Companies are now exposed to new threats – protection of cyber-physical systems


IT security threats and vulnerabilities are no stranger to corporate IT systems, which are now largely followed, researched, weakened and communicated by security leaders. However, the advent of Cyber-Physical Systems (CPS) has led to a number of new considerations that normally few security officers had to consider.

Cyber-physical systems that emerge from either OT / IT convergence or the use of IoT or smart technologies are now exposed to unique threats that evolve rapidly as malicious actors and their techniques use corporate IT systems go out. Unfortunately, most organizations are still in the awareness phase, which is itself the greatest threat, as ignorance about CPS is out of luck in 2020 and beyond.

Threat actors

CPS threat actors are not dissimilar to other cybersecurity threats for the following motivations:

  • Government sponsored actors and Advanced Persistent Threats (APTs) motivated by espionage, theft, or other activities that advance the interests of a particular nation / group of nations
  • Cyber ​​terrorists intend to disrupt critical services or cause damage
  • Organized crime in search of financial gain
  • Insiders who can be motivated from revenge to fraud or who can inadvertently cause security incidents due to incompetence or negligence
  • Hacktivists with a political issue or a societal problem
  • Script kiddies looking for excitement or notoriety

However, unlike most IT cybersecurity threats, CPS threats are of growing concern because their association with the physical world means that consideration must be given to the security, operational resilience, or environmental impact of an attack.

Possible effects

Many cyber-physical systems underpin critical infrastructures. US security agencies such as the FBI and CISA (Cybersecurity and Infrastructure Security Agency) have warned of increased activity in recent months, with cyber actors showing their willingness to conduct malicious cyber activities against critical infrastructures by using operational technology resources accessible via the internet exploit.

In 2019, Gartner predicted that the financial impact of fatal CPS attacks will exceed $ 50 billion by 2023. Aside from having financial implications, CSP attacks can also result in customer loss, intellectual property theft, operational downtime, or deterioration in the performance and quality of equipment delivered, to name a few.

New threat vectors

As CSPs become more interconnected as digital business innovations continue to be a priority for companies, the rapid adoption of technologies like IoT and 5G will have a much greater effect in the physical world as risks, threats and vulnerabilities now exist in bi-directional cyber physics Spectrum. With the increasing networking of CSPs, new threat vectors are developing at the same time, which increase risks and vulnerabilities.

The following are four emerging threats that security officers should be aware of:

With 5G being integrated across networks, enabling faster communication, greater vehicle and asset autonomy, and a better human-machine experience, the impact of 5G on CPS is endless. Unfortunately, as is common practice, speed and cost considerations take precedence over security considerations, and emerging security standards are complex.

For example, mixed 4G / 5G environments create backward compatibility issues and challenges in managing mixed environments. Targeted attacks are likely to increase, using device manufacturer, operating system, version, and model so that attackers can precisely categorize a device as Android or iOS, video camera or phone, car modem, router, etc. Security implications such as rapidly draining battery life are barely discussed. Physically, low-cost, short-range small cell antennas that are widely used are likely to become new tough targets as conspiracy-based attacks on cell towers have already occurred.

Sensory Channel Threats

An important part of CPSs are the sensors they use to interact with each other and with the physical world that surrounds them. Most current security models, however, focus on protecting the network components of a CPS using conventional security mechanisms, such as: B. an intrusion detection system for data passing through network protocol stacks. As a result, it does not adequately address threats from sensory channels (e.g. targeted light, temperature, infrared) where malicious actors trigger malware, transmit malware, or even combine malicious use of different sensory channels to increase the impact of the attack on CPS Devices.

Data spoofing threats

Some CPSs rely on data communications to perform their intended functions. For example, commercial aircraft send and receive notifications regarding flight routes, navigation and landing. They do this through Aircraft Communications Addressing and Reporting Systems (ACARS), which are not authenticated. Such messages could be forged and tampered with in order to send false or erroneous messages to an aircraft, such as incorrect position information or flight plans. There are other commercial airline data spoofing vectors as well.

QR code threats

QR codes are interesting because they’re not traditional CPSs, but they span both worlds. They are developed in the cyber world to live in the physical world where they are read with a device to reconnect to the cyber world. The main threat vector for QR codes is that a malicious URL embedded in them could lead users to a fake website, collect personal information, or install malicious software. In a pandemic world, for example, many people see QR codes as an alternative to physical restaurant menus. They were first used by the Japanese automotive industry to streamline manufacturing processes and are widely used in operational and business critical environments where there are many CPSs.


To manage the technology, information, and failure risk associated with CPS, security officers should implement the following recommendations:

  • Deploy operations or mission-centric asset discovery solutions to uncover all of the CPSs already in their environment, and work with engineering, operations and product development security teams to stay one step ahead of greenfield deployments.
  • Extend existing approaches to threat management and incident response with an advanced lens to accommodate the broader CPS threat surface. All security solutions deployed in operational or mission-centric environments should at least have anomaly and threat detection capabilities.
  • Employ security best practices for CPS (e.g. third party vendors) with a critical look at understanding CPS connectivity and how these devices and systems communicate with each other and with other parts of your network or your vendors if they offer remote support.

Katell Thielemann, VP Research Analyst, gardener


About Author

Leave A Reply