What ’ s New at IIC : June 2021
across the different components from the supply chain . Specifically , the entertainment system , which was connected to the Jeep ’ s network via Bluetooth , was insecure , enabling the attack .
The early attacks were based on a hack to the diagnostic system that does not allow changes to be made above 5 MPH ( 8 KMPH ). The tire pressure monitoring system was the source of the information about the speed of the vehicle , and it was spoofed to tell the car that it was going slowly . This was possible because the protocol for the bus discarded duplicate messages . Once they knew how to get illegitimate message numbers onto the bus — before the actual tire pressure monitoring systems message — through a spoof attack , they could go at highway speeds .
This example shows how one untrustworthy system in an otherwise trustworthy solution can render all connected systems untrustworthy . It is essential that all systems connected to other systems be trustworthy . Otherwise , a failure of trust in one can bring down the others and result in a failure across all the connected systems .
As connecting systems , and particularly previously isolated control systems , to the internet and each other is key to the “ industrial internet ”, getting trustworthiness right is a sine qua non .
This has been brought into sharp focus recently with the Colonial Pipeline
ransomware attack . The Colonial pipeline delivers gasoline and jet fuel to the eastern United States . Although this attack did not affect the operational technology of the pipeline , which could have been environmentally disastrous , it did make billing the end customer impossible . There were also fears that , having been compromised , a further attack on the physical operation of the pipeline was possible . After paying a ransom , the system was restored within five days .
Another , less well-known , attack took systems down for four weeks . This was another
ransomware attack , this time on the Scripps Institute , a healthcare provider in the San Diego , California area . Patient records , including sensitive health information , were compromised . Appointments for surgery and tests had to be made “ by hand ”, relying on paper records .
Trustworthiness is key . The upcoming Trustworthiness Foundation document outlines several principles , as follows :
Principle 1 : Trustworthiness characteristics must be considered holistically . Principle 2 : Understanding context is necessary for making Trustworthiness tradeoffs . Principle 3 : Organizational consistency over time enables reputation and trust . Principle 4 : Accountability is an essential underlying foundation of trustworthiness . Principle 5 : A culture of trustworthiness is essential to achieving trustworthiness . Principle 6 : Assurance based on evidence is essential to establish trustworthiness . Principle 7 : Software trustworthiness must be managed throughout the entire software lifecycle .
IIC Journal of Innovation - 63 -