The world we live in is becoming more and more connected each day. Thousands of RFID and IoT devices are installed and this is making us more dependent on the Internet. If you take a look around, it will not be hard to deduce that almost all the gadgets surrounding us are not just connected with physical world but are also extended to the cyberworld. Our current world is no less than science fiction, in which anything can be controlled and used as per our convenience.
Just take the example of your phone and PC, you can connect them with each other and can be controlled with each other. A few of you may say that this is a good thing, it is evidence of how far we have come in the field of technology. However, reality is quite different! The dawn of cyber kinetic attacks has already began breaking and people are not even aware of “what are cyber kinetics or cyber kinetic attacks?” Are you one of those? If yes, you are at the best place to be as you’ll get a detailed explanation about cyber kinetic attacks here and proof that they exist and aren’t just a myth!
What Are Cyber Kinetic Attacks?
According to proceeding published by Scott D. Applegate, this “refers to a class of cyber-attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes.”
Simply put, any cyber-attack that can induce kinetic movements or motion is known as cyber kinetic attack. For instance, when attacker is able to gain access to control of a bullet train through a set of codes and command. The bullet train is moving and is capable of harming life and property. This type of attack comes under the category of cyber kinetic attack.
Growing Threat Of Cyber Kinetic Attacks
There is no denying the fact that Cyber-Physical Systems (CPSes) have made our life easy and convenient! For example, when you approached your car today, you were able to unlock its door automatically. The engine ignited, and the temperature was set in a way that you no longer feel uncomfortable. While you drove towards the destination, your car guided you about traffic and potential threat when any vehicle was too close to yours! Impressive right? But have you ever thought what will happen if anyone else gains access to these controls? CPSes have definitely made our life easy but they come with cyber-kinetic attacks. Finding CPSes that are compromised with malware or backdoors is not a hard nut to crack, however, finding vice versa of the same is a hard nut to crack. But are there any solid evidence which prove that this might be a threat?
Solid Evidence Which Prove Existence Of Cyber Kinetic Attacks
There are several instances which can be accounted here. A few of them are experimental and some are real-world validation. Read through the points given below and get to know about them!
This was conducted by Department of Homeland Security in 2007. In this, they attempted to check if it was possible to shut down a large generator. They created a replica of power plant and eventually they were successful by changing the operating cycle of the generator. It resulted into something catastrophic and can be used by attackers as well.
Hacking Medical Implants
In 2008, security professionals at Harvard found that the implants on human body such as pacemaker can be hacked, and this would result in drastic consequences. They revealed that they were successful because of wireless technology and carelessness of others. The devices are accessible remotely and need only username & password. In most of the cases, the serial number was the password and by hacking they could control the device as well as get their hands on patient data.
The framework which helped the researchers of University of Washington, Seattle and the University of California, San Diego in attacking and controlling a bus. This research was conducted in 2010 to check which parts of automobile can be hacked. They started with controlling the opening and closing doors but later found that the brakes could be disabled as well despite the speed.
Maroochy Water Services, Queensland Australia
An employee of Hunter Watertech, named Vivek Boden helped in installing a SCADA system for Maroochy Water Services. He later left the organization on bad terms and initiated his revenge plan. He was successful in hacking the system and released over 264,000 liters of raw sewage, over three-month time-period at different locations. This affected local lives and natural inhabitants adversely.
There are several more examples such as incident of Los Angeles Traffic Management Center Los Angeles California, and Tramways Lodz Poland, which proved that cyber kinetic attacks exist and can be used against anyone! These attacks are the deadliest threat against railway systems.
Railway Systems Are Vulnerable To Cyber Kinetic Threats Because
Out of all the other means of communication, railway systems have stayed under critical conditions for quite long! Also, they are responsible for carrying several people and tons of goods from one place to another. Their tracks have been spread to miles and they are usually mechanical systems. But now, even the railways are using open source software commercial off-the-shelf (COTS) control systems which is making the entire system highly vulnerable!
For example, in a study it was found that still those software are being used which are outdated and the manufacturers are no longer providing security patches for them. Moreover, hard coded passwords are used for remote systems. In shocking turn of events, it was found that the professionals have not yet isolated the passenger entertainment system and engineering system. This can cause debacles, but the worst part is these vulnerabilities do not go unnoticed.
Several experiments have been conducted to find scope of threats. The project named “Project Honeytrain” is the biggest example! In this a system similar to modern day railway system was designed to find out how attackers would react. It was detected that the system was attacked 2,745,267 times. Though they did not get ultimate control of the system, but they attacked repeatedly for the same. This depicted that attackers are not seriously concentrating on railway systems and thus it stays protected.
Why No Actions Are Being Taken?
If we consider the past mechanical control systems, they have always remained far from any kind of attack. The only threat they had to deal with was their own degrading performance. However, now everything is being digitized and the risk is comparatively more. The worst part is railways experience more vulnerabilities because of lack of adequate protocols that are to be implemented. Also, creating and implementing those protocols would cost a fortune and need too many reforms to operate seamlessly. Thus, government isn’t trying too hard to reform this! However, there are a few suggestions put up by experts. Curious to know what they are? Read further and know about them.
The individuals involved in the security of railways must be well aware of cyber kinetic attacks and consequences of the same. Also, they should break down the silos between IT and OT so that process of securing is not hard nut to crack.
There should be periodic assessment of risk so that no loophole sare left unpatched. Moreover, isolation of passengers’ entertainment system and operating system. Also, we need to find and mitigate risk of supply chain.
Must Read : What Is Cyber Insurance And Why Do You Need One?
There are several more ways to stay secure from cyber kinetic attack, but they all need significant reforms and huge investments. However, we cannot overlook the vulnerabilities and thus take small steps in order to secure the system. Although a full fledged paradigm is yet to be introduced, till then we can take a few steps so that we are not an easy target for anyone! What do you think about it?