Technology How to fix unsafe operational technology that threatens the...

How to fix unsafe operational technology that threatens the global economy


- Advertisment -

Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.

Today, with the rampant proliferation of cybercrime, a tremendous amount of work is being done to protect our computer networks – to secure our bits and bytes. At the same time, however, not nearly enough work is being done to secure our atoms—namely, the hard physical infrastructure that runs the global economy.

Countries are now teeming with operational technology (OT) platforms that have essentially automated their entire physical infrastructure, whether it’s buildings and bridges, trains and cars, or the industrial equipment and assembly lines that power the economy. But the idea that a hospital bed can be hacked – or an airplane or a bridge – is still a very new concept. We need to start taking such threats very seriously because they can cause catastrophic damage.

For example, imagine an attack on a major power plant that leaves the northeastern United States without heat during a particularly brutal cold spell. Think of the sheer amount of hardship – and even death – these types of attacks would cause as homes go dark, businesses become cut off from customers, hospitals struggle to function, and airports close.

The Stuxnet virus, which emerged more than a decade ago, was the first indication that physical infrastructure could be a prime target for cyber threats. Stuxnet was a malicious worm that infected the software of at least 14 industrial sites in Iran, including a uranium enrichment plant.


Intelligent security stop

On December 8, learn about the critical role of AI and ML in cybersecurity and industry-specific case studies. Register for your free pass today.

register now

The Stuxnet virus has since mutated and spread to other industrial and power-producing facilities around the world. The reality is that critical infrastructure everywhere is now at risk from Stuxnet-like attacks. Indeed, security flaws lurk in the critical systems used in key industries around the world, including energy, water, transportation and manufacturing.

Built-in vulnerability

The problem is that operational technology manufacturers have never designed their products with security in mind. As a result, trillions of dollars worth of OT assets are highly vulnerable today. The vast majority of these products are built on microcontrollers that communicate over insecure Controller Area Network (CAN) buses. The CAN protocol is used everywhere from passenger cars and farm equipment to medical instruments and building automation. Yet it does not include direct support for secure communications. It also lacks the all-important authentication and authorization. For example, a CAN frame does not contain information about the address of the sender or the receiver.

As a result, CAN bus networks are becoming increasingly vulnerable to malicious attacks, especially as the cyber attack landscape expands. This means we need new approaches and solutions to better secure CAN buses and protect vital infrastructure.

Before we talk about what this security should look like, let’s take a look at what can happen if a CAN bus network is compromised. A CAN bus essentially serves as a shared communication channel for multiple microprocessors. For example, in a car, the CAN bus allows the engine system, combustion system, braking system, and lighting system to communicate seamlessly with each other over the shared channel.

But because the CAN bus is inherently insecure, hackers can disrupt that communication and start sending arbitrary messages that still conform to the protocol. Imagine the chaos that would ensue if even a small-scale hack of automated vehicles occurred, turning self-driving cars into a swarm of potentially deadly objects.

The challenge for the automotive industry – indeed for all major industries – is to design a security mechanism for CAN with strong built-in protection, high fault tolerance and low cost. That’s why I see huge opportunities for startups that can address this problem and ultimately protect all of our physical assets – every plane, train, production system, and so on – from cyber-attacks.

How OT security would work

What should such a company look like? Well, for starters, it could try to solve the security problem by adding an intelligence layer — as well as an authentication layer — to an aging CAN bus. This kind of solution can intercept data from the CAN and deconstruct the protocol to enrich and warn anomalous communications over OT data buses. With such a solution in place, operators of high-performance physical equipment gain real-time, actionable insights into anomalies and intrusions in their systems – thus better equipped to thwart any cyber-attack.

These types of companies are likely to come from the defense industry. It will have deep fundamental technology in the embedded data plane, as well as the ability to analyze various machine protocols.

With the right team and support, this is easily a $10 billion+ opportunity. There are few obligations more important than protecting our physical infrastructure. Therefore, there is an urgent need for new solutions with a strong focus on protecting critical assets against cyber-attacks.

Adit Singh is partner of Cota capital.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.


Please enter your comment!
Please enter your name here

Latest news

Mark Cuban-backed streaming app Fireside acquires Stremium to bring live, interactive shows to your TV

Highlight Cuba-backed streaming app Open firethat now offers podcasters and other creators a way to host interactive, live shows...

Four tips to avoid stopping silently

Founder and Chief Culture Officer of Ideal resultsInc. Author of new book "Culture Ignited: 5 Disciplines for Adaptive...

What is ‘active investing’?

Long-term investing is not an easy path to outperforming the stock market (SPY). On the other hand, most...

Target’s Black Friday deals: earbuds, streaming sticks and more

The holiday shopping season has begun and several retailers, including Target, are offering some spectacular Black Friday deals for...
- Advertisement -

Are there any visas or green cards that I can get on my own? •

Sophie Acorn Contributor Sophie Acorn is the founder of Alcorn Immigration Act in Silicon Valley and 2019 Global Law Experts Awards'...

3 tactics to increase your conversion rates in the early startup stages

Since you already have a mechanism to make people aware of and interested in your product (or a marketing...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you