Threats on the horizon: Understanding security threats in the era of cyber-physical systems
The Journal of Supercomputing, 2020•Springer
Disruptive innovations of the last few decades, such as smart cities and Industry 4.0, were
made possible by higher integration of physical and digital elements. In today's pervasive
cyber-physical systems, connecting more devices introduces new vulnerabilities and
security threats. With increasing cybersecurity incidents, cybersecurity professionals are
becoming incapable of addressing what has become the greatest threat climate than ever
before. This research investigates the spectrum of risk of a cybersecurity incident taking …
made possible by higher integration of physical and digital elements. In today's pervasive
cyber-physical systems, connecting more devices introduces new vulnerabilities and
security threats. With increasing cybersecurity incidents, cybersecurity professionals are
becoming incapable of addressing what has become the greatest threat climate than ever
before. This research investigates the spectrum of risk of a cybersecurity incident taking …
Abstract
Disruptive innovations of the last few decades, such as smart cities and Industry 4.0, were made possible by higher integration of physical and digital elements. In today’s pervasive cyber-physical systems, connecting more devices introduces new vulnerabilities and security threats. With increasing cybersecurity incidents, cybersecurity professionals are becoming incapable of addressing what has become the greatest threat climate than ever before. This research investigates the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The findings were that the majority of known actors were from the US and Russia, most victims were from western states and geographic origin tended to reflect global affairs. The most commonly targeted asset was information, with the majority of attack modes relying on privilege abuse. The key feature observed was extensive internal security breaches, most often a result of human error. This tends to show that access in any form appears to be the source of vulnerability rather than incident specifics due to a fundamental trade-off between usability and security in the design of computer systems. This provides fundamental evidence of the need for a major reevaluation of the founding principles in cybersecurity.
Springer