Cynthia Wright is the Principal Cyber Security Engineer at The MITRE Corporation, following 25 years as a military officer where she gained extensive knowledge on cyber security and strategy. SEMI’s Maria Vetrano interviewed Wright, who will be a keynote speaker at the upcoming MEMS & Sensors Executive Congress in Napa California, on the subject of MEMS and cyber security.
MEMS are sensors that are a fundamental component in autonomous mobility systems, where they play a vital role in providing actuation and intelligent sensing. In the past MEMs developers have not been involved in cyber security – why is this changing?
Autonomous mobility devices are becoming increasingly ubiquitous in modern life – from the systems used by the military, in hospitals and in agriculture, to everyday devices such as smartphones, wearables and refrigerators. The growth of botnet attacks, such as Mirai and other cyber-attacks on Internet of Things (IoT) infrastructure, vehicles and home devices, demonstrate there is a need for the cybersecurity of MEMS and sensor-enabled devices to be more cyber secure.
As the developers of the sensors that go into these devices, MEMS should be committed to getting involved.
A large number of cyber security bills that focus on IoT are being discussed at state and federal level, indicating that regulation of the technology is going to happen and for this reason it makes sense to be prepared. The liability will lie on the shoulders of the original equipment manufacturers (OEMs) when malfunctions and/or data breaches occur.
Though, for this reason, OEMs will show favoritism towards MEMS suppliers who develop secure systems, to protect from insecurities in MEMS infrastructure.
Aside from regulation and the ability to have a competitive advantage, it's important for MEMS manufacturers to recognize that malfunctions can put their end users lives and well being in danger. For example, security breaches to the accelerator on a vehicle, an autonomous car’s obstacle sensors, or an insulin pump, all have dangerous consequences.
Where Do You Think the Biggest Threats to Consumers, Industry and the Government are?
It depends on what the exact situation is. For a consumer who uses medical implants then they are exposed to more risk. For governments at risk devices could be networked military systems, for industry it would be sensors that manage important manufacturing processes and safety systems.
It is not that every single sensor has to be secure. However, positions of vulnerability should be identified and protected accordingly.
I am not saying that every sensor must be secure. In every sector, there are areas of greater or lesser vulnerability, depending on context.
How Can Security be Introduced at the Design Stage?
Making devices more secure is both cheaper and easier to achieve during the design stage of creating a device. It makes more sense to create a device with no weak spots, rather than trying to solve the problems further down the line.
At MITRE, we use system and design orientated methods by consulting with the R&D team. We assist in the development of security standards and creating broad approaches to security design that can be applied to many different products.
For example, MITRE will analyze how someone may have hacked into a vehicle to access the vehicle’s location and history, or to change its functions. We use this information to develop standards and methods for developers to follow to improve the security of autonomous automobiles.
Hackers have already shown that by hacking into the sensor systems they can access the controls of the brakes and transmission, and using these routes it is theoretically possible for them to access the steering, ignition and other systems. MEMS/Sensors manufacturers can play a role in helping automotive developers make their cars, and the people driving them, more secure.
What Do You Hope Your Audience at MSEC Takes Away from Your Talk?
MEMS suppliers are at the front end of computing technology and they should take responsibility and help improve cybersecurity, both to be competitive and to ensure their customers are safe.
MEMS suppliers should determine which of their devices must be more secure and start to work on making them cyber proof at the design stage. As the need for secure microelectronics becomes increasingly great, taking steps now to be fully secure will benefit MEMS suppliers hugely in the long run.
This information has been sourced, reviewed and adapted from materials provided by SEMI.
For more information on this source, please visit SEMI.