5G Cybersecurity Safety
Neil Harbisson calls himself a cyborg. Without the antenna implanted in his skull, he would not be able to see colour of any kind. Born with achromatopsia, a condition of total colourblindness that affects 1 in every 30 000 people, Harbisson's physical faculties are augmented by cyber technology to grant him access to a life of greater meaning and satisfaction. As technological evolution leads to concomitant advances in medical science, we are seeing more and more examples of humans who are integrating devices and sensors into their biological makeup. For some, like those part of the growing "transhumanist" movement, this...
Cyber-Kinetic Timeline
Below is a timeline of key historic cyber-kinetic attacks, system malfunctions and key researcher demos targeting cyber-physical systems (CPS), Internet of Things (IoT) and Industrial Control Systems (ICS) resulting in kinetic impacts in the physical world. I tried to select only those that were first-of-the-kind or that significantly increased general awareness about a particular type of an attack or incident I know that the list is incomplete. That’s where you come in. If you are aware of an incident or a research that demonstrated something new regarding cyber-kinetic threats or helped significantly raise the awareness, please contact me. For a more...
5G Critical Infrastructure
Not even 30 years separate us from the end of the Cold War. Yet, we appear to be witnessing the emergence of a new one, a technology Cold War between the United States and China. This time, instead of a ‘red under the bed’, the US government has declared there is one at the back door. It accuses Chinese technology companies of deliberately building vulnerabilities into their tech, allowing the Chinese to access and control the 5G critical infrastructure, and through it the connected devices and machinery at will. Headlines are dominated by the case against Huawei, and debate continues...
BlackBerry's 7-Pillar Recommendation for Automotive Cybersecurity
BlackBerry has published its recommended framework to protect cars from cybersecurity threats. According to BlackBerry, the real challenge is securing the supply chain manufacturing these smart vehicles. With so many actors in the supply chain space individually contributing hardware or software, there is a higher risk of one of them accidentally introducing something harmful or not fully securing a part, which could result in the entire vehicle being compromised. The whitepaper lays out seven crucial security recommendations to harden automobile electronics from cyber attacks.
Smart City 5G Privacy
More than half of the world’s population lives in cities. The UN estimates that by 2050 that proportion will be 68% - more than 6 billion people living in high-density conditions. This raises significant challenges. What is the best way to ensure that human needs are met in a fair and equitable way? How will we face challenges like resource strain, waste and pollution management, traffic congestion and connectivity? In response to these wicked problems, cities are increasingly relying on smart technologies to foster greater efficiency and sustainable growth. These interventions do not, however, come without their own complications. Just...
IEMI
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
5G Security GSA
The Global mobile Suppliers Association (GSA) today issued a 5G Security Primer whitepaper. The whitepaper provides a top-level overview of the security considerations and required approaches necessary for securing 5G networks. GSA calls on industry to adopt security best practices to make 5G a success. The whitepaper includes detail on trust models and assumptions within 5G networks compared to LTE. It also outlines how 5G architecture and features enhance security including network slicing and SBA (Service-Based Architecture), Authentication and Identity Management, Privacy, Inter-operator Security, the role of multi-access edge computing (MEC), the potential security impact on user experience and the...
Canada Critical Infrastructure
Targeted cyberattacks against critical infrastructure (CI) are increasing on a global scale. Critical systems are rapidly being connected to the internet, affording attackers opportunities to target virtual systems that operate and monitor physical structures and physical processes through various modes of cyberattack. When people think of cyberattacks, their minds often go first to the financial sector. After all, that’s the type of attack people hear about most frequently; it’s where the money is and it’s what seems most natural for cybercriminals to target. Enterprises frequently focus on such cyber-enabled financial crimes to the point that they give too little thought...
AI Cybersecurity Battlefield
Cybersecurity strategies need to change in order to address the new issues that Machine Learning (ML) and Artificial Intelligence (AI) bring into the equation. Although those issues have not yet reached crisis stage, signs are clear that they will need to be addressed – and soon – if cyberattackers are to be prevented from obtaining a decided advantage in the continuing arms race between hackers and those who keep organizations’ systems secure. ML and AI can magnify existing vulnerabilities and open the door to new attack strategies. At the same time, though, they offer new tools to help organizations secure...
Key Safety Challenges for IIoT
Industrial Internet Consortium published a new white paper "Key Safety Challenges for the IIoT". The white paper addresses four key challenges in IIoT security and offers why other current safety frameworks are falling short, and recommends what can be done to further mitigate these challenges.
IEMI
As our cities, our transportation, our energy and manufacturing – our everything – increasingly embrace Internet of Things (IoT) and Industrial Controls Systems (ICS), securing its underlying cyber-physical systems (CPS) grows ever more crucial. Yet, even among engineers and cybersecurity specialists, one potential attack trajectory is often overlooked: Intentional Electromagnetic Interference (IEMI). ICS and IoT – digital systems that run today’s modern society – rely on changes in electrical charges flowing through physical equipment. Creating the 1s and 0s of which all digital information is composed requires electronic switching processes in circuits. The current used in this process is not...
Maritime Cybersecurity
The open seas have long attracted those who yearned for adventure. The risk of pitting oneself against a vast and unforgiving sea has tested sailors’ mettle for millennia. It’s not surprising that the maritime industry is one that thrives on facing – and overcoming – risks. But, as technology increasingly dominates it, growing risks exist that the industry dare not ignore. Its growing effort to increase efficiencies through digitization and automation has made it an inviting target for 21st century pirates whose weapons are not cutlasses, but computers. Vulnerabilities in maritime systems and security practices threaten to inflict huge losses...
Cyber-Kinetic Threat
My article "The tangible threat of cyber-kinetic attacks" was published on CSO Online. Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being.
Cyber-Kinetic Railway
In their growing efforts to increase efficiencies through digitization and automation, railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components. In addition, the increasing use of networked control and automation systems enable remote access of public and private networks. Finally, the large geographical spread of railway systems, involving multiple providers and even multiple countries, and the vast number of people involved in operating and maintaining those widespread systems offer attackers an almost unlimited number of attack...