Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
Marin Ivezic -
Targeted cyber attacks against critical infrastructure (CI) are increasing on a global scale. Despite the common misconception in Canada, Canadian CI operators are being targeted too. Increasingly so. Canadian government and its agencies tasked with cyber securing the critical infrastructure are making great strides recently, but, in my opinion, they still lack behind Canada’s peer countries.
Canada’s rankings in innovation has lagged that of other peer nations for decades despite government efforts to address this issue. Considering its success in developing research programs at its universities and pioneering many of the emerging technologies currently transforming the world, its mediocre rankings overall in technology development is disappointing. Things appear to be turning around, however. New initiatives by government are encouraging not just R&D, but also the other steps needed to turn innovative ideas into innovative products. Most importantly, increased collaboration in technology fields are starting to move Canada forward in global leadership. We still have a long way to go, but we are at least now heading in the right direction.
IoT security also has to become contextual and adaptive; capable of changing to support rapidly morphing threat and business use cases; and has to cut across traditional silos of cybersecurity, health and safety, engineering and others. In the world in which after few decades of effort we are still losing cybersecurity battles daily, how can conscientious companies move forward with addressing new and significantly more complex IoT security threats?
Marin Ivezic -
With so many critical services enmeshed with smart cities, the attack surface is enormous and extremely vulnerable. The more technology is involved, the greater the vulnerability to infrastructure and city services. The time to act on securing our smart cities is now. The more that systems with vulnerabilities are incorporated, the greater is the risk to which city dwellers are exposed – and the more that we will have to catch-up in the future.
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
Railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components. Fully cyber-enabled railway systems offer attackers a range of vulnerabilities perhaps unmatched by any other type of industrial control system. And potential attackers are well aware of their opportunities, as few examples below demonstrate.
Making physical objects or systems “smart” is all the rage today. Terms like smart houses, smart cars, smart cities, smart grids, smart refrigerators and even smart hairbrushes pop up everywhere. But there’s something not smart in the way this trend is progressing. Securing smart systems is being often overlooked.
As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated.
The maritime industry faces a not-so-distant future when ships will be completely autonomous, using navigation data that they receive to plot their own courses with only minimal input from shoreside control centers. The efficiencies this could bring are massive, but before this happens, cybersecurity issues must be addressed. Not only are many vessels configured in ways that invite cyberattacks, but security practices also need to be improved before the industry can safely navigate its future.
Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being.
AI will encroach further into tasks previously done by humans. That is certain. It will do so not only in mundane, repetitive work, but also in highly specialized knowledge skills. The key to thriving in an AI-enabled environment is for leaders to grow in the human qualities AI can only mimic and not master. Motivating, mentoring, creativity, empathy and making genuine human connections with others – no matter their background – will be sorely needed to complement the computational and efficiency advancements AI will bring.