When you think of cybersecurity, you might think of protecting networks from hackers who want to steal money, personal information or trade secrets.
But in an increasingly connected world, attacks can threaten our physical comfort and safety, as well.
The rise of smart technology in cars, home appliances, electrical grids and beyond is providing numerous physical targets for cybercriminals to exploit. And the unprecedented vulnerabilities mean there’s high demand for cybersecurity professionals who can address them.
“This is a fast-moving field, and the attack vectors are new,” said Saman Zonouz, director of the cyber-physical systems track for Georgia Tech's Online Master of Science in Cybersecurity.
Georgia Tech cybersecurity experts talked about a few of these emerging risks, along with how Georgia Tech’s online master’s program is addressing cybersecurity education needs through its cyber-physical systems track.
Autonomous vehicles
"Traditionally, attacks have been against large-scale targets,” Zonouz said. “What we have been seeing recently is the move toward more personal types of attacks with the emergence of smart devices and cars.”
Modern cars include an array of systems that could be hacked, and the problem is likely to get worse as more vehicles are designed to be partially or fully self-driving. The New York Times noted today’s internet-connected automobiles “can report the weather, pay for gas, find a parking spot, route around traffic jams and tune in to radio stations from around the world.” And driver assistance technology such as automatic emergency braking and forward collision warning is becoming increasingly common.
In fact, today’s vehicles have up to 150 electronic control units and 100 million lines of code, according to a 2020 report from McKinsey & Co. That means security exposure in many areas, from sound systems to steering and braking. A few years ago, two automotive cybersecurity researchers famously demonstrated to Wired magazine how they could hijack a 2014 Jeep Cherokee, even turning off the engine on the highway. As a result, Fiat Chrysler recalled 1.4 million vehicles to patch the vulnerability.
Smart home devices
Homes, too, contain more cybersecurity vulnerabilities than ever as consumers increasingly adopt smart appliances and connected devices. Through their home internet, people can now remotely control elements such as lighting, temperature, security access and home theaters. The wide variety of hardware and software tools in use, along with often lax password protection, yields openings for hackers to disable security systems, steal personal information or even cause harm to the home and its occupants.
“A malicious attacker could cause a fire,” said Vince Mooney, associate professor at the Georgia Tech School of Electrical and Computer Engineering. “Cameras are a huge concern as well. (Hackers) could obtain video of your family.”
In 2019, a Milwaukee couple complained hackers turned the smart thermostat in their home to 90 degrees and spoke to them through a security camera. The maker of the system blamed the incident on compromised passwords.
But Zonouz noted attacks could occur on less obvious fronts. A hacker could adjust the chlorine in a pool to dangerous levels, for example. “The more you make these devices remotely connectable and easy to use, the more vulnerable they become,” Zonouz said.
Power grids
Among the most concerning cybersecurity incidents are persistent attacks on the power grid, given the threats to human life and the economy. For instance, Ukrainian cybersecurity experts reported a Russian threat actor had targeted electrical substations last year using a new variant of Industroyer (also called Crashoverride) malware, previously used to compromise Ukrainian power grids in 2016. Fortunately, this attack was detected and mitigated before any blackout occurred, which would have otherwise impacted roughly 2 million people.
Extended power outages could affect access to food supply, medical care, financial systems and most other components of modern life. The Government Accountability Office has noted the U.S. grid “is an attractive target for cyberattacks from U.S. adversaries — such as nations like China and Russia, as well as individual bad actors, such as insiders and criminals.” The office also explained distribution systems “are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks.”
A desire to protect the power grid motivated Larry Truong to enroll in the cyber-physical systems track of the Georgia Tech Online Master of Science in Cybersecurity. As a product manager for a solar power company, he realized more cybersecurity knowledge was needed in his expanding industry — and fast.
“The number of solar power systems connected to the grid has grown in scale such that any compromise to it will have a major impact on the power grid,” said Truong, who recently completed his master’s degree while working full time. With solar accounting for 50% of total US electricity generating capacity addition in 2022 — the highest capacity addition contributor since 2019 — the need for sound cybersecurity practices in the industry is critical. Solar represents an increasingly significant portion of the electric grid’s critical infrastructure. Truong hopes to use what he’s learned to improve the security of both his company and the industry at large working through industry associations on cybersecurity standards and practices.
Cyber-physical Systems is one of three tracks within the master’s program, along with policy/management and information security. It prepares students to employ strategies for safeguarding systems, managing operations across technical sectors, and responding to or shaping domestic and international policies. The online program offers the same curriculum and tenure-track faculty as the on-campus program, with opportunities to gain hands-on experience through a five-credit-hour practicum. Students are addressing real-world problems, developing solutions that can be applied to their current jobs or future work as they pivot their careers after graduation.
Cybersecurity isn’t just about keeping your individual computers and devices safe; it’s about safeguarding our society and our world. Learn more about Georgia Tech's Online Master of Science in Cybersecurity.
Georgia Tech Professional Education is the global campus and lifetime education arm of the Georgia Institute of Technology, a top-ranked public university by U.S. News & World Report. The university offers a variety of programs online and onsite to meet the needs of working professionals and industry partners in STEM and business fields worldwide.