According to a new report by IBM, consumers are taking cybersecurity issues seriously, with 56 percent stating that security and privacy will be a key factor in future vehicle purchasing decisions. This is leading automakers to take a hard look at potential points of exploitation, suspicious behavior, and response systems.

As technology advances, cars are becoming much more than just a mode of transportation. Stocked with sensors and computers, your vehicle acts as a kind of moving data center. With the rise of the Internet of Things, car technology is also being integrated with outside devices. While this seamless experience is beneficial in many ways for consumers, it also opens up vulnerabilities in technologies capable of being compromised and hacked.

(more…)

By: Manimaran Govindarasu, Iowa State University and Adam Hahn, Washington State University

GridCalled the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines and millions of miles of low-voltage distribution lines. This web of generators, substations and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities.

The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity. As the grid has become more dependent on computers and data-sharing, it has become more responsive to changes in power demand and better at integrating new sources of energy. But its computerized control could be abused by attackers who get into the systems.

Until 2015, the threat was hypothetical. But now we know cyberattacks can penetrate electricity grid control networks, shutting down power to large numbers of people. It happened in Ukraine in 2015 and again in 2016, and it could happen here in the U.S., too.

As researchers of grid security, we know the grid has long been designed to withstand random problems, such as equipment failures and trees falling on lines, as well as naturally occurring extreme events including storms and hurricanes. But as a new document from the National Institute of Standards and Technology suggests, we are just beginning to determine how best to protect it against cyberattacks.

(more…)

By: Jungwoo Ryoo, Pennsylvania State University

Cyber securityCybersecurity concerns crop up everywhere you turn lately – around the election, email services, retailers. And academic institutions haven’t been immune to security breaches either. According to a recent report by VMware, almost all universities (87 percent) in the United Kingdom have been the victims of cyber crime. In general, from 2006 to 2013, 550 universities suffered data breaches. When higher ed breaches occur, attackers typically steal student information, intellectual property or research data. Among the criminals behind these attacks are nation-states and organized crime groups motivated by the economic gain.

A common knee-jerk reaction to a cyberattack – wherever it happens – is to clamp down on access and add more security control. For example, in 2005 after a major attack against a credit card processor affected 40 million customers, there were urgent calls for new mandatory encryption standards in the U.S. Senate. As paranoia sets in, a sense of urgency to do something about a possible next attack takes over, just like what happened in the University of California system. After a 2015 hack, the university administration started monitoring user traffic without consulting faculty and students (not to mention receiving their consent), resulting in a huge backlash.

As is so often the case, too much of anything is not good. Cybersecurity is a delicate balancing act between usability and countermeasures designed to reduce or prevent threats. A one-size-fits-all, or Procrustean, approach usually leads to lower productivity and a large group of unhappy users. And it’s particularly tricky to get the balance right in an academic setting.

(more…)