The future of security: A combination of cyber and physical defense

Our increasingly connected world gives hackers even more ways to exploit technology for malicious purposes. We’re now entering a period when cyber attacks could cause major physical damage. To protect people from these combined cyber and physical threats, information security experts and law enforcement, which traditionally handles physical security, will have to share strategies.

After all, the boundaries between cyber and physical attacks are already blurring. In March, the U.S. Department of Justice claimed seven Iranians hacked the control systems of a small dam in New York state in 2013. The dam was offline for repair, preventing the hackers from controlling the flow of water. However, the incident demonstrated that hackers could take over infrastructure that was controlled by computers.

And, of course, there was the Stuxnet computer virus that stymied Iran’s nuclear program by targeting the centrifuges that enriched uranium. Stuxnet is considered the first program that showed how malware could cause physical damage.

With IoT, hacks gets physical

Now with more items gaining Web connectivity as part of the Internet of Things movement, the need to protect physical devices from hackers will only increase. Information security professionals will be called upon to make sure attackers can’t tamper with the brakes on our autonomous cars or hack our smart thermostats and turn off the heat in our home during the winter. Like I’ve said in previous columns, talking about these flaws, which researchers have already discovered, isn’t meant to spread fear. Raising these topics will hopefully result in security being included in a product’s development instead of being treated as an afterthought.

Read the full column in Network World.