Affiliation:
1. Semcon Sweden AB, Sweden
2. KTH Royal Institute of Technology, Sweden
Abstract
Our societal infrastructure is transforming into a connected cyber-physical system of systems, providing numerous opportunities and new capabilities, yet also posing new and reinforced risks that require explicit consideration. This chapter addresses risks specifically related to cyber-security. One contributing factor, often neglected, is the level of security education of the users. Another factor, often overlooked, concerns security-awareness of the engineers developing cyber-physical systems. Authors present results of interviews with developers and surveys showing that increase in security-awareness and understanding of security risks, evaluated as low, are the first steps to mitigate the risks. Authors also conducted practical evaluation investigating system connectivity and vulnerabilities in complex multi-step attack scenarios. This chapter advocates that security awareness of users and developers is the foundation to deployment of interconnected system of systems, and provides recommendations for steps forward highlighting the roles of people, organizations and authorities.
Reference37 articles.
1. ACEA. (2017). ACEA principles of automobile cybersecurity. Retrieved from https://www.acea.be/publications/article/acea-principles-of-automobile-cybersecurity
2. AENEAS, ARTEMIS, & EPoSS. (2018). Strategic Research Agenda for Electronic Components and Systems. Retrieved from https://efecs.eu/publication/download/ecs-sra-2018.pdf
3. Brewster, T. (2015). Security: Hacker says attacks on 'insecure' progressive insurance dongle in 2 million US cars could spawn road carnage. Retrieved from https://www.forbes.com/sites/thomasbrewster/2015/01/15/researcher-says-progressive-insurance-dongle-totally-insecure
4. Studying Bluetooth Malware Propagation: The BlueBag Project