1660601502980 Dinosaurfb

The truth can be scarier than fiction

Oct. 29, 2018
Cybersecurity is no trip to the movies; what can go wrong?

The premise of “Jurassic World” is that, if we fool around with nature and evolution, we may be stuck with the result, which would be dinosaurs cohabiting with us humans. The alternate thread suggests that, through DNA and cloning, we can create the ultimate warrior en masse as it kills anything and everyone in its path. While it may be far-fetched, the premise may be accurate.

Many Hollywood movies, such as “Robocop,” depict societal issues that create the need for the control of chaos, as well as the methods to do so. In Jurassic World, the control of the dinosaurs is done using various means, but not technology as such. In the Robocop world, it is pure technology.

The future is here and now, and, of course, what can go wrong?

Remember the Wired magazine article about two hackers taking control of a Jeep and basically crashing it into a ditch—however gently? There is also another hack whereby the hacker takes control of an airplane to prove it could be done. No harm, no foul?

What it shows is that it can be done. And then this.

A Yahoo article titled, "Killer robots are on the way, and they are a threat to humanity," discussed AI-driven technology that has the decision-making power on who lives or dies while this "device" is patrolling a border or part of a fighting brigade. It’s called a lethal autonomous weapon system (LAWS).

Again, I ask, “What can go wrong?”

While the LAWS won’t have an entertainment system to allow hackers to break into the system, there will be other interfaces that will provide a highway into the semiconductor mind of the LAWS to accomplish what we don’t know, but it can’t be good.

Security of artificial-intelligence (AI) systems is paramount based on what the AI is doing. Security of control systems is paramount because of what they control.

Enter the unified extensible firmware interface (UEFI), which replaces the “old” bios of most modern-day computers. Apple uses UEFI exclusively. Newer PCs will vary.

UEFI was developed to be secure, but now we know that, in the wild, a UEFI rootkit malware exists.

This is a problem for governments for sure, but for control systems? That is to be determined.

Referred to as LoJax, it can install malware before the OS loads, which means it is there for good and stealthily. The concern is that it has been done.

I have asserted in the past that one-door-to-the-floor cybersecurity has to be maintained for outside world access. However each and every piece of technology being used on the floor is vulnerable on the floor, so systems have to be put into place.

With Industry 4.0 coming on strong, security and systems are becoming more and more important. Did I mention that there are more than 72 specific security designations that one can have? One person or product cannot do it all. So maybe we rely on the vendors? Not likely.

I read an article about smart manufacturing and what it brings to the table and nowhere did it talk about the ability to make the systems more secure. While it is important to have interoperability between systems and devices, it seems that it is that interoperability that may need to be recognized and dealt with.

The Jeep and airplane hacks came in through the entertainment systems. “How could that happen?” you may ask. While that is above my pay grade, be it known that all systems “play” with each other at some level.

Dale Peterson is a cyber expert. In one of his latest missives, he talks about the industrial-control-system (ICS) detection market. The diagram he presented centered around asset management, which included passive network monitoring and vulnerability monitoring.

Consider that a process is a system with devices, with PLC/PAC/DCS controls, networks along with HMI and possibly myriad attached technology are no different than the Jeep as such, whereby the heart of the system can be accessed through any portal. This suggests that ICS security detection is paramount—what has changed in the system that is unauthorized?

Identifying when a control-system program has been changed without authorization may provide a simple level of asset management that Peterson talks about.

He goes on to talk about vendors who have detection solutions that do not address the asset-management model, indicating that all areas of detection are not present in any solution.

He concludes that the ICS-security-product—read abilities—business is not easy. Security information and event management (SIEM) is the up-and-coming field of ICS security. Coined in 2005, it may provide an entry point into the ICS police department that we so desire.

Funny how cloned dinosaurs, LAWS, Jeeps and control systems are so much alike. Funny in a scary way.

ALSO READ: DOD-backed DMDII Cyber Hub for Manufacturing enables cybersecurity technology

About the author: Jeremy Pollard

About the Author

Jeremy Pollard | CET

Jeremy Pollard, CET, has been writing about technology and software issues for many years. Pollard has been involved in control system programming and training for more than 25 years.

Sponsored Recommendations

High Sensitivity Accelerometers to Monitor Traffic and Railroad Vibration for Semiconductor Manufacturing

This paper examines highly sensitive piezoelectric sensors for precise vibration measurement which is critical in semiconductor production to prevent quality and yield issues....

Simulation for Automation Guide

How digital twin solutions are expanding the capabilities of plant engineers.

Enhancing HMI Security and Accessibility with Cloud VPN Solutions

Enhance HMI security and remote access with Beijer’s cloud VPN solution. Enjoy advanced encryption, easy setup, and secure access via laptops, smartphones, or tablets. Cut costs...

Motor Encoders: What They Are and How They Work

Motor encoders are rotary encoders adapted to provide information about an electric motor shaft's speed and/or position. Like rotary encoders, motor encoders are most commonly...