Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
Targeted cyber attacks against critical infrastructure (CI) are increasing on a global scale. Despite the common misconception in Canada, Canadian CI operators are being targeted too. Increasingly so. Canadian government and its agencies tasked with cyber securing the critical infrastructure are making great strides recently, but, in my opinion, they still lack behind Canada’s peer countries.
Canada’s rankings in innovation has lagged that of other peer nations for decades despite government efforts to address this issue. Considering its success in developing research programs at its universities and pioneering many of the emerging technologies currently transforming the world, its mediocre rankings overall in technology development is disappointing. Things appear to be turning around, however. New initiatives by government are encouraging not just R&D, but also the other steps needed to turn innovative ideas into innovative products. Most importantly, increased collaboration in technology fields are starting to move Canada forward in global leadership. We still have a long way to go, but we are at least now heading in the right direction.
IoT security also has to become contextual and adaptive; capable of changing to support rapidly morphing threat and business use cases; and has to cut across traditional silos of cybersecurity, health and safety, engineering and others. In the world in which after few decades of effort we are still losing cybersecurity battles daily, how can conscientious companies move forward with addressing new and significantly more complex IoT security threats?
If you’ve read the many predictions about the future of AI, you’ve likely found them to be wildly different. They range from AI spelling doom for humanity, to AI ushering in Golden Age of peace, harmony and culture, to AI producing barely a blip on society’s path toward ever-greater technological achievement. Those three views – dystopian, utopian and organic – present issues we need to consider as we move deeper toward an AI-integrated future. Yet they also contain exaggerations and false assumptions that we need to separate from reality.
With so many critical services enmeshed with smart cities, the attack surface is enormous and extremely vulnerable. The more technology is involved, the greater the vulnerability to infrastructure and city services. The time to act on securing our smart cities is now. The more that systems with vulnerabilities are incorporated, the greater is the risk to which city dwellers are exposed – and the more that we will have to catch-up in the future.
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
Railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components. Fully cyber-enabled railway systems offer attackers a range of vulnerabilities perhaps unmatched by any other type of industrial control system. And potential attackers are well aware of their opportunities, as few examples below demonstrate.
As our cities, our transportation, our energy and manufacturing – our everything – increasingly embrace Internet of Things (IoT) and Industrial Controls Systems (ICS), securing its underlying cyber-physical systems (CPS) grows ever more crucial. Yet, even among engineers and cyber security specialists, one potential attack trajectory is often overlooked: Intentional Electromagnetic Interference (IEMI).
Making physical objects or systems “smart” is all the rage today. Terms like smart houses, smart cars, smart cities, smart grids, smart refrigerators and even smart hairbrushes pop up everywhere. But there’s something not smart in the way this trend is progressing. Securing smart systems is being often overlooked.
As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated.
The maritime industry faces a not-so-distant future when ships will be completely autonomous, using navigation data that they receive to plot their own courses with only minimal input from shoreside control centers. The efficiencies this could bring are massive, but before this happens, cybersecurity issues must be addressed. Not only are many vessels configured in ways that invite cyberattacks, but security practices also need to be improved before the industry can safely navigate its future.