The Cybersecurity Paradox in Operational Technologies
Presented at AtlSecCon 2018, “The Cybersecurity Paradox in Operational Technologies” examines the challenges facing today’s operational technologies as they are connected to the wider digital world.
My slides aren’t generally too useful if you haven’t seen the talk. They are very much designed to assist in the presentation of the material, but they also come in handy as a memory aid.
Here are the slides from the talk.
Here are the research papers mentioned in the talk;
- The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
- Trend Micro smart factory research;
- Smart Factory Security Part 1: Looking at the impact of poor cybersecurity in factories
- Smart Factory Security Part 2: What Management Should Know in Securing a Factory
- Smart Factory Security Part 3: Ransomware countermeasures for factory operations
- Smart Factory Security Part 4: Lessons Learned from the WannaCry Attack
- Rogue Robots, Testing the Limits of an Industrial Robot’s Security
- Exposed Devices and Supply Chain Attacks: Overlooked Risks in Healthcare Networks
- The Price of Health Records: Electronic Healthcare Data In the Underground
- Are Pagers Leaking Your Patients’ PHI?
During the talk, I made a number of references. Some were just to keep things light but I think they’re all interesting (which is why I said them). Here are those references;
- 2018-Mar-06 article from The Verge, “Uber’s self-driving trucks are now delivering freight in Arizona”
- 2014-Jun-04 article from Popular Science, “Robot Truck Convoy Tested In Nevada”
- the CAN bus (ISO-11898) standard for in-vehicle networks
- IBM X-Force Threat Intelligence Index
- 2017 Data Breach Investigations Report from Verizon
- U.S. Bureau of Economic Analysis reporting on U.S. GDP
- ICS-CERT Annual Vulnerability Coordination Report
- Investigation: WannaCry cyber attack and the NHS
- Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers: FDA Safety Communication
- ICS-CERT Advisory (ICSMA-17-241-01)
- FDA Proposes Action to Enhance Medical Device Cybersecurity