Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
Targeted cyber attacks against critical infrastructure (CI) are increasing on a global scale. Despite the common misconception in Canada, Canadian CI operators are being targeted too. Increasingly so. Canadian government and its agencies tasked with cyber securing the critical infrastructure are making great strides recently, but, in my opinion, they still lack behind Canada’s peer countries.
Canada’s rankings in innovation has lagged that of other peer nations for decades despite government efforts to address this issue. Considering its success in developing research programs at its universities and pioneering many of the emerging technologies currently transforming the world, its mediocre rankings overall in technology development is disappointing. Things appear to be turning around, however. New initiatives by government are encouraging not just R&D, but also the other steps needed to turn innovative ideas into innovative products. Most importantly, increased collaboration in technology fields are starting to move Canada forward in global leadership. We still have a long way to go, but we are at least now heading in the right direction.
IoT security also has to become contextual and adaptive; capable of changing to support rapidly morphing threat and business use cases; and has to cut across traditional silos of cybersecurity, health and safety, engineering and others. In the world in which after few decades of effort we are still losing cybersecurity battles daily, how can conscientious companies move forward with addressing new and significantly more complex IoT security threats?
If you’ve read the many predictions about the future of AI, you’ve likely found them to be wildly different. They range from AI spelling doom for humanity, to AI ushering in Golden Age of peace, harmony and culture, to AI producing barely a blip on society’s path toward ever-greater technological achievement. Those three views – dystopian, utopian and organic – present issues we need to consider as we move deeper toward an AI-integrated future. Yet they also contain exaggerations and false assumptions that we need to separate from reality.
With so many critical services enmeshed with smart cities, the attack surface is enormous and extremely vulnerable. The more technology is involved, the greater the vulnerability to infrastructure and city services. The time to act on securing our smart cities is now. The more that systems with vulnerabilities are incorporated, the greater is the risk to which city dwellers are exposed – and the more that we will have to catch-up in the future.
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
Railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components. Fully cyber-enabled railway systems offer attackers a range of vulnerabilities perhaps unmatched by any other type of industrial control system. And potential attackers are well aware of their opportunities, as few examples below demonstrate.
As our cities, our transportation, our energy and manufacturing – our everything – increasingly embrace Internet of Things (IoT) and Industrial Controls Systems (ICS), securing its underlying cyber-physical systems (CPS) grows ever more crucial. Yet, even among engineers and cyber security specialists, one potential attack trajectory is often overlooked: Intentional Electromagnetic Interference (IEMI).
Making physical objects or systems “smart” is all the rage today. Terms like smart houses, smart cars, smart cities, smart grids, smart refrigerators and even smart hairbrushes pop up everywhere. But there’s something not smart in the way this trend is progressing. Securing smart systems is being often overlooked.
As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated.
The maritime industry faces a not-so-distant future when ships will be completely autonomous, using navigation data that they receive to plot their own courses with only minimal input from shoreside control centers. The efficiencies this could bring are massive, but before this happens, cybersecurity issues must be addressed. Not only are many vessels configured in ways that invite cyberattacks, but security practices also need to be improved before the industry can safely navigate its future.
Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being.
AI will encroach further into tasks previously done by humans. That is certain. It will do so not only in mundane, repetitive work, but also in highly specialized knowledge skills. The key to thriving in an AI-enabled environment is for leaders to grow in the human qualities AI can only mimic and not master. Motivating, mentoring, creativity, empathy and making genuine human connections with others – no matter their background – will be sorely needed to complement the computational and efficiency advancements AI will bring.
Stuxnet was the first true cyber-kinetic weapon, designed to cripple the Iranian – and perhaps also the North Korean – nuclear weapon programs. It succeeded in slowing the Iranian program, although it was discovered before it could deal the program a fatal blow. Its significance goes far beyond what it did. It marks a clear turning point in the military history and in cybersecurity. Its developers hoped for a weapon that could destroy strategic targets without civilian damage possible in traditional warfare. Instead, it opened the door to cyberattacks that can deliver widespread disruption to the very civilian populations it was designed to protect. Stuxnet has, years ago, disappeared from the digital world. Its unintended release beyond its target, though, made its code readily available to other nations, cybercriminals and terrorist groups, providing them with a wealth of advanced techniques to incorporate into their own malicious cyber efforts. Its impact on the future cannot overstated.
Technologies that could change the world have been a popular topic for the past half century. True, the predictions that everyone would drive flying cars have not materialized, but what has materialized would astound those who offered such predictions 50 years ago. And where emerging technologies are headed is even more stunning. Seven technologies, in my opinion, are poised for explosive growth in 2018. And what they can accomplish this year and beyond is not even the most significant disruption that I see them causing.
Digitization will continue to grow in the maritime industry and, with it, the threat of cyberattacks. The industry’s historic willingness to accept the risks that the open seas offer and meet them head-on when they occur should not also be its approach to cybersecurity. The stakes are high, with attackers employing increasingly ingenious strategies to achieve massive paydays from the vessels – and their companies – that leave unneeded vulnerabilities open to them. And not only are massive amounts of money at state, but also people’s lives and well-being. As digitization of the maritime industry grows, attention to cybersecurity must grow with it.
The inherent threat the evolution of our living places - Our species has moved out of the trees onto the savanna – just to build concrete trees instead, in the form of cities. Although this may be a nutshell view of human history, the movement towards making our living places habitable is taking a new turn. We no longer live just in the physical world, we now live also in the cyber-physical, and this transforms how we live, work, and play in the form of the ‘smart city’ built on our own data.
As physical objects and processes are increasingly being monitored or controlled by connected computational devices such as Industrial Control Systems (ICS) or Internet of Things (IoT), those physical objects and processes become hackable in the same way as the embedded devices controlling them. Ignoring the reality of vulnerabilities will not restrict them to the realm of fiction. The threats are real. Many have already occurred. Only by recognizing the new challenges that our connected world poses and coming together to address them will we be able to make our leap into this new way of life secure and safe, and get the fullest benefits from it.
AI's effect on the workplace will not be limited merely to repetitive, production line-type jobs. Increasingly, it also enters the realm of highly trained knowledge workers. It will also affect those who manage workers currently employed in such jobs. AI likely will reshape jobs all the way up to the C-level offices. That doesn't mean, though, that managers and executives will no longer be needed. They simply need to prepare themselves for shifts in their work responsibilities.

INDUSTRY NEWS

railway cyber-kinetic

Growing cyber-kinetic threats to railway systems

My article "Growing cyber-kinetic threats to railway systems" was published on CSO Online. Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
IoT Privacy Forum - Clearly Opaque - Privacy Risks of the IoT

Report: IoT Privacy Forum – Clearly Opaque – Privacy Risks of the IoT

The IoT Privacy Forum has launched its newest report, Clearly Opaque: Privacy Risks of the Internet of Things. The result of eighteen months of research comprising workshops and interviews with forty experts, practitioners and scholars, the report is one of the most comprehensive explorations of IoT privacy and governance issues currently available.

Intentional Electromagnetic Interference (IEMI) – the overlooked threat to IoT

As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
malware

Stuxnet: the father of cyber-kinetic weapons

My article "Stuxnet: the father of cyber-kinetic weapons" was published on CSO Online. As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated.
Why governments must take the lead on IoT security frameworks

Why governments must take the lead on IoT security frameworks

In my latest opinion piece on IoT Agenda “Why governments must take the lead on IoT security frameworks” I argue that there needs to be more government involvement when it comes to IoT security. At least until the industry more broadly accepts that IoT security, if done right, can become a competitive advantage and even speed up innovation.

Defeating 21st Century pirates: the maritime industry and cyberattacks

My article "Defeating 21st Century pirates: the maritime industry and cyberattacks" was published on CSO Online. From the article: Digitization in the maritime industry is growing, and cyberattacks are growing along with it. Attackers achieve massive paydays when maritime targets leave vulnerabilities open. If the maritime industry is to enjoy the potential that digitization can bring, it must put cybersecurity in the forefront instead of on the back burner.
Cyber Kinetic Threat

The tangible threat of cyber-kinetic attacks

My article "The tangible threat of cyber-kinetic attacks" was published on CSO Online. Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being.
Smart Future and Cyber-Kinetic Threat

Our smart future and the threat of cyber-kinetic attacks

My article "Our smart future and the threat of cyber-kinetic attacks" is published on HelpNetSecurity. Like most of my writing, the article focuses on cyber-kinetic threats of industrial control systems and how the rapid adoption of IoT keeps exponentially increasing the threat.
Protecting smart technologies and IoT from cyber-kinetic attacks

Protecting smart technologies and IoT from cyber-kinetic attacks

My article "Protecting smart technologies and IoT from cyber-kinetic attacks" is published on IoT Agenda. The article highlights the cyber-kinetic threats of the IoT. From the article intro: "Making physical objects or systems “smart” is all the rage today. Terms like smart houses, smart cars, smart cities, smart grids, smart refrigerators and even smart hairbrushes pop up everywhere. But there’s something not smart in the way this trend is progressing. Securing smart systems is being often overlooked."

Report: CrowdStrike – 2017 Cyber Intrusion Services Casebook

Crowdstrike published its annual Cyber Intrusion Services Casebook. Drawn from 100 real-life client engagements, the report looks into ever-evolving attacker tactics, techniques and procedures (TTPs) and reveals emerging trends observed in attack behaviors, including the preferred tactics used by threat actors to gain entry to the targeted environment.
Honeywell Survey

New Survey: Honeywell – Putting Industrial Cyber Security at the Top of the CEO...

Honeywell released a new study "Putting Industrial Cyber Security at the Top of the CEO Agenda" showing industrial companies are not moving quickly to adopt cyber security measures to protect their data and operations, even as attacks have increased around the globe.
Privacy in Smart Cities

Privacy in Smart Cities by Smart City Hub

New article on Smart Cities and Privacy "Privacy in Smart Cities" published on Smart City Hub. From the article intro:"This morning I told my...
Blackberry Automotive Cybersecurity

Whitepaper: Blackberry – 7-pillar Recommendation for Automotive Cybersecurity

BlackBerry has published its recommended framework to protect cars from cybersecurity threats. According to BlackBerry, the real challenge is securing the supply chain manufacturing these smart vehicles. With so many actors in the supply chain space individually contributing hardware or software, there is a higher risk of one of them accidentally introducing something harmful or not fully securing a part, which could result in the entire vehicle being compromised. The whitepaper lays out seven crucial security recommendations to harden automobile electronics from cyber attacks.
Key Safety Challenges for IIoT

White Paper: Key Safety Challenges for the IIoT

Industrial Internet Consortium published a new white paper "Key Safety Challenges for the IIoT". The white paper addresses four key challenges in IIoT security and offers why other current safety frameworks are falling short, and recommends what can be done to further mitigate these challenges.
Wi-SUN Rise of IoT

New Report: Wi-SUN Alliance – The Rise of the Internet of Things

Wi-SUN Alliance just released results of a survey of 350 IT decision makers from firms in the U.S., UK, Sweden and Denmark that are already investing in at least one IoT project. Similarly to other IoT related surveys, this one confirms that the IoT security tops the list of major concerns for IoT adopters. IoT security is holding back nearly six in ten (59%) of the respondents.
Western European Cities Exposed

New Report: Cities Exposed in Shodan

Trend Micro released the latest in the series of Shodan-based security studies on exposed city cyber asset. Earlier this year they released the report on exposed US cities, and now they looked into Europe, looking not only at Western European capitals, but deeper into three of its largest countries – Germany, France, and the United Kingdom.
Discovering Consumer Attitudes Toward Connected Car Security

New Report: Discovering Consumer Attitudes Toward Connected Car Security

Thales conducted a survey of 1,000 consumers across the U.S. and UK. Few interesting findings: Ownership of internet-connected cars is on the rise. 28% in the U.S. (increased from 24% in 2016) and 18% in the UK. Due to the current threat landscape people are very worried about security...
The Inconvenient Truth about Smart Cities

Who will really benefit from the coming smart-city revolution?

Article "Who will really benefit from the coming smart-city revolution?" is published by the New Scientist From the intro: "We need assurances on privacy, security and...
Smart Cities do not mean the Death of Privacy

Smart Cities do not mean the Death of Privacy

"Smart Cities do not mean the Death of Privacy" article argues that the privacy problem regularly being discussed in the context of smart cities...
PwC IIoT Operational Reference Architecture

Whitepaper: PwC – The Role of the CIO in Integrating IIoT for ...

The Industrial Internet of Things (IIOT) promises to revolutionize industrial and manufacturing activities, and disrupt today's business models. The CIO’s role will touch various parts of their company more than ever, and they will also need to help their businesses operationalize rapid changes in business models, from products to services, cloud-based models, outsourced models, and others.
Smart cities might not be such a bright idea

Smart cities might not be such a bright idea

Financial Times published an opinion piece "Smart cities might not be such a bright idea" "Smart cities are being rolled out across the globe, particularly...
ENISA - Baseline Security Recommendations for IoT

New Report: ENISA – Baseline Security Recommendations for IoT

The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.
Slaughterbots

Video: ‘Slaughterbots’ Video Depicts a Dystopian Future of Autonomous Killer Drones

Interesting short video depicting a very scary future in which swarms of killer microdrones are dispatched to kill political activists and US lawmakers. Armed with explosive charges, the palm-sized quadcopters use real-time data mining and artificial intelligence to find and kill their targets.
Why the Entire C-Suite Needs to Use the Same Metrics for Cyber Risk

Article: Why the Entire C-Suite Needs to Use the Same Metrics for Cyber Risk

Excellent article from Harvard Business Review. The author recognizes that the members of the C-suite often aren’t speaking the same language around cyber risk and that the reporting lines and silos are impacting the enterprise-wide communication and coordination required to address new cyber risks...
The Inconvenient Truth about Smart Cities

The Inconvenient Truth about Smart Cities

Scientific American published an article "The Inconvenient Truth about Smart Cities" - Plans for more wired, networked, connected urban areas face challenges if they...
Annual IIoT Maturity Survey

Survey: Annual IIoT maturity survey – Adoption of IIoT in manufacturing, oil and gas,...

The survey provides an overview of the current state of IIoT adoption and prevailing industry attitudes towards IIoT, solution deployment progress, motivating factors, business objectives, and technology investment projections.
ACLU - Making Smart Decisions About Smart Cities

Guide: ACLU – Making Smart Decisions About Smart Cities

ACLU just published a guide on Smart Cities. It looks at how to balance the innovation with privacy risks and features a number of real-life case studies. From the intro: "In some cases, technological solutions to urban issues can reflect or even exacerbate racial or economic inequality rather than allocate city resources and services fairly. Technologies that collect information about residents and visitors can generate and expose deeply personal information or even be repurposed to function as surveillance tools..."
State of IoT 2018

New Report: Cradlepoint State of IoT 2018

New Cradlepoint Business Intelligence Report reveals the current IT practices, perceptions and future plans surrounding global Internet of Things (IoT) deployments. The findings of the underlying study revealed that even though over 69% of organizations have adopted, or plan to adopt, IoT solutions within the next year, 40% of companies have serious concerns around cybersecurity.
Forrester and ForeScout Research on IoT and OT Security Challengese

New Report: Forrester and ForeScout Research on IoT and OT Security Challenges

ForeScout commissioned Forrester Consulting to see if organizations can adequately and accurately secure their networks with the rise of IoT-connected devices. The study sheds additional insight into this issue that may be surprising...

Article: Smart Cities May Be The Death of Privacy As We Know It

Always excellent website Futurism just published an article on Smart Cities and Privacy - "Smart Cities May Be The Death of Privacy As We...