How secure are the smart systems in our homes? How can we ensure that tomorrow’s digital solutions in the logistics, automotive and healthcare industries are secure from cyber attacks? The TÜV Rheinland’s “Cybersecurity Trends 2020” report takes another look at the security risks of the digital transformation, with a particular focus on operational technology (OT) and the Internet of Things (IoT).
In this era of digital transformation, cyber attacks are a real and growing risk. The ever-closer relationship between cybercrime and physical security has consequences – not just for businesses but also for individuals, society and the environment. Cyberspace and the physical world are merging – and the digital world is coming under threat from cyber attacks.
Trend number 1: Data loss can destabilize the digital society
Today’s companies collect more than just the names, addresses, occupation and purchasing power of their customers. They create detailed profiles. These can include information on their political leanings, for example, or their social activities. They frequently share large volumes of personal data with third parties, sometimes recklessly and without checking what the data will actually be used for. The data subjects who have not given their consent to the use of their data by third parties are often not informed. Since the General Data Protection Regulation (GDPR) came into force in the EU, the subject of data ethics has become an increasingly important issue. When the unauthorized processing or transfer of data is uncovered, it is sanctioned – in some cases with heavy fines.
Trend number 2: Intelligent supply chains are the hackers’ preferred target
Automation, robotics and big data management in the Internet of Things (IoT) make intelligent supply chains more efficient and cost-effective. Companies and their suppliers both use them. An increasing number of smart solutions are making use of virtual elements – digitally mapping the entire locational and chronological history of a product or component, for example. They employ a dynamic and efficient model, but even small glitches can cause disruption. As a result, attacks on digital supply chains increase the likelihood of financial losses.
Trend number 3: Smart devices are being introduced faster than they can be protected
“Intelligent” versions of loudspeakers, fitness trackers, smartwatches, thermostats, electricity meters, security cameras, door locks, lights and many other products are now available – driving the unstoppable expansion of the Internet of Things in our society. The number of smart devices and their functionality grows each year. Both society and business are becoming more reliant on these devices, and this makes them a target for cybercriminals
Trend number 4: Cyber threats to shipping are on the increase
Ransomware attacks on ships’ onboard computer networks and on port logistics systems have shown how vulnerable our shipping industry is. There is also ample evidence that governments are experimenting with cyber attacks on navigation systems. The monitoring and interpretation of cyber attacks has therefore become an essential part of ensuring the security of the shipping industry
Trend number 5: Bugs in real-time operating systems are difficult to fix
Forecasts put the number of IoT devices at over 75 billion by 2025. In 2019, Armis Labs discovered eleven serious vulnerabilities in Wind River’s VxWorks real-time operating system. At the present time, an estimated 200 million IoT devices are still at risk of remote manipulation. Fixing these vulnerabilities is an immense challenge, as they are often deeply embedded in products.
Trend number 6: Smart medical devices are a source of risk to the healthcare system
Over the past decade, medical devices like insulin pumps, heart and glucose monitors, cardioverter defibrillators and pacemakers have been connected to the Internet. The trend is known as the Internet of Medical Things (IoMT). “Proof-of-concept” attacks have shown that existing vulnerabilities allow targeted attacks on individuals or even entire product classes. This poses a risk to confidential patient information.
Trend number 7: Cyber attacks are targeting vehicles and the transport infrastructure
Vehicles and the transport infrastructure are becoming increasingly interconnected. New software applications offer users more flexibility and functions, and improve road safety. We also seem to be speeding towards a world where autonomous driving is the norm. However, as these new applications grow in complexity, so their vulnerability increases. Large-scale cyber attacks could not only endanger the safety of individuals but could also have disastrous consequences for the transport system. For example, during the Triton malware attack on a Middle Eastern infrastructure company, it was only malfunction of the malware that prevented serious consequences for people and the environment. The growing number of incidents of this nature are a sure sign that the physical and digital worlds are continuing to converge. New threats to people, society and the environment will inevitably follow.
TÜV Rheinland’s Cybersecurity Trends 2020 Whitepaper shows how these threats can appear – in different industries and in our private lives. From data ethics to product engineering and the automation of industrial processes, through to intelligent transport systems.