Cyber Attacks That Target Electrical Devices and Equipment: What Engineers Should Know
In an era of the internet of things—where multiple devices are connected across wireless networks, cyber-threats are on the increase.
Securing electronic devices from malicious attacks is no longer just the responsibility of IT administrators, but electrical engineers, also.
Why EEs Need Cybersecurity Knowledge
Within the last decade, there have been reports of targeted cyber-attacks on critical infrastructures, such as power grid control centres, social amenities, and more. For example, hackers reportedly gained control of circuit breakers at Ukraine’s Prykarpattyaoblenergo grid control centre in 2015—plunging thousands of the region’s residents into darkness.
Similarly, further reports have uncovered security loopholes in electronic voting machines, which could allow hackers to manipulate tallies, voters’ names, and/or the voting machines’ software.
Cybersecurity is essential to electrical engineers as they are responsible for designing the electrical equipment and systems utilised in industrial, business, and household applications. To effectively address cyber threats, engineers must first understand the motivations and methods of attackers, then design equipment with built-in security features accordingly.
Areas of Interest to Electrical Engineers
Using the right techniques, cyber-attacks can be successfully carried out on all kinds of electronic devices or equipment connected to a wireless network. Key areas of interest to engineers include the following.
Consumer Electronics
Consumer electronics, such as smartphones, tablets, and personal computers, remain connected to the internet daily, making them prone to malicious attacks from hackers. Through phishing emails, third-party software that monitors users’ IP addresses, and other techniques, hackers may try to steal sensitive information (including credit card details and other user data).
Such attacks are particularly hard-hitting on unsecured public networks. For example, users can unwittingly access unsecured connections within the access point range (also known as ‘piggybacking’). In ‘evil-twin attacks’, moreover, hackers can use a duplicate signal—similar to that of the original access point data—to lure unsuspecting users and steal their sensitive information.
Power Systems
According to a Deloitte report, the power sector was one of the top three most targeted in 2016. Electrical power infrastructure can be targeted by hackers to steal information, exploit system vulnerabilities, or override system controls (consider, for instance, Ukraine’s said power grid attack in 2015).
By successfully deploying supervisory control and data acquisition (SCADA) plugins, attackers can gain control of circuit breakers at distribution centres to shut down sections of the grid.
Industrial Motor Control Equipment
Industrial robots, precision-link conveyors, rotary and linear part handlers, and other motion control devices connected to the industrial IoT are now more vulnerable to cyber attacks than ever. If a hacker gained control of a robot that performs precision manufacturing tasks, the person could recalibrate its controls, such that it produces defective products on a large scale.
Having virtual private networks (VPNs) is a leading example of how users may protect their consumer electronics from cyber threats. Pictured: a woman controls a VPN application on her smartphone.
Electronic Medical Devices and Equipment
Ransomware, distributed denial of service (DDoS), malware, and data breaches are some of the most prevalent cybersecurity threats to medical devices. Attackers can carry out their mission both locally to the relevant healthcare facilities, as well as remotely.
Electronic equipment, such as pacemakers, insulin pumps, and MRI scanners, which communicate over the internet (e.g. the cloud) often contain sensitive electronic health records that hackers may try to exploit. The cost, reputation, and security implications of successful medical equipment breaches can be dire.
Mitigating Cyber-attacks
The following subsections show some ways that engineers (particularly electrical engineers) can safeguard electrical devices and equipment against cyber-attacks.
Using Data Encryption
A critical component, particularly when it comes to the overall security infrastructure of industrial equipment, is data security. Research indicates that data theft from electronic devices and equipment has been on the rise over the last decade. Most devices store data in portable storage using the cloud.
Data encryption ensures that only authorised personnel gain access to stored information via a unique encryption key, making it difficult (or nearly impossible) for hackers to exploit. There are two methods of data encryption: symmetric and asymmetric. Symmetric encryption uses a single, private key to secure users’ information, while asymmetric encryption uses a combination of private and public keys.
Performing Software Upgrades
As hackers develop new malware to target electrical equipment, it is critical for engineers to perform software upgrades to existing infrastructure. While software updates (aka patches) are typically limited to minor feature enhancements and bug fixes, software upgrades often involve significant changes to the device’s operating system.
Software upgrades can add multiple layers of security in legacy equipment to minimise the likelihood of cyber attacks.
Medical technology involves all kinds of connected devices. Pictured: a patient's first-person view of a portable glucose meter and its remote interface, as they use the former to check their blood sugar levels.
Mitigating Cyber Attacks with MI
Engineers can leverage the capabilities of machine learning (ML) to address cybersecurity threats. Machine learning is a subset of artificial intelligence (AI) that enables machines to learn processes and make intelligent decisions without receiving explicit instructions from humans.
ML algorithms and statistical models allow engineers to analyse various data extracted from electronic devices, giving them the chance to uncover any security vulnerabilities in their technology. Engineers can use this information to enhance the prevention, detection, and corrective capabilities of the electrical equipment that they build.
The Overall Importance of Cyber Security
All in all, cyber security is a crucial consideration in today’s connected world. Given the rise in cyber attacks that target networked infrastructure, electrical engineers must, using various techniques such as those mentioned above, continue to prioritise the integration of security features in all kinds of electrical equipment.
