Author: Adam Kimmel
Imagine a cyber security physical attack breach that goes beyond stealing sensitive data—one that gives hackers control over physical objects. One that could lock down a city's water grid, tamper with implanted medical devices or force an autonomous vehicle off the road.
This is not science fiction. Cyber physical attacks are real—and as the Internet of Things expands, they're becoming a bigger threat.
What are cyber physical attacks?
Cyber attacks target computer systems, accessing sensitive data from a targeted computer and then usually either disabling or extracting it. But more and more items in the physical world are connected to computer systems through the internet. Cyber physical attacks target these items, augmenting breaches by directing the hacked thing to perform a deliberate action—with real physical consequences.
The variety of applications is staggering. Attackers could exploit control of a physical asset and ransom it for financial gain. They could hack smart construction equipment, delaying progress or damaging existing infrastructure. They could take control of an autonomous vehicle, causing havoc on city streets. They could compromise voting machines—and possibly change the outcome of an election.
With the IoT increasing the number and the reach of connected devices, a hacker compromising one device could create downstream errors in the data sent to another. The compounding errors would create a cascading effect, disabling more devices connected to the network.
Risks and solutions
No large-scale disasters have been attributed to cyber physical attacks. But there have been independent efforts that have caused significant injuries and property damage—such as a 2008 attack that derailed four tram trains in Poland and a 2021 attack on a water treatment plant in Florida.
Finding ways to protect the Internet of Things' extended surface against such attacks is critical. One of the best methods to prevent cyber physical attacks is to integrate robust security measures into connected device software. And performing more security testing during software development could help IT teams identify vulnerabilities before bad actors do.
Device manufacturers, software developers and network providers will need to work together to defend against physical attacks. Tracing the potential breach paths through IoT security credentialing—data encryption and user authentication—is the first step in preventing this severe and growing threat.
Keep your IoT endpoints secure with Verizon's IoT Security Credentialing platform.