The industrial world is running into a cyber security wall. On one hand, the interconnectedness of devices and machines delivers significant efficiencies, reducing the cost of producing products and power while improving our everyday devices. Yet the expansion of connected systems opens up significant cyber security vulnerabilities. So far, there has been a decision to take efficiencies over security concerns. Recent vehicle hacks and systematic data theft may be changing that thinking, however.
Those tasked with protecting plants or vehicles face a double-whammy: increased security vulnerabilities matched with increasing attacks. “There is a huge growth in the need for cyber security. With the IoT and industrial networks, everyone knows there are security risks, but the industry is moving ahead in connecting industrial plants, homes, and devices,” Tom McAndrew, executive vice president of professional services at Coalfire Systems, a cyber security assessment firm, told Design News. "Hackers know that the more functionality you have, the more surface areas there are to attack.”
Part of the vulnerability in the Jeep vehicle hack this summer was that the entertainment system was connected to the system operating the car. It seemed obvious that brake, steering, and acceleration should reside in a stand-alone system, yet security experts weren’t surprised. “Networked systems are less expensive than separate systems,” said McAndrew. “In a perfect world, you have stand-alone systems, but multiple systems share technology to reduce cost and weight. There is the push-pull between the savings from multiple systems and the cost of stand-alone systems.”
The Nature of Cyber Attacks Has Changed
In recent years, security experts have seen a shift in the types of attacks, the kind of attackers, and the reasons for the attacks. “In the late '90s, people were worried about denial of service [DoS] attacks. Websites were brought down by traffic,” said McAndrew. “Now we’re seeing a broad mix of both physical security and cyber security requirements.”
He noted that the number of attacks is growing at the same time the nature of cyber attacks is changing. “The threats are increasing every year,” said McAndrew. “Even though we’re doing a better and better job of deterring the 18-year-old hacker, there are two threat areas that have grown: espionage and data collection.”
While earlier hackers were interested in proving their wiles, today’s hackers are financially motivated. “They’re taking data for money now. That market has become very sophisticated in its ability to take and sell data,” said McAndrew. “The demand keeps increasing as hackers look for new ways to get large portions of data. Former hackers and people trained by their governments can make a good living by stealing data.”
The Nation State as Hacker
As for people trained by their own governments, one of the most disturbing new developments in cyber security is the prolonged, systematic probing by nation-state actors. “Nations are catching up. China is investing four times as much as the US in cyber capability, so it’s just a matter of time before they pull ahead,” said McAndrew. “Plus, given the range of offensive and defensive capabilities, the offensive move will always win.”
McAndrew noted there’s no equivalency between the US and its nation-state cyber foes. There’s no cyber tit for tat. The US can’t ward off attacks with counterattacks. “The US cyber threat to North Korea is not as great as North Korea’s cyber threat to the US,” said McAndrew. “You can turn off all the lights in North Korea for a week, and it wouldn’t have as much impact as turning off our lights for five minutes.&rdrdquo;
One major vulnerability the US faces is its utter dependence on cyber systems. “We don’t know how to do things the old way. That’s our Achilles heel,” said McAndrew. “We’ve moved to electronic systems and dropped the old way of doing things. I was in the last Naval class that taught celestial navigation. Yet after many years, they’ve brought it back in case the GPS gets taken out.”
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.
[image via FreeDigitalPhotos.net]