-needed higher level.
The one bright spot is that unlike electric grids and automated
controls—which developed in the absence of cyber-threats—the Internet of things
is still in its infancy. As a result, the IoT can grow up responsive to the
challenging security environment that older industries are still struggling to
comprehend.
So, while the physical threat of cyber-attacks is real and growing, we may
be well-positioned to combat them.
A cyber-terrorist could wreak havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
By Thomas BoydenThere has long been concern about a “cyber 9/11” that could cripple the country’s financial, energy and transportation networks. A debilitating attack late last year on electrical grids in western Ukraine has given the United States new cause for concern.
The incident, the first known power outage caused by a cyber-attack, disrupted electrical transmissions, leaving 80,000 customers without power for several hours. This watershed event in cyber-security is not only the latest example of hackers causing physical harm—it's also a clear indicator of things to come if we don’t work now to minimize the physical threat of cyber-attacks.
The nexus between virtual threats and physical damage occurs at the electronic controls of mechanical processes: the computer screen at the nuclear plant where employees monitor temperature and pressure, or the interface on your console that puts your car into self-parking mode or—one day soon—self-driving mode. With the right sequence of code, a cyber-terrorist could wreak indiscriminate and widespread havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
For the time being, the complexity involved in physical cyber-attacks make it much more likely that large industrial systems, such as power plants or factories, will be targets rather than personal electronic devices. After all, a skilled counterfeiter wouldn’t waste his time making $1 bills when he could be making $100 bills.
Such an attack might involve hacking into an industrial control system through a “backdoor.” This tactic exploits the fact that many of these systems are connected to the Internet, but they haven’t been updated with security patches since the machinery was installed—often years before.
The newly introduced malware could cause equipment to overheat, overload or even self-destruct, while engineers who are watching compromised computer screens are none the wiser. This scenario could put employees at risk and lead to damaged systems, interrupted operations, expensive repairs and lost productivity costs.
However, the exponential growth of connected smart devices—the Internet of things (IoT)—will eventually expose even ordinary machinery to the same kind of risk, and with even more points of entry. Engineered auto accidents exploiting your car’s connectivity with your phone or your watch could become as plausible as the manufactured blackout that hit western Ukraine last year.
A cyber-terrorist could wreak havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
By Thomas BoydenThere has long been concern about a “cyber 9/11” that could cripple the country’s financial, energy and transportation networks. A debilitating attack late last year on electrical grids in western Ukraine has given the United States new cause for concern.
The incident, the first known power outage caused by a cyber-attack, disrupted electrical transmissions, leaving 80,000 customers without power for several hours. This watershed event in cyber-security is not only the latest example of hackers causing physical harm—it's also a clear indicator of things to come if we don’t work now to minimize the physical threat of cyber-attacks.
The nexus between virtual threats and physical damage occurs at the electronic controls of mechanical processes: the computer screen at the nuclear plant where employees monitor temperature and pressure, or the interface on your console that puts your car into self-parking mode or—one day soon—self-driving mode. With the right sequence of code, a cyber-terrorist could wreak indiscriminate and widespread havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
For the time being, the complexity involved in physical cyber-attacks make it much more likely that large industrial systems, such as power plants or factories, will be targets rather than personal electronic devices. After all, a skilled counterfeiter wouldn’t waste his time making $1 bills when he could be making $100 bills.
Such an attack might involve hacking into an industrial control system through a “backdoor.” This tactic exploits the fact that many of these systems are connected to the Internet, but they haven’t been updated with security patches since the machinery was installed—often years before.
The newly introduced malware could cause equipment to overheat, overload or even self-destruct, while engineers who are watching compromised computer screens are none the wiser. This scenario could put employees at risk and lead to damaged systems, interrupted operations, expensive repairs and lost productivity costs.
However, the exponential growth of connected smart devices—the Internet of things (IoT)—will eventually expose even ordinary machinery to the same kind of risk, and with even more points of entry. Engineered auto accidents exploiting your car’s connectivity with your phone or your watch could become as plausible as the manufactured blackout that hit western Ukraine last year.
- See more at: http://www.baselinemag.com/security/dealing-with-the-physical-threat-of-cyber-attacks.html#sthash.c8nM2n4A.dpuf
A cyber-terrorist could wreak havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
By Thomas BoydenThere has long been concern about a “cyber 9/11” that could cripple the country’s financial, energy and transportation networks. A debilitating attack late last year on electrical grids in western Ukraine has given the United States new cause for concern.
The incident, the first known power outage caused by a cyber-attack, disrupted electrical transmissions, leaving 80,000 customers without power for several hours. This watershed event in cyber-security is not only the latest example of hackers causing physical harm—it's also a clear indicator of things to come if we don’t work now to minimize the physical threat of cyber-attacks.
The nexus between virtual threats and physical damage occurs at the electronic controls of mechanical processes: the computer screen at the nuclear plant where employees monitor temperature and pressure, or the interface on your console that puts your car into self-parking mode or—one day soon—self-driving mode. With the right sequence of code, a cyber-terrorist could wreak indiscriminate and widespread havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
For the time being, the complexity involved in physical cyber-attacks make it much more likely that large industrial systems, such as power plants or factories, will be targets rather than personal electronic devices. After all, a skilled counterfeiter wouldn’t waste his time making $1 bills when he could be making $100 bills.
Such an attack might involve hacking into an industrial control system through a “backdoor.” This tactic exploits the fact that many of these systems are connected to the Internet, but they haven’t been updated with security patches since the machinery was installed—often years before.
The newly introduced malware could cause equipment to overheat, overload or even self-destruct, while engineers who are watching compromised computer screens are none the wiser. This scenario could put employees at risk and lead to damaged systems, interrupted operations, expensive repairs and lost productivity costs.
However, the exponential growth of connected smart devices—the Internet of things (IoT)—will eventually expose even ordinary machinery to the same kind of risk, and with even more points of entry. Engineered auto accidents exploiting your car’s connectivity with your phone or your watch could become as plausible as the manufactured blackout that hit western Ukraine last year.
- See more at: http://www.baselinemag.com/security/dealing-with-the-physical-threat-of-cyber-attacks.html#sthash.c8nM2n4A.dpuf