AI-powered cyberattacks are on the rise, targeting critical infrastructure and personal devices. Learn how to protect yourself from these emerging autonomous hacking threats to cyber-physical systems and the risks they pose to our connected world.

Cyber-physical systems (CPS) are a powerful tool for research and innovation, combining the digital and physical worlds. By seamlessly integrating physical objects and infrastructure with the Internet, CPS enables a wide range of benefits, including increased automation, improved decision-making through real-time data, and advancements in medical technology. However, this increased connectivity also introduces significant security risks. As CPS systems become more complex and interconnected, they become more vulnerable to cyberattacks, with the rise of autonomous hacking becoming an increasingly serious concern.

AI: Double-Edge Sword for CPS Security

In his 2024 presentation, Autonomous Hacking Systems – Future Risk or FUD?, Justin Hutchens, Innovation Principal at Trace3, explores the growing concern over the potential risks of AI-powered autonomous hacking systems. He cites OpenAI's GPT models as prime examples, highlighting GPT 3.5's early signs of autonomous hacking behavior when given operating system interaction capabilities. 

He also notes that in February 2024, a white paper revealed GPT 4’s, latest model of OpenAI, ability to reliably hack target websites. Hutchens warns that that the ability to fully automate threat operator actions could lead to a significant increase in both frequency and volume of cyberattacks, amplifying risks to cyber-physical systems across industries.

Risks of Connected Cars

Cars have revolutionized over the past couple of decades, with electric cars, smart cars, and even "regular" cars now interconnected. In his 2024 presentation, Steering Clear of Danger: Decrypting the Realities of Remote Car Hacking, David Brumley, CEO and Professor at ForAllSecure and Carnegie Mellon, explores how cybercriminals can remotely hack cars. Brumley explains that from 2021 to 2024, hackers could attack cars simply via Bluetooth. 

Today's cars are equipped with Bluetooth, Wi-Fi, GPS, HD radio, and computer systems, and Brumley explains that hacking a car's software can unlock more access to control it. This can lead to device failure, random failures, and even hard constraints like airbag deployment, Brumley said. He emphasizes the importance of knowing what technology in the car is connected to the Internet. By doing so, car companies and consumers can take the right steps to mitigate potential risks.

The Risks of a Connected Healthcare System

CPS has allowed for medical advancements with many advantages, but concerns about patient safety, privacy, and data have risen due to modern hospitals relying on IT systems to function. In their 2024 RSAC podcast, Darren Shou, Chief Strategy Officer, RSAC, and Errol Weiss, Chief Security Officer, Health-ISAC, explain the impact of AI on the healthcare sector. Weiss explains that hospitals now have interconnected systems and functions between all entities of a healthcare organization. He then goes on to say that when ransomware attacks these entities, the IT systems start going down, having a devastating impact on the hospital's ability to conduct patient services. This includes patient data exposure, chemotherapy disruption, and cancellation of electric services. This not only compromises patient data and privacy but also safety.

CPS Looking Forward

Although cyber-physical systems raises concerns, there are ways to mitigate potential risks of autonomous hacking. For example, in an upcoming December webcast, Jolly Trivedi, Founder and CEO of Rudra, will address these concerns in healthcare organizations and specifically focus on remote patient monitoring. She will discuss how to protect patient data, privacy, and security of patient information using the application of Federated Learning (FL).

The cyber community is resilient, and we must continue to be persistent in finding new ways to mitigate risks and counter increasingly sophisticated threat actors in the world of the Internet of Things. Autonomous hacking will not disappear, but as a community, we can strengthen our defenses to safeguard against hackers and threats.