As our cities, our transportation, our energy and manufacturing – our everything – increasingly embrace Internet of Things (IoT) and Industrial Controls Systems (ICS), securing its underlying cyber-physical systems (CPS) grows ever more crucial. Yet, even among engineers and cybersecurity specialists, one potential attack trajectory is often overlooked: Intentional Electromagnetic Interference (IEMI).
ICS and IoT – digital systems that run today’s modern society – rely on changes in electrical charges flowing through physical equipment. Creating the 1s and 0s of which all digital information is composed requires electronic switching processes in circuits. The current used in this process is not...
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
The attacker stepped out from behind a hedge in the upper-class suburban neighborhood, being careful to stay in the shadows. Across the street, the last lights shining through the windows of the house had just flickered out. She tugged the bottom of her black hoodie into place and pulled the hood up over her head, casting her face deeper in shadow.
Her target sat in the driveway at the front of the house, a bright red and completely decked out SUV. Glancing up and down the street to ensure no one was looking, she slipped across the street into the...
The maritime industry faces a not-so-distant future when ships will be completely autonomous, using navigation data that they receive to plot their own courses with only minimal input from shoreside control centers. The efficiencies this could bring are massive, but before this happens, cybersecurity issues must be addressed. Not only are many vessels configured in ways that invite cyberattacks, but security practices also need to be improved before the industry can safely navigate its future.
An increasingly digitized maritime industry
A fleet of 250 autonomous vessels may launch soon. And that would be only the beginning, according to McKinsey and Co....
In one of those strange inversions of reason, The Internet of Things (IoT) arguably began before the Internet itself. In 1980, a thirsty graduate in Carnegie Mellon University’s computer science department, David Nichols, eventually grew tired of hiking to the local Coca Cola vending machine only to find it empty or stocked entirely with warm cola. So, Nichols connected the machine to a network and wrote a program that updated his colleagues and him on cola stock levels. The first IoT device was born.
Things have moved on somewhat. Today, the world is home to 8 billion connected devices or “things”, with...
Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being. That's the threat of cyber-kinetic attacks.
Our physical world is becoming more connected – which makes it more dependent on the cyber world. Many physical objects around us are no longer just physical, but extend into cyberspace, being remotely monitored and controlled. Increasingly, our factories, cities,...
My article "Stuxnet: the father of cyber-kinetic weapons" was published on CSO Online. As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated.
Stuxnet was the first true cyber-kinetic weapon, designed to cripple the Iranian – and perhaps also the North Korean – nuclear weapon programs. It succeeded in slowing the Iranian program, although it was discovered before it could deal the program a fatal blow.
Its significance goes far beyond what it did. It marks a clear turning point in the military history and cybersecurity. Its developers hoped for a weapon that could destroy strategic targets without civilian damage possible in traditional warfare. Instead, it opened the door to cyberattacks that can deliver widespread disruption to the very civilian populations it was...
My article "Defeating 21st Century pirates: the maritime industry and cyberattacks" was published on CSO Online. From the article: Digitization in the maritime industry is growing, and cyberattacks are growing along with it. Attackers achieve massive paydays when maritime targets leave vulnerabilities open. If the maritime industry is to enjoy the potential that digitization can bring, it must put cybersecurity in the forefront instead of on the back burner.
My article "The tangible threat of cyber-kinetic attacks" was published on CSO Online. Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being.
The open seas have long attracted those who yearned for adventure. The risk of pitting oneself against a vast and unforgiving sea has tested sailors’ mettle for millennia. It’s not surprising that the maritime industry is one that thrives on facing – and overcoming – risks. But, as technology increasingly dominates it, growing risks exist that the industry dare not ignore.
Its growing effort to increase efficiencies through digitization and automation has made it an inviting target for 21st century pirates whose weapons are not cutlasses, but computers. Vulnerabilities in maritime systems and security practices threaten to inflict huge losses...
A growing number of today’s entertainment options show protagonists battling cyber-attacks that target the systems at the heart of our critical infrastructure whose failure would cripple modern society. It’s easy to watch such shows and pass off their plots as something that could never happen. The chilling reality is that those plots are often based on real cyber-kinetic threats that either have already happened, are already possible, or are dangerously close to becoming reality.
Cyberattacks occur daily around the world. Only when one achieves sufficient scope to grab the attention of the news media – such as the WannaCry ransomware...
My article "Our smart future and the threat of cyber-kinetic attacks" is published on HelpNetSecurity. Like most of my writing, the article focuses on cyber-kinetic threats of industrial control systems and how the rapid adoption of IoT keeps exponentially increasing the threat.
My article "Protecting smart technologies and IoT from cyber-kinetic attacks" is published on IoT Agenda. The article highlights the cyber-kinetic threats of the IoT. From the article intro: "Making physical objects or systems “smart” is all the rage today. Terms like smart houses, smart cars, smart cities, smart grids, smart refrigerators and even smart hairbrushes pop up everywhere. But there’s something not smart in the way this trend is progressing. Securing smart systems is being often overlooked."
Crowdstrike published its annual Cyber Intrusion Services Casebook. Drawn from 100 real-life client engagements, the report looks into ever-evolving attacker tactics, techniques and procedures (TTPs) and reveals emerging trends observed in attack behaviors, including the preferred tactics used by threat actors to gain entry to the targeted environment.