Skip to main content

Cyber-Physical Attacks: Some Invisible Threat

 

In the era of digitalization, criminal minds often come up with new and advanced ways to create nuisance among the people. During the pandemic physical attacks are replaced by cyber-physical attacks at an alarming level. Physical attacks like crime, warfare, and terrorism are gradually taking place in cyberspace which causes more damage as it is impossible to predict the intensity of attack and attack can cause damage without any political, social, and moral outrage. 


Cyber-Physical Attacks are the security breach in cyberspace which has its impact on the physical environment. The attacker can seize the communication system between the systems. In cyber-physical attacks, the attackers gain complete access to a computer system and can operate the machinery and industrial equipment and can control the operations of the equipment to damage the property, physical assets, injuries, and even death. For example, they can turn off the lights in the buildings, force the drone to land on the enemies' land, releasing poisonous gas in the industry, gain access to oil pipelines and water treatment plants, gain access to defibrillators, programmers, and heart monitors, etc.  Cyber-Physical attacks consist of 5 stages for a successful cyber-attack:


  • Access: Attacker gains access to the system and can go through all the documents and life stored. It is similar to the traditional hack.

  • Discovery: It is the most important stage. In this stage, learning is involved. The attacker gains knowledge about the equipment and machinery to control it easily.

  • Control: It is the most complicated stage of the whole process. In this stage, the attacker needs to understand the dynamic behaviour of the cyber-physical system and its processes.

  • Damage: In this stage, an attacker requires to input the commands to understand the range of destruction to control the equipment and machinery to their best capacity. 

  • Clean-up: In a cyber-physical attack, the attacker cannot hide its forensic footprints by simply removing the log files. As the damage is occurring in the physical world, the attacker has to manipulate the process and the log files in such a way that the investigator draws the wrong conclusion as it is an operator error or equipment failure.


       Damages caused in Cyber-Physical World 


  • Equipment damage: Equipment is damage in the physical world by the attacker. 

  • Production damage: Attacker change the product quality and production rate in the production damage. This can affect the price and quality of product, increase operating cost and production rate increasing maintenance workload.

  • Compliance violation: Attacker aimed the safety measures that can lead to environmental damage and fatal damages like death, resulting in defamation of the company and imposition of fines and compensation.


The most effective way to deal with a cyber-physical attack is by using a cyber-physical system (CSP). CSP consists of a mechanical platform that has been controlled by computer algorithms that are fused with the internet and the networked user. CSP keeps strict eyes on every movement near or in the network layer through networking and computing software which are incorporated by the physical-mechanical components like smart sensors and actuators to alert the security officers of the company/organization about all the possible threats in and around the network layer. ALSR (Address space layout randomization) and DEP (Data Execution Prevention) is also used to make attackers work harder and to reduce the effectiveness of the attacker.  


Cyber-physical attacks can be serious crimes, with disturbing results. The worst part is that we cannot eliminate all the risks associated with cyber-crimes but that doesn't mean we shouldn’t even try to reduce the harm. Security must be changed in the digital and electronic devices with the rate of change in the strategies of the attacker. On the whole, we should try to keep up with the speed of IoT.


By: Harshita Bansal

(Legal Intern, WCSF)


For more updates, please visit our website: https://www.worldcybersecurities.com/ 


Labels:

Comments

Post a Comment

Popular posts from this blog

UNESCO Guidelines on Generative AI in Schools

The advent of artificial intelligence has assumed prominence amongst all industries and various facets of people's personal lives. The integration of AI in education has been inevitable, given the significance and role of information, knowledge production and administration in the sector. This is especially so as its capabilities entail replicating higher-order thinking. Besides assisting in the education process, it also brings the element of real-life relevance, allowing education to be imparted against the backdrop of the evolving world due to the same AI. It tends to have implications on the subject matter that needs to be imparted, which tends to be something that constantly needs to answer the question of "Why and how is this particular subject matter relevant for learning?".  This induces policy-makers and educational institutions to rethink what they need to impart as knowledge, the area of matter, and the manner of thinking to be emphasised. This is because educa...
Post a Comment
Read more

Dark Web: Safe or unsafe? Truth Revealed!

  The dark web is the part of the internet that is not visible to search engines. With the advancement in technology, digitization has resulted in different types of attacks. We can talk to anyone as long as we have an internet connection. The main concern is with privacy and anonymity in mind.  A team of computer scientists and mathematicians working for one branch of the US navy which is known as the Naval Research laboratory (NRL), developed a new technology known as Onion Routing. It allows anonymous communication where the source and destination cannot be determined by the third party. A network using the Onion Routing technique is classified as Darknet. The NRL released the Onion Routing Technique and it became The Onion Router, also known as TOR. Advantages of Dark Web  Humans are allowed to hold privacy and express their views freely. Privacy is considered to be critical for honest persons through the different criminals and stalkers.  The growing tendency of...
5 comments
Read more

India's Cybersecurity Landscape: New Rules, Rising Threats, and Government Response

The recent interaction of the newly reappointed Union IT Minister with journalists has sparked significant interest within the IT Industry and among privacy enthusiasts. Ashwini Vaishnaw announced on June 15 that the MEITY will soon release the rules under the Digital Personal Data Protection (DPDP) Act, a development of immense significance for India's cybersecurity landscape. [1] 's Acts. It holds immense significance for the country, especially with the increasing number of internet users.  Of 2023 for public consultation. The rules hold immense significance for a country like India, with 751.5 million internet users at the commencement of 2024 [2] . With the continuous surge in internet usage across India, the volume of personal data shared online is also on the rise. This occurs either voluntarily, such as an individual providing personal information to a social media platform to access its services, or involuntarily, as a consequence of falling victim to a cybercrime inci...
Post a Comment
Read more