Critical infrastructure is frequently on my mind, especially the ICS/SCADA within the energy sector. I live in Texas; oil and natural gas are big here ya'll. I'm just a short distance away from multiple natural gas drilling sites. I cannot help but think about the risks during the extraction and transport of this natural gas. North Texas has seen an attempt to bomb the natural gas infrastructure. In 2012, Anson Chi attempted to destroy an Atmos Energy pipeline in Plano, Texas. As a security and risk professional, I wonder about the potential cyber impacts an adversary with Chi's motivations could have.
The Internet of Things (IoT) is a hot phrase right now, and every vendor is talking about the huge potential of continual connectivity and interaction with smart devices to optimize the asset and transform the customer experience. The potential is undeniably huge and developers are right to be excited, but it’s not all "hugs and puppies."
As S&R professionals, we have to balance the excitement of innovation with pragmatism and caution, and the IoT is a turmoil of innovation right now. With so much change, it can be difficult to focus in on the key issues, so let's choose an area where there has been a lot of discussion and hype for years (or even decades) but not much in the way of actual consumer adoption; let's use the "connected car" as an example to crystalize a few of the risk scenarios.
Picture courtesy of Dave Gray on Flikr
Today’s cars operate on computers, and mechanical functionality breaks down when the computer is not there to manage it. It’s not quite an aerodynamically unstable plane, such as the B-2, or indeed most modern fighter jets, which are kept in the sky by instantaneous computer feedback and corrections, but it’s not dissimilar. As we move toward the connected car, think through these scenarios: