As more levels of digitization become integrated into our daily lives, new threats from the vulnerabilities of interconnected technology has become more relevant and challenging. Carnegie Mellon conducts a deep overview of the latest tech trends and their potential security threats and their weaknesses. As technology evolves to encompass more cloud-based applications, it is the responsibility of the software development companies to ensure the safety and security of the products.
According to a report from the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) who also looks at the security weaknesses in our technology domains because of the interactions between the subcomponents. The US-CERT deep-dive into the trends through 2025. Their focus is on the potential cybersecurity impact of each domain. The information security community and companies that create software must be prepared to address emerging systemic susceptibilities within their applications and software products and systems.
The Carnegie Mellon report has highlighted the top technologies that pose a risk:
Blockchain: We can always speak to the challenges with security and risk with cryptocurrencies. Gartner, and other top research orgs have named blockchain as one of the top technology trends for 2018. The reports note unique security challenges with blockchain such as programming bugs or the vulnerabilities of the blockchain technology itself to undermine the usability of the cryptocurrency.
With any new technology, the adoption rate will influence the threats and the updates in security. Research to adopt is being conducted in this domain within multiple industries, this will increase its prominence within the hacker community.
Machine Learning. A fundamental component and integrated into many of the other emerging technologies, especially Artificial Intelligence (AI), researchers with CERT expect machine learning to be one of the most important and quick to be adopted tech trends in 2018 and beyond.
Real-world applications of machine learning and the accompanying technologies range from big data analytics and data mining to image processing, spam filtering, security applications such as highly intelligent intrusion detection systems and self-driving vehicles. This technology will enable the automation of intuitive reasoning and learning about data in the multitude of siloed databases, including pattern recognition and anomaly detection processes.
Robotic Surgery: is technology is practiced. There are two types of robotic surgery; robot-assisted and fully-autonomous procedures.
The potential benefits of robotic surgery have been proven by the ability to help the performance of complex procedures with greater precision and fewer complications then conventional surgery procedures. More than 3 million patients have been operated on using the da Vinci Surgery devices with great success.
Research has uncovered many vulnerabilities in surgical robots that could be exploited to create denial of service issues or potentially allow hackers to manipulate controls during procedures. Hospital networks are not secure enough to prevent security issues. Another issue within hospital and medical organizations are the challenge of connectivity with medical devices.
According to CERT researchers, the biggest risk would be with remote attacks on the networked communication with devices. Although cost is a factor, it should be the responsibility of medical device product manufacturers and the software development companies to ensure the product testing is robust and ensure the review the component datasheets to help isolate the weakness.
Intelligent transportation systems. The CERT 2016 Emerging Technology Domains Risk Survey named several emerging domains that connect with autonomous vehicles. While those domains are still highly relevant, they are increasingly co-mingling in what are called intelligent transportation systems (ITS). The benefits of these systems are not only to provide individual vehicles and users with information they need, but also to provide central authorities with the ability to better manage traffic at the macro level.
Although there have been vulnerabilities in individual components from self-driving cars to traffic lights, CERT is not aware of any exploitation now being tested or deployed in public. The impact of security compromises is similar to the impact for individual autonomous or connected vehicles, but on a larger scale.
Smart Robots: As machine learning and AI technologies grow and become more integrated into our digital ecosystem, smart robots will emerge that can learn from their environments and experiences and adapt and make informed decisions. Capabilities will continue to advance and it is highly reasonable to expect we will find smart robots affecting our lives on a larger scale alongside us or in place of human workers.
As this technology becomes more prominent in our daily lives, we will begin to uncover vulnerabilities that will impact our safety and have to make adjustments to their systems. It is not hard to imagine the financial, operational, and safety impact of shutting down or changing the behavior of manufacturing robots; delivery drones; service-oriented or military humanoid robots; industrial controllers; or, as previously discussed, robotic surgeons.
According to CERT researchers it is difficult to make general recommendations about smart robots as they are in their infancy. CERT researchers encourage vigilance and proactive engagement with industry, academia, and standards bodies.
Smart Buildings. This technology includes IoT sensors and data analytics to make commercial buildings more energy efficient, comfortable and safe. The systems that included in this efficiency upgrade to our commercial infrastructure are lighting, HVAC, security, and maintenance. The monitoring the multitude of sensors in these systems is responsible for efficiency gained from this technology.
The highest security risks in this field will involve safety- and security- related technologies, such as fire suppression, alarms, cameras, and access control. There have been noted vulnerabilities in specific systems, such as cameras and access control. As these systems become more interconnected and ubiquitous, we expect to see more compromises.
CERT researchers recommend communication between the manufacturers and technical research in smart building technologies, particularly safety- and security- related technologies.
Virtual Personal Assistants. An unprecedented benefit to business and the executives that run them is what will come from the virtual personal assistant (VPA) technology. This data-crunching application that mimics the skills and functions of a human assistant will continue to be adopted by more people.
Integrating and applying machine learning analytics for the evolving user data, VPAs can easily become the go-to technology for busy executives to improve task management and performance. As AI and machine learning continue to evolve and their functionalities continue to expand it will shape how users interact with their internet-connected systems.
The challenges and benefits will depend on access to data, making privacy a chief concern from a security perspective. Since VPAs will have access to large amounts of personal data, how a user’s information will be shared should be defined and security protocols should be integrated at the highest levels.
CERT researchers recommend obtaining and supporting awareness of the presence and data curation practices of emerging and established VPAs.
Internet of Things (IoT) Mesh Networks. As IoT networked devices continue to expand, mesh networks will become more significant. Mesh networks are decentralized networks that double as nodes from all the networked devices attached. The low-power and bandwidth requirements are some of what typically characterizes a mesh network; devices that do not remain in a fixed location is another characteristic.
By interfacing with traditional network technologies to obtain Internet connectivity, IoT mesh networks will extend the perimeter both as access points and as additional targets for exploitation. CERT researchers recommend engagement with the standards bodies and device vendors towards establishing and reinforcing good security practices and awareness.
The security challenges are similar to traditional wireless networking devices or access points. Also, they also carry risks based on device designs and their implementations of protocol-specific security features. Attacks can come from a single compromised device or other node in the mesh, as well as on home or business networks that act as Internet gateways
We all know about the benefits that improving security will provide. Approaches to these improvements can and should be adjusted to the specific nature of each domain. In many cases; communication is the best approach to improve the security of a technology; in other cases, improving the application’s technical vulnerabilities and full-discovery of said vulnerabilities.