Tag: TECHNICAL

Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted. Railway systems have long been critical. Mass transit systems move hundreds of thousands of people throughout urban areas each work day. Freight systems move an estimated 40 tons of freight for every person in the U.S. every year. Imagine the chaos if they were disrupted. These systems have always been challenging to secure. Even urban mass transit systems...

As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI). Electromagnetic interference (EMI) surrounds us – natural causes, such as solar flares and lightning; and man-made sources such as radio and TV broadcasting, radars, microwaves and many others all emit electromagnetic waves that could disrupt operation of electrical and electronic devices. That is, if devices wouldn’t comply with numerous electromagnetic compatibility (EMC) standards which ensure correct operation in common electromagnetic environment and resilience...

While Stuxnet is gone, the world now knows what can be accomplished through cyber-kinetic attacks. As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated. Stuxnet’s beginnings Stuxnet is believed to have been conceived jointly by the U.S. and Israel in 2005 or 2006 to cripple Iran’s nuclear weapon development...

In their growing efforts to increase efficiencies through digitization and automation, railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components. In addition, the increasing use of networked control and automation systems enable remote access of public and private networks. Finally, the large geographical spread of railway systems, involving multiple providers and even multiple countries, and the vast number of people involved in operating and maintaining those widespread systems offer attackers an almost unlimited number of attack...

As our cities, our transportation, our energy and manufacturing – our everything – increasingly embrace Internet of Things (IoT) and Industrial Controls Systems (ICS), securing its underlying cyber-physical systems (CPS) grows ever more crucial. Yet, even among engineers and cybersecurity specialists, one potential attack trajectory is often overlooked: Intentional Electromagnetic Interference (IEMI). ICS and IoT – digital systems that run today’s modern society – rely on changes in electrical charges flowing through physical equipment. Creating the 1s and 0s of which all digital information is composed requires electronic switching processes in circuits. The current used in this process is not...

The maritime industry faces a not-so-distant future when ships will be completely autonomous, using navigation data that they receive to plot their own courses with only minimal input from shoreside control centers. The efficiencies this could bring are massive, but before this happens, cybersecurity issues must be addressed. Not only are many vessels configured in ways that invite cyberattacks, but security practices also need to be improved before the industry can safely navigate its future. An increasingly digitized maritime industry A fleet of 250 autonomous vessels may launch soon. And that would be only the beginning, according to McKinsey and Co....

Stuxnet was the first true cyber-kinetic weapon, designed to cripple the Iranian – and perhaps also the North Korean – nuclear weapon programs. It succeeded in slowing the Iranian program, although it was discovered before it could deal the program a fatal blow. Its significance goes far beyond what it did. It marks a clear turning point in the military history and cybersecurity. Its developers hoped for a weapon that could destroy strategic targets without civilian damage possible in traditional warfare. Instead, it opened the door to cyberattacks that can deliver widespread disruption to the very civilian populations it was...

The open seas have long attracted those who yearned for adventure. The risk of pitting oneself against a vast and unforgiving sea has tested sailors’ mettle for millennia. It’s not surprising that the maritime industry is one that thrives on facing – and overcoming – risks. But, as technology increasingly dominates it, growing risks exist that the industry dare not ignore. Its growing effort to increase efficiencies through digitization and automation has made it an inviting target for 21st century pirates whose weapons are not cutlasses, but computers. Vulnerabilities in maritime systems and security practices threaten to inflict huge losses...

The fact that cyber-kinetic attacks rarely appear on mainstream news doesn’t mean they don’t happen. They happen more frequently than you would think. Many, for various reasons, aren’t even reported to agencies charged with combatting them. This hinders security experts in understanding the full scope and recognizing the trends in this growing problem. We’ll highlight examples of cyber-kinetic incidents and attacks in this chapter. Some were malfunctions that, nonetheless, demonstrated cyber-physical system vulnerabilities. Some were collateral damage from hacking or computer viruses. The vulnerabilities these exposed inspired a growing number of targeted cyber-kinetic attacks in recent years. The Beginning of Cyber-Kinetic...

Below is a timeline of key historic cyber-kinetic attacks, system malfunctions and key researcher demos targeting cyber-physical systems (CPS), Internet of Things (IoT) and Industrial Control Systems (ICS) resulting in kinetic impacts in the physical world. I tried to select only those that were first-of-the-kind or that significantly increased general awareness about a particular type of an attack or incident I know that the list is incomplete. That’s where you come in. If you are aware of an incident or a research that demonstrated something new regarding cyber-kinetic threats or helped significantly raise the awareness, please contact me. For a more...

Below is my attempt to list of all published 5G, IoT and "Smart Everything"-related security guidelines, frameworks and standards. If you are aware of additional entries that should be here, please let me know at [email protected]

We live in a world in which the way we observe and control it is radically changing. Increasingly, we interact with physical objects through the filter of what computational systems embedded in them tell us, and we adjust them based on what those systems relate. We do this on our phones, in our cars, in our homes, in our factories and, increasingly, in our cities. Physical objects are so interconnected that we simply take those connections for granted, as if being able to unlock your car by pushing a button on your key fob, unlocking it with your phone or...