By now, most people should understand the risks of being complacent with cyber protection—something widely discussed in last month’s featured article. Cybersecurity Ventures reports cybercrime will cost victims $9.5 trillion worldwide in 2024 and rise to $10.5 trillion by 2025. As enterprises continue to move toward total digitization, cyber threat actors see additional devices and systems as new opportunities to enter a network.
Like chess, the challenges of cybersecurity are knowing your vulnerabilities and the strengths of your opponents. And, like chess, they change each move. A weak point is found and exploited, that causes a response by repairing the weakness. If there is a lag between exploiting and repairing, serious harm can result. So, companies play at finding their own weaknesses before the other side, often hiring outside groups to do the work.
Cyber threat actors use various tactics to carry out cyberattacks, particularly social engineering attacks, phishing attacks, ransomware, DDOS (distributed denial of service) attacks, malware, etc. A successful attack not only costs a company money, but it can damage brand reputation and result in trade secrets or intellectual property being compromised.
And it’s not just the computer on the desktop that is vulnerable. It is our vehicles, equipment, and machines on land and on sea. For today’s feature, let’s take a closer look at the security of all the machines that move.
Charge or Retreat
EV (electric vehicle) charging stations are especially important to address as they become increasingly integrated into unified networks and deploy cloud infrastructure to communicate with both the grid and the vehicles. Connected home EV chargers are also a concern because they use less secure home Wi-Fi connections and could provide an attack vector into the user’s sensitive data. Ultimately, EV vendors need to design an incident respond plan that outlines clear strategies to contain damages, and provide a recovery roadmap, in case a breach happens.
How widespread is the EV ecosystem hacking concern? In February 2024, ABI Research reported a massive hack against EV charging infrastructure in Lithuania that caused the nation’s charging stations being taken offline. Russia-linked hacking group Killnet claimed responsibility for the attack that left 20,000 EV drivers without the means to charge their cars, and exposed sensitive driver information. The charging service provider, Ignitis ON, noted it does not store payment or bank information on its systems, but customer authentication tokens, names, emails and even license plates information were stolen. The company declared its OT (operational technology) infrastructure was secure but acknowledged it suspects hackers “have gained unauthorized access to the data of our EV charging service system, which operates in the cloud, and have taken the information of around 20,000 customers.”
While EVs themselves deploy complicated devices and high-tech software, some corners of the EV ecosystem include outdated technology that could pose threats, including to newer EV technologies in cars. For example, some of the protocols deployed by chargers that go back to the 1980s, such as the SNMPv1 protocol, may be deployed to gain unauthorized access to devices that are on an EV network. Version 1 of the protocol is especially vulnerable to unauthorized access, as it cannot authenticate and encrypt payloads, making it insecure for deployments in environments where security is a top priority.
An outdated protocol in the charging infrastructure could potentially threaten advanced EVs that depend on modern components, or disrupt services related to these vehicles, such as the shutdown of charging stations. The evolving landscape of threats against the EV ecosystem means stakeholders need to prioritize cybersecurity measures that treat all aspects of the ecosystem as equally important to avoid security lapses.
Service providers to EV customers need to first identify outdated infrastructure and vulnerable protocols to then upgrade them to newer and more secure technologies or versions, such as deploying SNMPv3 instead of older versions. Organizations in the EV ecosystem such as parts manufacturers, charging station operators, and EV software developers need to implement encryption mechanisms, access control best practices, and regular security audits to maintain a proactive security posture, rather than solely reacting to emerging threats.
Ships at Sea and Port
America is a maritime nation, bounded by oceans and gulfs. Its prosperity is linked to the integrated and extensive network of ports, terminals, vessels, waterways, and landside connections constituting the U.S. MTS (marine transportation system). This system supports $5.4 trillion worth of economic activity each year and contributes to the employment of more than 31 million Americans.
On Feb. 21, 2024, President Biden signed an Executive Order that will expand authorities for the USCG (U.S. Coast Guard) to ensure the Nation’s MTS is protected against malicious cyber activity. The Executive Order bolsters the USCG’s authorities to protect the MTS from acts of terrorism and conventional threats by explicitly addressing cyber threats. Pursuant to the Executive Order, the USCG now has express authority to respond to malicious cyber activity, including by:
- Requiring vessels and facilities to mitigate unsatisfactory cyber conditions that may endanger the safety of a vessel, facility, or harbor;
- Requiring the reporting of any actual or threatened cyber incidents involving or endangering any vessel, harbor, port, or waterfront facility to the USCG and Federal Bureau of Investigation; and
- Taking control of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure.
What Comes Next
As we move forward in the next era of work, we must consider how we secure all our machines. This includes computers, connected devices, and, yes, even machines that move.
Want to tweet about this article? Use hashtags #construction #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure #cybersecurity