by Jim Darroch (VP Software & Data)
Cybersecurity incidents make the news all too often. From individuals who are conned out of their savings, to large corporations and government departments being hacked and having their data stolen, or worse – damage and disruption caused to critical infrastructure. These attacks vary in sophistication, but all use a fairly small set of techniques used to either trick individuals into exposing personal information (usernames & passwords!) or exploiting known security weaknesses in target systems.
If it appears that security breaches are increasing – that is because they are. The number of attacks, and the financial damage, have increased by more than 10%, year on year.
Why do hackers do it? The vast majority of attacks are financially motivated for example, fraud or extortion. Some are simply nasty pranks.
Some are more sinister such as Nation States being engaged in constant, silent cyber warfare.
Dukosi’s customers are not immune to attack – consider two of our target markets – automotive and energy storage.
Cybersecurity weaknesses in Cars hit the news in 2015 with the Jeep Cherokee hack (www.wired.com/2015/07/hackers-remotely-kill-jeep-highway) when security researchers demonstrated how to gain control of a car while it was being driven. They took control of vehicle systems including brakes, steering and acceleration. It doesn’t take much imagination as to what could happen in the hands of a malicious attacker. A fatal crash on the freeway. Maybe an email from the hackers: pay a ransom and we’ll unlock the car we’ve taken control of…
The automotive industry has taken notice, and a standard for Cybersecurity Engineering in Road Vehicles (ISO 21434) is scheduled to be published this year.
Energy storage systems are considered critical national infrastructure – especially those connected to national grids, which steady the flow of energy between renewable energy generation and the grid. Power grids are an obvious target for hackers and most, if not every, country on the planet has plans in place to protect them from that threat. This includes following a standard approach to Engineering solutions. IEC 62443 has been used for over a decade to guide how to develop IT & communications equipment for use in Industrial Control Systems, and is a requirement for cybersecurity in Critical Infrastructure (including the Grid).
How do these apply to Dukosi? Our products include an intelligent, networked approach to battery management and control. This is a key component in Electric Vehicles (including Hybrids) and Energy Storage systems. We have a requirement to make our products secure and defend against attempts to use battery systems as a point of attack! Footnote – Dukosi’s products are a small (but vital) component in very complex systems, sure to be overlooked by hackers? Absolutely not. Sophisticated cyber attacks ‘follow the supply chain’ looking for a way in. The supply chain is only as cyber-secure as its weakest link.
In our product development, Dukosi follow Cyber-Engineering principles embodied in the standards for both Automotive and Industrial energy storage:
* Organizational Cybersecurity – to maintain a strong defense of internal IT systems, keeping a tight lid on design material that could be used to find a weakness.
*Product Cybersecurty – analysing potential threats to our products in the field, and designing defenses against them
*Response – monitor cybersecurity trends, and potential weaknesses in our suppliers, so we can alert our customers and provide updates to guard against emerging threat