Cyber - Securing the "Internet of Things"
In the recent past, we worried about financial cybercrime. That kind of cybercrime remains a problem, surely, but we’ve learned that the risks associated with the theft and misuse of intellectual property, such as the design of a new aircraft fuselage or a new pharmaceutical, or of a company’s global go-to-market strategy, or even the trade negotiating position of the US or one of its allies, can be worth far more, in the wrong hands. That said, we’re still some way from characterising accurately the scope of either financial cybercrime or the theft of intellectual property. However, either can be a measureable proportion of a country’s GDP. In fact, the theft of intellectual property has the potential, some believe, to alter the global economic balance.
What other kinds of threats are emerging? The links below tell an interesting story. The first link is to a two-day, front-page Washington Post series on cybersecurity; the second link is to a component of that series that deals with industrial control systems. StuxNet, which purportedly exploited weaknesses in the Siemens S7 Industrial Control System, is the vehicle used to tell this story.
This story serves to highlight the potential vulnerability of systems used to control manufacturing processes, pipelines and power lines, and anything else in which a process, device, or infrastructure is controlled by embedded systems. We’re learning that such systems may be reachable and vulnerable, even if we thought they were “airgapped.”
We’re learning, too, that even proprietary control systems can be exploited and attacked, if their use is connected to a system in which an adversary is interested. In other words, if it’s worth the trouble, someone will take that trouble. They may even take the trouble to develop means of exploitation and attack that don’t have known signatures; StuxNet is reported to have carried several “zero-day” exploits not seen previously.
The Washington Post series is important for two reasons:
First, it reveals what key decision-makers are being told about the current state of cybersecurity. The Washington Post is the "newspaper of record" as it relates to issues of this sort, and the attention this sort of issue enjoys with key decision-makers at the national level.
Second, it provides a useful overview of how the public discussion of cybersecurity is shifting to cover critical infrastructure and industrial control systems, in other words, the “Internet of things.”
Links:
http://www.washingtonpost.com/investigations/cyber-search-engine-exposes-vulnerabilities/2012/06/03/gJQAIK9KCV_story.html