Coming Closer and Closer to You

December 8, 2015
CyberPhysicalHuman: Post by Peter Sheingold, Bob Martin, Chris Folk, Emily Frye, and Bobbie Stempfley
CyberPhysicalHuman Authors

In the spring, we published a series of eight articles about how the homeland security mission space needs to consider the blurring boundaries between cyber, physical, and human. A number of recent events have illustrated how the gaps between cyber, physical, and human are shrinking, and we are pleased to share some additional thoughts over the next few weeks in three new posts.                           

News Reports about Cyber Attacks and Physical Harm

Recent news reports demonstrate how in today’s interconnected CyberPhysicalHuman world, cyber-attacks are coming closer and closer to causing physical harm to humans and mission critical functions associated with our infrastructure. Three items in particular caught our eyes:

  • In late 2014, we learned how a cyber-attack could impact physical infrastructure when the German government reported about a cyber-attack against a German steel mill, which resulted in massive physical damage to a furnace that was used to turn raw materials into metal.

In the summer of 2015, we learned about two other cases which demonstrated how cyber-attacks could put human safety at risk.

  • Wired Magazine reported that researchers remotely hacked a Jeep while it was being driven by the reporter and took control of its dashboard functions, steering, transmission, and brakes. Chrysler (the maker of Jeep) issued a voluntary recall of 1.4 million vehicles to address the cyber vulnerability and two U.S. Senators introduced legislation that would require development of digital security standards for cars and trucks.
  • The U.S. Food and Drug Administration (FDA) issued a safety alert recommending that hospitals and other health care facilities discontinue use of a certain type of pump that delivers medicine to patients. Why? The pump had a cyber-vulnerability that, if exploited, could allow an unauthorized person to remotely control the device and change the dosage of medication the pump delivers to a patient.

The growing capabilities of CyberPhysicalHuman devices and their ability to directly affect—even harm—people makes it increasingly important that we bring greater focus on their safety, security, and resilience.

This installment of our ongoing series about the CyberPhysicalHuman world examines an important evolution in computing: the convergence of information technology with operational technology and its implications for how we assure the safety, security, and resilience of devices and systems which could cause physical harm to people and infrastructure.

Convergence of Information and Operational Systems

Computers can do many things, often in two broad categories of capabilities. In one category—information systems—computers provide and store information that people use, often to make decisions. In the other category—operational systems—computers operationally control other systems that produce something or that can have an impact in the physical world. These two broad categories—information systems and operational systems—have historically been seen as separate.

Previously, information and operational systems were often developed, managed, and secured separately. Operational systems, which are often used in industries such as electric, water, transportation, and manufacturing to control production systems, were not usually networked to outside information systems. In the past, therefore, a cyber-attack on information systems would be unlikely to put operational capabilities at risk and would be unlikely to physically harm people or property.

These assumptions have changed as information and operational systems are increasingly converged and distinctions between the two categories of computing capabilities are disappearing. As a result, the CyberPhysicalHuman world will increasingly include converged systems that both inform human decision making and control elements in the physical world. This convergence is not an unintended consequence. Rather, the decision to link information and operational capabilities is intended to improve productivity and enable more responsive service delivery.

Computing capabilities that can impact the physical world are located not only in factories, but are, or will be, located in our cars, our homes, and our bodies. Now back to the headlines.

The German steel mill attack illustrates how interconnections between information and operational systems can be exploited. The attacker infiltrated the steel mill through a spear phishing email on the corporate network (i.e., an information system) through which the attacker accessed a production network (i.e., an operational system) and executed the attack. The German government noted that the attacker had strong knowledge of both information technology and industrial control security and production processes.

The Jeep experiment demonstrates how computing systems that we might not have assumed were interconnected are now being interconnected in devices (such as vehicles) that we use in our daily lives. The researchers exploited a vulnerability in an internet-connected computer feature that controls the vehicle's entertainment and navigation, enables phone calls, and offers a Wi-Fi hot spot. Once they gained access to the vehicle's internal computer network, known as a CAN bus, the researchers were able to send commands to its physical components like the engine and wheels.

Finally, the medical device alert shares elements of both previous examples. Like the Jeep experiment, it demonstrates how systems can physically impact humans in their day-to-day lives. Like the German Steel mill attack, it demonstrates how information and operational systems are increasingly connected. While the pump performed an operational function (i.e., distributing medicine to a patient) it was remotely hackable because it could communicate with the hospital information system over facility networks.

What needs to be done so that everyone can enjoy the benefits of CyberPhysicalHuman systems and still have a reasonable expectation of their safety, security, and resilience? In our next article we will discuss this question by stepping back in time to see what we can learn from ancient legal codes and a fire that nearly destroyed a city.

Original Series

  1. The CyberPhysicalHuman World of Homeland Security
  2. Convergence: A Recent History
  3. Risk: Focus On Your Main Thing(s)
  4. Applying Ancient Wisdom to Help Manage Modern Risks
  5. Resilience Is a Team Sport
  6. Resilience, Moving Beyond Sectors
  7. Enabling Effective Collaboration with Shared Threat Information
  8. Wrapping It Up and Moving Forward
  9. Coming Closer and Closer to You
  10. More Ancient Wisdom for Today's CyberPhysicalHuman World
  11. There is No One-Size Fits All Approach to the CyberPhysicalHuman World