Cybersecurity needed to reap benefits of IoT ... not the whirlwind
We've attended some interesting conferences in the last month on the intersection of cybersecurity and the Internet of Things (IoT) - Auto Cybersecurity, TU Auto Cybersecurity in Detroit and the National Labs on Critical Infrastructure Protection in Virginia.
The benefits of IoT are clear to everyone.
Hackers have brought familiarity with data breaches and identity theft to tens of millions of Americans, most of which are remedied with a year of credit reporting, a few fines and a payout from cyberinsurance. None of this has much troubled company stock prices or their brands.
IoT cyber attacks, however, could be much, much more damaging, including property damage, bodily injury and even death, affecting insurance premiums and likely driving industry re-defining lawsuits and mandatory cyber regulations.
Both the benefits and potential / theoretical drawbacks of IoT are most visible in the auto industry, where new IoT technologies once confined to concept cars or only the most deluxe models are increasingly to be found in popular, attractive and mass market new models.
The software platforms that drive infotainment systems, Automated Drive Assist (ADAS) technologies and full automation make modern vehicles not just smartphones with wheels but data centers on wheels, with 100 to 300 million lines of code (IEEE), on scores of processors from a wide supply chain tied to satellite, cell, Wi-Fi, BlueTooth and physical connections such as the OBD-II diagnostics port.
Both the insurance industry and regulators are responding proactively.
Cyberinsurance is one of the fastest growing categories in the insurance industry, expanding coverage from just data breach remediation, to include property and bodily injury (per the Betterley Report).
The FBI, DoT and NHTSA recently put out a Public Service Announcement around cybersecurity related safety risks with motor vehicles.
NIST is at the forefront of voluntary standards setting, with the Cybersecurity Framework (CsF) , building on NIST 800-53 rev 4, along with industry groups such as the Society of Automotive Engineers (SAE) and J3061.
RunSafe Security is one of the many US and international vendors working with IoT companies, suppliers and integrators to build defense in depth for systems, following best practices and standards to mitigate the risk of cyber attack.
RunSafe's Vehicle Guardian addresses cybersecurity for existing fleets of vehicles with a plug-in solution.
RunSafe's App and OS Guardian automatically hardens embedded systems in future model year vehicles, or in more general IoT systems, against the most common type of cyberattack -- memory corruption (per the MITRE CVE database of vulnerabilities).
NOTE - The Virginia State cruiser pictured was protected by Vehicle Guardian in recent tests.