Understanding cyber-physical security's relevance

"Cyber-physical" describes an environment where machines operate automatically and rapidly based on real-time feedback and understanding the characteristics in this new, evolving environment is vital.

09/16/2015


"Cyber-physical" is an appropriate term to capture a new environment we are entering, where machines operate automatically and rapidly based on real-time feedback. For product managers, who merge the engineering of a solution with customer and market needs, understanding implications of cyber-physical can be critical. It is these leaders who will determine how tightly to secure equipment communication modules, whether or not to include access such as Wi-Fi, and most importantly, whether to sacrifice convenience for security (rarely a good choice).

Pulse of cyber-physical security

Why does understanding cyber-physical characteristics matter? Consider how many critical services that the broader population relies on are, in fact, dependent upon cyber-physical interactivity. It's difficult to pinpoint a more immediate example to our lives than heart pacemakers. More than three million people rely on pacemakers every day, and 600,000 new implants are performed each year, according to the American Heart Association. These cyberphysical devices not only manage electrical impulses in the human body, but they can also connect to external, remote systems for diagnosis and adjustments. Security takes on new meaning when you consider how and where these cyberphysical systems reside. Another set of cyberphysical systems delivers our electricity, which we ambitiously consume at approximately 18,000 TerraWatts a year. How many of us can go 60 minutes without an electrical charge to our cell phones? Smart meters, not to mention power generation control systems, play a part in delivering this critical energy service.

Moving forward, we can envision a host of additional cyberphysical systems beyond these two examples, managing and impacting our daily lives. Many have seen self-driving cars, which are expected to grow at 134% CAGR in the next five years. Or consider home automation systems and maritime cargo monitoring. As a security specialist, while I anticipate great reward from these new types of cyber-physical systems, I also envision the need for better protection. The dependency on cyber-physical systems exposes the broader population to a variety of risks. This is one of many reasons we want to ensure product managers, designers, R&D, and anyone managing such product deliveries understands how seriously to prioritize and adapt security for the cyber-physical era. The earlier they build in considerations for the behavior and usage of cyber-physical, the earlier vulnerabilities and product misuse possibilities can be phased out.

Changing approach to security

While I will outline some of these risks, be assured that my follow up column will discuss solutions. My intent is to help readers visualize the relevance of cyber-physical systems in day-to-day lives, as background to why new approaches to security are required. And while our researchers handle very targeted and device-specific vulnerabilities behind closed doors, I will discuss in public only broad strokes of exposure, rather than risk proliferating any attack specifics. Researchers have already performed "jail break" attacks to take over these devices.

Product managers will always be up against market pressures to deliver their product first, and it's likely quite a few can cite examples there they had to trade off convenience and price for limited protection. In some cases, it might not even be a conscious design decision. But considering our growing dependency on cyber-physical systems, this trade off can have severe consequences.

In other industries, it is less a competitive push to reach a consumer market triggering risks than it is a status quo about what constitutes a secure product.

In the energy sector, offshore oil rigs were once "air gapped" and not connected to other systems. We all know today that is not the case, with remote access and multiple contractor entry points. Similarly today, devices from as far afield as transportation and government services have a status quo to prioritize physical security first. Will seatbelts cause more injuries or save more lives, for example, or how will devices from state clinics affect the medical condition of citizens?

As cyber merges with the inside of vehicles and operating rooms, product security needs a new perspective. Has the system been tested against remote control access through Wi-Fi and USB penetration? If a cyber-physical device receives false commands, what are the implications for those relying on such systems?

Such examples are initial illustrations representing the changing aspects of risk we are exposed to as we enter the cyber-physical era.

The high level of machine-to-machine interactivity, the speed of sharing real-time information automatically, and the trade off of convenience for security in product lifecycle management all contribute to new levels of risk as cyber-physical systems emerge. Considering our increasing dependence on these critical systems, it is imperative to train and inspire product managers to share security knowledge and prioritize new cyber-physical security models. In my next column, I will illuminate options for how we can move forward, including implementing security measures much earlier in the design lifecycle.

- Nate Kube is the founder and chief technology officer at Wurldtech Security Technologies. This article originally appeared on ISSSource. ISSSource is a CFE Media content partner. Edited by Joy Chang, Digital Project Manager, CFE Media, jchang@cfemedia.com.



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me