Cyber Physical Systems are Improving to the Benefit of Many


Posted on by Robert Ackerman

A few years ago, a big jolt slammed America. Colonial Pipeline, one of the biggest energy companies in the world, was hit by a ransomware attack that stirred chaos across half of the country. Gas deliveries on the East Coast stopped, creating shortages at the pump and a gas price spike. The company was forced to pay millions of dollars in ransom to erase the attack.

This was a compelling example of the danger that can be triggered by the convergence of cybersecurity and physical security. Both were involved and both made mistakes. This cyber physical system (CPS), not the first to be ransacked, created an embarrassing black eye and raised the question in some quarters whether CPS, then roughly five years old (now eight years old), was a good idea.

The increased interconnectedness of systems, a hallmark of CPS, contributed to the vulnerability of the Colonial Pipeline attack. When critical infrastructure such as pipelines becomes more reliant on digital systems, it becomes a potential target for cyberattacks. In the case of Colonial Pipeline, the attack exploited vulnerabilities in the company’s IT systems, which, in turn, were connected to operational systems.

Risks still exist, but the picture has markedly brightened: CPS is improving at a rapid clip, in part because Internet of Things (IoT) devices, an important part of the process, have subsequently stepped up to the plate. Initially, the devices introduced new vulnerabilities that could be exploited. Now -- courtesy of advancements in security protocols and a deeper understanding of potential threats -- IoT devices have become a positive and integral part of CPS. With help of IoT, CPS systems can better protect physical resources from harm, lower cost, and improve maintenance.

Developed to improve security, CPS refers to a network of interconnected systems that combine physical components with computer controls, fundamentally blurring the lines between the digital and physical world and enabling organizations to securely manage their increasingly interconnected environments. CPS enhances the automation of tasks, more quickly analyzes real-time data and more carefully tracks maintenance capabilities, to the point it minimizes unplanned downtime.

It’s used in most late-model cars, medical equipment, and industrial control systems, such as the Colonial Pipeline. Broadly, it powers our way of life, including the water we drink, the energy that heats our homes, and the medical care we receive.

Here is more detail about how improved IoT and other factors have built a heightened advantage for CPS:

+ Enhanced Data Collection: IoT devices generate vast amounts of data that can be analyzed to optimize system performance, predict failures, and improve decision-making.

+ Remote monitoring and control: IoT devices enable remote monitoring, improving efficiency.

+ Increased Automation: Automated IoT devices reduce human error. 

+ New Applications and Services: The combination of IoT and CPS offers new opportunities, such as smart cities, autonomous vehicles, and advanced healthcare systems.

+ Advancements in Computing and Networking: The increasing power and affordability of computing devices and widespread availability of high-speed networks have enabled the deployment of complex CPS.

+ Artificial Intelligence and Machine Learning: AI and ML techniques have empowered CPS to become more intelligent and adaptive, thereby capable of making autonomous decisions.

All of these improvements have moved to the spotlight at an opportune time.  According to the Fortinet 2024 State of Operational Technology and Cybersecurity Report, cyberattacks that compromise OT systems are on the rise, with nearly three fourths (73%) of organizations experiencing an intrusion that impacted either OT systems only or both IT and OT systems. This was up from 43% in 2023.  

Companies are well aware of this, which is why the CPS market is expected to grow $124 billion this year to more than $255 billion by 2029, according to Markets and Markets, a compound annual growth rate of nearly 16%. 

At this juncture, one notable recent victory for CPS is the increasing resilience of smart grids, the integration of digital technology with traditional power grids. These are proving to be highly effective in enhancing the reliability and efficiency of power distribution, partly by quickly responding to power outages and restoring service by leveraging advanced technologies such as automation and real-time monitoring.

Another prime example of a successful cyber physical system – and one closer to home – is the modern automobile. Traditional cars were purely mechanical systems. With the advent of CPS, however, modern cars have transformed into complex machines that seamlessly integrate digital and physical components. This integration has led to significant advancements in enhanced safety, improved fuel efficiency, superior comfort, and convenience, such as remote vehicle access and infotainment systems.

There is still ample room for improvement in other CPS arenas. There should be more advanced threat detection and prevention techniques to combat emerging cyber threats, stronger security protocols (such as encryption and intrusion detection systems), and more security audits to identify and address vulnerabilities. In addition, design systems should accommodate more redundancy to minimize the impact of failures.

Another point of interest that is far less important but nonetheless would be a worthwhile accommodation is that technology pundits periodically note that most rank-and-file individuals aren’t deeply aware of the intricacies of CPS. Their understanding is often limited to the tangible benefits they provide. Nothing wrong here, but the public has increasingly become the beneficiary of these technologies. It would be helpful if the public were better educated about CPS so that they could enhance support for policies that promote responsive development.


Contributors
Robert Ackerman

Founder/Managing Director, AllegisCyber Capital, & Co-Founder, cyber startup foundry DataTribe

Mobile & IoT Security

Cyber-Physical Systems physical security Internet of Things Orchestration / Automation Artificial Intelligence / Machine Learning network security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs