Top 12 Cybersecurity Topics in 2024 - Part 3 of 4
This week let's talk about a few industries and focus areas. The world is changing quickly and some industries need to keep up, and others we just need to try to keep an eye on!
More organizations are now be considered system integrators, (e.g., auto manufacturers, home builders, etc.), we can no longer assume that anything is secure just because it sits behind a shell of security. Looking back at the CANBUS attacks, we see that hackers exploit places we typically haven’t thought to protect, and are using the complex integrations among numerous systems to introduce unexpected states into the devices they target. It’s not JUST auto makers who need to catch up. It is also aircraft makers, commercial and residential builders and anyone else purchasing technology from various suppliers and combining them into a turnkey solution. Just because technology sits behind sheet metal, sheet rock or (I really wish I could find a third sheet analogy here :-) ) doesn't mean it is secure.
We’re going to need more digital twins (and test environments)—the kind that cell phone companies use to test phones, relays, base stations and other products companies want to put on their network is a great example. Verizon has even turned this service into a business. Other companies will need to do the same with their products and production environments – using them to quickly test patches, changes and upgrades and that's just maintenance. Digital twins will also need to be used for fuzzing. Organizations should either encourage internal teams to take a hacker’s perspective to their products and systems or follow the lead from Microsoft in the Blue Hat days by bringing in hackers to inject their unique perspectives and tactics into the development, production and product deployment.
And finally for this week…quantum. The field is growing larger with the increasing number of organizations building their own computers. Now is the time to start thinking of attacks on quantum computing—never mind the “cryptography-Shor’s-algorithm” aspect of it, though organizations need to be quantum prepared and have crypto systems that can easily swap out/in algorithms as crypto changes / improves. But more importantly, it will be key for quantum computer owners to consider how we disrupt or change the results given to us by quantum computers. Can we inject noise or interference into them, or negatively impact the controlling computers to adjust parameters to generate answers we think are correct, but are in fact wrong and potentially harmful?