The robotics and security communities came together for a “cross-cluster” meeting hosted at Northeastern University on July 20th. After a welcome from John Bowen, Executive Director, Corporate Relations at Northeastern, around the room introductions, and MassTLC award finalists’ announcements, we received a brief summary of Senator Markey’s CyberShield bill from Rory Clark, Regional Director at Senator Markey’s office. The bill would provide consumer protections for IoT devices. Manufacturers could participate in this CyberShield program voluntarily by adhering to NIST security standards at all points of product development. They would then be provided with a rating similar to EnergyStar.
Noel Zamot, CEO of Corus Analytics, kicked off the presentations by discussing how economically marginal the cost is to incorporate sound resilient design and security early in the process and that waiting to incorporate later in the process can be very expensive. He gave some common and easily avoided circumstances that allow for these vulnerabilities, such as a customer request feature being added in the product during design without testing and assessing for risk. Noel provided three main trends he sees:
- The more we spend on network cybersecurity the worse off we are
- The half-life of network security tools is approximately 18 months – after that they are ineffective
- The longer you wait to implement security, the less effective and more costly it will be
John Manferdelli, Professor of the Practice and Executive Director, Cybersecurity and Privacy Institute, discussed how “amazingly easy“ it is for hackers and that “hardware IS the new software”, due to the amount of software and firmware that goes into the devices. He cautioned that developers of hardware underestimate how vulnerable it is to attacks. There IS some good news! Massachusetts has a large support network with partnerships among public, private and academic sectors. Preparing for an attack and ensuring your systems are resilient will make it more difficult and costly for the bad guys. He is also optimistic about those using authentication methods when booting software, and doing so in the embedded hardware.
David Kaeli and Yunsi Fei, professors at Northeastern, also spoke to the importance of securing against hackers through embedded security at the hardware level.
Joe Ferraro from The MITRE Corporation finished off the presentations using examples of how MITRE anticipates faults and evaluates risks. One example is the automobile. Today’s cars have a minimum of twelve vulnerable locations which can be penetrated, and that is not even taking into account supply chain.
Thanks to our host for sharing their Alumni Center for our meeting