Recent global cyberattacks on power grids, pipelines, water systems, surveillance devices, and the software that runs them raise awareness of a threat impacting public health and safety without warning. While operational technologies (OT) that enable smart systems in buildings, cities, transportation, and infrastructure offer unprecedented opportunities to enhance the human experience, these cyber-physical systems (CPS) also are highly vulnerable to cyberattacks. A cyberattack on information systems can threaten the integrity of data, facilitate the theft of intellectual property, and invade privacy: but a CPS attack can threaten lives at work, at home, and in cars, by disabling the utilities and infrastructure we rely on daily for survival. A coordinated cyberattack on essential services and infrastructure in an urban area would have catastrophic results. Unfortunately, governments today do not have the resources to quickly respond to this exploding challenge.
- According to the World Economic Forum cites, cyber-attacks as No. 1 in the top 10 global business risks.
- Gartner, Inc., a leading research and advisory company, predicts that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023.
- Gartner also predicts that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024.
What are the benefits and challenges of the Internet of Things?
How can smart devices create risk?
How do we mitigate cyber safety risks?
What are unique attributes that need modeling and consideration when protecting cyber-physical security?
8 Things everyone should consider with their IOT and cyber physical security:
- OT needs to treat cyber security as a safety culture
- Start as far left in the design process as possible
- The risk owner is ultimately responsible for the safe operation of a building or an asset
- We need a Cyber Safety profession - just like we have Fire Marshalls
- Ask if you have dynamic access management for your cyber physical systems
- Come up with a written cyber incident response plan
- You can't eat the whole elephant at once, break it down into bite-sized pieces
- You need an inventory