The truth can be scarier than fiction

Cybersecurity is no trip to the movies; what can go wrong?

By Jeremy Pollard, CET

The premise of “Jurassic World” is that, if we fool around with nature and evolution, we may be stuck with the result, which would be dinosaurs cohabiting with us humans. The alternate thread suggests that, through DNA and cloning, we can create the ultimate warrior en masse as it kills anything and everyone in its path. While it may be far-fetched, the premise may be accurate.

Many Hollywood movies, such as “Robocop,” depict societal issues that create the need for the control of chaos, as well as the methods to do so. In Jurassic World, the control of the dinosaurs is done using various means, but not technology as such. In the Robocop world, it is pure technology.

The future is here and now, and, of course, what can go wrong?

Remember the Wired magazine article about two hackers taking control of a Jeep and basically crashing it into a ditch—however gently? There is also another hack whereby the hacker takes control of an airplane to prove it could be done. No harm, no foul?

What it shows is that it can be done. And then this.

A Yahoo article titled, "Killer robots are on the way, and they are a threat to humanity," discussed AI-driven technology that has the decision-making power on who lives or dies while this "device" is patrolling a border or part of a fighting brigade. It’s called a lethal autonomous weapon system (LAWS).

Again, I ask, “What can go wrong?”

While the LAWS won’t have an entertainment system to allow hackers to break into the system, there will be other interfaces that will provide a highway into the semiconductor mind of the LAWS to accomplish what we don’t know, but it can’t be good.

Essentials Guide — The "IIoT-Ready" machine

Security of control systems is paramount because of what they control.

Security of artificial-intelligence (AI) systems is paramount based on what the AI is doing. Security of control systems is paramount because of what they control.

Enter the unified extensible firmware interface (UEFI), which replaces the “old” bios of most modern-day computers. Apple uses UEFI exclusively. Newer PCs will vary.

UEFI was developed to be secure, but now we know that, in the wild, a UEFI rootkit malware exists.

This is a problem for governments for sure, but for control systems? That is to be determined.

Referred to as LoJax, it can install malware before the OS loads, which means it is there for good and stealthily. The concern is that it has been done.

I have asserted in the past that one-door-to-the-floor cybersecurity has to be maintained for outside world access. However each and every piece of technology being used on the floor is vulnerable on the floor, so systems have to be put into place.

With Industry 4.0 coming on strong, security and systems are becoming more and more important. Did I mention that there are more than 72 specific security designations that one can have? One person or product cannot do it all. So maybe we rely on the vendors? Not likely.

I read an article about smart manufacturing and what it brings to the table and nowhere did it talk about the ability to make the systems more secure. While it is important to have interoperability between systems and devices, it seems that it is that interoperability that may need to be recognized and dealt with.

The Jeep and airplane hacks came in through the entertainment systems. “How could that happen?” you may ask. While that is above my pay grade, be it known that all systems “play” with each other at some level.

Dale Peterson is a cyber expert. In one of his latest missives, he talks about the industrial-control-system (ICS) detection market. The diagram he presented centered around asset management, which included passive network monitoring and vulnerability monitoring.

Consider that a process is a system with devices, with PLC/PAC/DCS controls, networks along with HMI and possibly myriad attached technology are no different than the Jeep as such, whereby the heart of the system can be accessed through any portal. This suggests that ICS security detection is paramount—what has changed in the system that is unauthorized?

Identifying when a control-system program has been changed without authorization may provide a simple level of asset management that Peterson talks about.

He goes on to talk about vendors who have detection solutions that do not address the asset-management model, indicating that all areas of detection are not present in any solution.

He concludes that the ICS-security-product—read abilities—business is not easy. Security information and event management (SIEM) is the up-and-coming field of ICS security. Coined in 2005, it may provide an entry point into the ICS police department that we so desire.

Funny how cloned dinosaurs, LAWS, Jeeps and control systems are so much alike. Funny in a scary way.

ALSO READ: DOD-backed DMDII Cyber Hub for Manufacturing enables cybersecurity technology

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments