Today, we live in a society where criminals face less risk by stealing millions of pounds using a banking Trojan than by committing an armed bank robbery, and where corporate networks can be rapidly disabled by unseen remote assailants.
This is no longer movie fiction but a reality with the advent of hacktivists, cyber-criminals and cyber-terrorism.
Rapid developments in digital technologies have enabled the creation and adoption of a wide range of innovative products and services. The use of these digital technologies pervades virtually all areas of our lives. Some developments are visible as the consumer devices such as smart phones, laptops and tablet PCs, satellite and HD TV; others such as network routers and wireless technologies are largely invisible to the consumer. Many individuals are also unaware of the extent to which software is used to control the supply of their utilities, in their vehicles, in traffic signalling systems and to control the environment in their office buildings.
This widespread use of digital technologies has brought with it new threats to the safety and security of our society. In the past we relied upon physical measures to protect our assets: for example, vaults, security fences, cameras and guards. The sophistication and effectiveness of these physical protective measures has significantly reduced the risk of losses through physical theft and increased the risk of being caught. For example, as a result of the improvements in physical security of modern high value cars it is now easier to steal the keys rather than try to bypass the vehicle’s locks and alarms.
In a digital world with ubiquitous networked connectivity purely physical measures provide limited protection. Increasingly the attacks on our systems are network-borne, targeting the software and any stored information, through hacking, malware or denial of service (DOS) attacks. To address these threats we need to build systems and develop software with fewer vulnerabilities and greater resistance to attack. Simply trying to bolt on security to existing technology is of limited benefit if the underlying design is inherent insecure or the measures are easily bypassed.
The IET is currently working to address two particular challenges:
The IET are leading a project with support from the BCS, IISP, IAAC and e-Skills UK which is investigating the feasibility of encouraging more engineers and technologists to undertake accredited postgraduate level training. The project aims to put in place a sponsorship scheme for postgraduate courses to allow young professionals to develop their knowledge and skills in this important area.
You can contribute to this project in a number of ways:
The IET has published an Insight document providing a briefing for managers on the cyber security issues affecting the design and operation of intelligent buildings. You can download a copy of the Insight document, which also contains information on how you can get involved in the development of cyber security guidelines for intelligent buildings.