Hollywood can teach us a lot about technology

Written by Andy Rowland on 26 March 2018 in Sponsored Article
Sponsored Article

BT's Andy Rowland on technological risk, and how the systems fundamental to modern life are under attack

Have you ever noticed how good Hollywood is at predicting future technological advances? ‘2001: A Space Odyssey’ (1968) brought us tablet computers and space stations. ‘The Terminator’ (1984) — military drones. And ‘Minority Report’ predicted gesture-based interfaces in 2002. In 2007, ‘Die Hard 4.0’ saw John McClane battling hackers who were trying to turn the lights off across America — which could now be a reality thanks to an increasingly connected world and the advent of state-sponsored cyber attacks.  

Increasingly, the systems fundamental to modern life are under attack. Imagine what would happen if there was no sewage treatment, no clean water, no electricity or gas. All of these industries have something in common — they all use industrial control systems to regulate temperatures, pressures and turn processes on and off automatically. The systems that do this were developed by engineers for engineers. There was little thought for security, as they weren’t connected to corporate IT or the Internet. They relied on security through obscurity.  

The key risk factors

But these systems are now at serious risk — for two main reasons. The use of IoT sensors to drive efficiencies, and the huge demand for analytics to optimise processes, known as Industry 4.0.

For example, why drive out to a remote pumping station to check it’s OK when a battery-powered sensor could send you an update over a cellular connection? In the case of Industry 4.0, it’s all about gathering data from different sensors and systems, and collating it into a data lake, used to apply machine learning and drive efficiencies. In both cases, you’re now connecting lots of things that, traditionally, were never designed to be connected.  

So, how does the risk manifest itself? Typically it falls into two broad categories — technology and processes. A good example of the former is the recent discovery that inverters — designed to convert the output from solar panels to feed the grid — could be hacked. Either the grid could be flooded with power, causing other generators to shut down, or blackouts could be created as in Die Hard 4.0. In Europe, over 90 gigawatts of power is generated from solar generators, with Germany using solar power to meet 50 per cent of its needs — so this is not an insignificant issue.

In terms of processes, while we’re on the subject of power, let’s look at the hack that turned off the electricity for a quarter of a million people in the Ukraine. Here, the attackers used phishing emails to get as far as the corporate network, but the industrial control systems were wisely firewalled. However, from the corporate network, the hackers were able to harvest the credential of engineers who used VPNs to access the industrial systems. And as they didn’t have two-factor authentication (something you know, e.g. a password, something you have, e.g. a token, or something you are, e.g. biometrics) they were able to use the stolen passwords to reconfigure the grid and turn off the power.

So how do we address this problem?

First of all, you need to deal with the basics, just as you would at home. So lock your doors and windows, don’t let your children open the door to strangers and fit an alarm for when you’re out. In the same way, you need to segment your network with firewalls, educate your employees on things like spear phishing, and install intruder-detection systems.

You also need a joined-up approach to security, involving engineering, IT, third-parties and service and support. Perhaps you could bring in some external security experts to do some social engineering/ethical hacking, where they might pretend to be your technical help desk, leave a few infected USB sticks around, and even undertake some targeted phishing!

Finally, you also need the equivalent of smoke detectors — systems that provide advanced warning of a problem. Mature security operations use highly advanced systems to cross-correlate data from multiple sources, and artificial intelligence to look for new patterns they’ve not seen before that could indicate a new attack vector. To prevent what John McClane in Die Hard calls the “fire sale” (i.e. everything must go) you may need to bring in the action hero.

To learn more, download our report exploring the five steps you have to navigate to protect your organisation from attack.

Andy Rowland is BT's Head of Customer Innovation: Energy, Resources and Manufacturing

Share this page


Related Articles

Why the NHS needs to ‘take the lead’ on sharing data with the private sector
11 December 2018

A study from Reform finds a haphazard patchwork of data-sharing being led at a local level. The think tank’s director of research Eleonora Harwich tells PublicTechnology why a national...

Bidding opens on £5bn Network Services 2 framework
11 December 2018

Second iteration of comms and networking procurement vehicle adds three new lots and more than doubles in value

Related Sponsored Articles

How the Internet of Things is revolutionising business
26 November 2018

BT thinks The Internet of Things is about to undergo a revolution. Over the past two decades, we've seen IoT tech evolve from a possibility, to a novelty, to an established tool that plays a vital...

Quantum cryptography and the future of security
19 November 2018

Quantum computers will soon make some of our strongest encryption useless. And that's where quantum cryptography comes in

Make security integral to your business
5 November 2018

BT knows that digital security isn't just about technology. It's about the partnerships, intelligence and expertise you need to stay one step ahead in the security race.