In a previous column, I discussed how “cyberphysical” is an appropriate term to capture this new world we are entering, where machines operate automatically and rapidly based on real-time feedback. The next step is to understand why this cyberphysical matters to the wider population that these machines will service. We can then assess levels of risk in order to better develop a culture of cyberphysical security.
The most notable trend is that critical services we rely on are increasingly dependent upon cyberphysical interactivity. The scope of these critical services continues to broaden and deepen across industries, especially as the functionality and speed of devices is more widely understood.
To me, nothing offers a more direct example of cyberphysical dependency than heart pacemakers. More than three million people rely on these devices every day, and 600,000 new implants are performed each year (American Heart Association). These cyberphysical devices not only manage electrical impulses in the human body, but they can also connect to external, remote systems for diagnosis and adjustments. Security takes on new meaning when you consider how and where these cyberphysical systems reside.
Another set of cyberphysical interactions occur to deliver our electricity, which we ambitiously consume at approximately 18,000 TerraWatts a year. How many of us can go 60 minutes without an electrical charge to our cell phones? Smart meters, not to mention power generation control systems, play a part in delivering this critical energy service.
Moving forward, we can envision a host of additional cyberphysical systems beyond these two examples, managing and impacting our daily lives. Many have seen self-driving cars, which are expected to grow at 134% CAGR in the next five years (not to mention electric cars, another dependency back on our power generation systems). Or consider home automation systems and maritime cargo monitoring.
As a security specialist, while I anticipate great reward from these new types of cyberphysical systems, I also envision the need for better protection. The dependency on cyberphysical systems exposes the broader population to a variety of risks.
While I will outline here some of these risks, be assured that my follow-on column will discuss solutions. My intent is to help readers visualize the relevance of cyberphysical systems in day-to-day lives, as background to why new approaches to security are required. And while our researchers handle very targeted and device-specific vulnerabilities behind closed doors, I will discuss in public only broad strokes of exposure, rather than risk proliferating any attack specifics.
As an initial example, many readers may be familiar with home automation systems that now include thermostats with remote control capabilities. Researchers have already performed “jail break” attacks to take over such temperature-altering devices, building upon prior attack lessons learned. Similar to information security holes in enterprise devices, these consumer thermostats lack robust security measures.
Amidst pressures to be “first to market,” it is not uncommon for manufacturers to trade off convenience and price for limited protection. In some cases, it might not even be a conscious design decision. Considering our growing dependency on cyberphysical systems, however, security testing seems an obvious addition (but I will discuss solutions further in my next column).
In other industries, it is less a rush to the consumer market triggering risks than it is a status quo regarding defining what constitutes “safe.” In the energy sector, offshore oil rigs were once “air gapped” and not connected to other systems.
Today, devices from as far afield as transportation and government services have typically been prioritized by physical security implications first. Will seat belts cause more injuries or save more lives, for example, or how will devices from state clinics affect the medical condition of citizens? Today, as cyber merges with physical inside vehicles and operating rooms, “safe” needs a new perspective. Has the system been tested against remote control access? If a cyberphysical device receives false commands, what are the implications?
These are just two examples of different dimensions of risk we are exposed to as we enter the cyberphysical era. The high level of machine-to-machine interactivity, the speed of sharing real-time information automatically, and the trade off of convenience for security in product lifecycle management will all contribute to new levels of risk as cyberphysical systems emerge.
Considering our increasing dependence on these critical systems, the onus is on our industry to devise new and better security models. In my next column, I will illuminate options for how we can move forward, including implementing security measures much earlier in the design lifecycle.
Related Event: Learn More at the ICS Cyber Security Conference
Related Reading: Cyberphysical Security: The Next Frontier