Kristin Lovejoy, VP of Strategy for IBM Security Solutions, predicts 2011 will see the first cyber-attacks on critical infrastructure such as electric grids or water systems.
In an interview with SearchSecurity.com, Lovejoy says "when it comes to the embedded devices, there's two things we're worried about. We're worried about people using those devices to cause some sort of harm or to cause societal conflict. Alternatively, we're seeing the use of those devices to enable support for some form of financial gain."
Lovejoy notes that up until recently, cyber attacks on embedded devices have been limited mainly to "proof of concept." That is, criminal acts designed only to prove success is possible. However, citing a keyless entry hack in Ohio, Lovejoy warns this type of cyber crime may soon turn from novelty to traditional outright profitability.
"I think [securing mobile devices is] going to become an issue because historically mobile devices have been part of the telecom infrastructure and the telecom infrastructure has not been managed by the IT security function," Lovejoy says. "Where our customers seem to be struggling is not with answering the question 'How do I secure these devices?' It's 'how do I manage the security of these devices?' It may be a nuance but it's an important nuance."
Of course the larger threat doesn't come from small time crooks. "We do a lot of work with various national governments," Lovejoy says, "and one fact that is weighing heavily on their minds is that over 90% of critical infrastructure is owned and operated by the private sector. Although this is particularly relevant to the U.S., this is a worldwide statistic." She adds, "Security must be an intrinsic element of the service that is being delivered and to that extent these critical infrastructure industries need to think about it."