PWSHub
Themes: Pagination size: Use the left or right arrow keys to navigate between pages 😉You can swipe to left or right to navigate between pages 😉

How to fix insecure operational tech that threatens the global economy

[venturebeat.com]1 week ago

November 24, 2022 10:07 AM

Concept illustration depicting city with "enterprise" buildings

Concept illustration depicting city with "enterprise" buildings

Image Credit: Westend61 via Getty

Today, with the rampant spread of cybercrime, there is a tremendous amount of work being done to protect our computer networks — to secure our bits and bytes. At the same time, however, there is not nearly enough work being done to secure our atoms — namely, the hard physical infrastructure that runs the world economy.

Nations are now teeming with operational technology (OT) platforms that have essentially computerized their entire physical infrastructures, whether it’s buildings and bridges, trains and automobiles or the industrial equipment and assembly lines that keep economies humming. But the notion that a hospital bed can be hacked — or a plane or a bridge — is still a very new concept. We need to start taking such threats very seriously because they can cause catastrophic damage.

Imagine, for instance, an attack on a major power generation plant that leaves the Northeast U.S. without heat during a particularly brutal cold spell. Consider the tremendous amount of hardship — and even death — that this kind of attack would cause as homes go dark, businesses get cut off from customers, hospitals struggle to operate and airports shut down.

The Stuxnet virus, which emerged more than a decade ago, was the first indication that physical infrastructure could be a prime target for cyberthreats. Stuxnet was a malicious worm that infected the software of at least 14 industrial sites in Iran, including a uranium enrichment plant.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

The Stuxnet virus has since mutated and spread to other industrial and energy-producing facilities all over the world. The reality is that critical infrastructure everywhere is now at risk from Stuxnet-like attacks. Indeed, security flaws lurk in the critical systems used in the most important industries around the globe, including power, water, transportation and manufacturing.

Built-in vulnerability

The problem is that operational technology manufacturers never designed their products with security in mind. As a result, trillions of dollars in OT assets are highly vulnerable today. The vast majority of these products are built on microcontrollers communicating over insecure controller area network (CAN) buses. The CAN protocol is used in everything from passenger vehicles and agricultural equipment to medical instruments and building automation. Yet it contains no direct support for secure communications. It also lacks all-important authentication and authorization. For instance, a CAN frame does not include any information about the address of the sender or the receiver.

As a result, CAN bus networks are increasingly vulnerable to malicious attacks, especially as the cyberattack landscape expands. This means that we need new approaches and solutions to better secure CAN buses and protect vital infrastructure.

Before we talk about what this security should look like, let’s examine what can happen if a CAN bus network is compromised. A CAN bus essentially serves as a shared communication channel for multiple microprocessors. In an automobile, for instance, the CAN bus makes it possible for the engine system, combustion system, braking system and lighting system to seamlessly communicate with each other over the shared channel.

But because the CAN bus is inherently insecure, hackers can interfere with that communication and start sending random messages that are still in compliance with the protocol. Just imagine the mayhem that would ensue if even a small-scale hack of automated vehicles occurred, turning driverless cars into a swarm of potentially lethal objects.

The challenge for the automotive industry — indeed for all major industries — is to design a security mechanism for CAN with strong, embedded protection, high fault tolerance and low cost. That’s why I see massive opportunity for startups that can address this issue and ultimately defend all our physical assets — every plane, train, manufacturing system, and so on —from cyberattack.

How OT security would work

What would such a company look like? Well, for starters, it could attempt to solve the security problem by adding a layer of intelligence — as well as a layer of authentication — to a legacy CAN bus. This kind of solution could intercept data from the CAN and deconstruct the protocol to enrich and alert on anomalous communications traversing OT data buses. With such a solution installed, operators of high-value physical equipment would gain real-time, actionable insight about anomalies and intrusions in their systems — and thus be better equipped to thwart any cyberattack.

This kind of company will likely come from the defense industry. It will have deep foundational tech at the embedded data plane, as well as the ability to analyze various machine protocols.

With the right team and support, this is easily a $10 billion-plus opportunity. There are few obligations more important than protecting our physical infrastructure. That’s why there is a pressing need for new solutions that are deeply focused on hardening critical assets against cyberattacks.

Adit Singh is a partner of Cota Capital.

https://venturebeat.com/security/how-to-fix-insecure-operational-technology-threatens-global-economy/

Related articles:

[computerworld.com] Meta teaches an AI to lie, strategize[cnet.com] Secret Alexa Deals: Every Black Friday, Amazon Hides a Few in Your Echo[cnet.com] Wow, $80 for a 2022 Insignia Fire TV? Amazon Ain't Playing Around[arstechnica.com] Oxford scientists crack case of why ketchup splatters from near-empty bottle[cnet.com] 14 Black Friday Deals That Aren't Gonna Be in Stock Long