Physical Damage From Cyber Attack – A Growing Risk
As far back as 2002 there have been warnings of a “Cyber Pearl Harbor” – a government or government-sponsored cyber attack on the United States with physical damage consequences. Although nothing on that scale has happened, in a post on forbes.com Taylor Armerding warns that physical damage from smaller but still lethal attacks is a growing threat.
As Armerding writes in https://www.forbes.com/sites/taylorarmerding/2019/02/27/the-cyberphysical-convergence-is-accelerating-so-are-the-risks/#2b0411b779a0, the Internet of Things has become more like the “Internet of Everything”. In its 2018 Data Breach Investigations Report, Verizon found that more than one of every ten data breaches in 2017 had a physical component. It’s not much of an exaggeration to say that “everything is a computer”.
Some of the possibilities Armerding cites:
- Pen Test Partners documented how a hacker could capsize a cargo ship.
- Forbes reported that hackers in Italy used a laptop to transmit code and take control of construction cranes and other large machinery.
- An electric scooter manufactured in China did not have a properly validated password; a remote attacker could send commands to interfere with the vehicle.
Elsewhere it has been reported that sensitive medical devices are vulnerable to hacking, with possible life threatening consequences.
Experts agree that security must be built into the software that operates connected devices. Defense systems must address artificial intelligence, smart technologies and universal networking. So far developments in cyber security have not kept pace with the speed of IoT convergence.
Government cybersecurity mandates have focused on privacy and protection of personally identifiable information. California has recently required IoT manufacturers to utilize “reasonable” security measures, which likely will lead to disputes over what is reasonable. Most likely, it will take a major lawsuit alleging physical damage due to inadequate security to improve practices. Hopefully the triggering incident will not cause any fatalities.