With great technology comes great risks. As new technology continues to emerge in this digital day and age, Carnegie Mellon University’s Software Engineering Institute (SEI) is taking a deeper look on the impact they will have. The institute has released its 2017 Emerging Technology Domains Risk report detailing future threats and vulnerabilities.
“To support the [Department of Homeland Security’s United States Computer Emergency Readiness Team] US-CERT mission of proactivity, the CERT Coordination Center located at Carnegie Mellon University’s Software Engineering Institute was tasked with studying emerging systemic vulnerabilities, defined as exposures or weaknesses in a system that arise due to complex or unexpected interactions between subcomponents. The CERT/CC researched the emerging technology trends through 2025 to assess the technology domains that will become successful and transformative, as well as the potential cybersecurity impact of each domain,” according to SEI’s report.
According to the report, the top technologies that pose a risk are:
- Blockchain: Blockchain technology has become more popular over the past couple of years as companies are working to take the technology out of cryptocurrency and transform it into a business model. Gartner recently named blockchain as one of the top 10 technology trends for 2018. However, the report notes the technology comes with unique security challenges. “Since it is a tool for securing data, any programming bugs or security vulnerabilities in the blockchain technology itself would undermine its usability,” according to the report.
- Intelligent transportation systems: It seems every day a new company is joining the autonomous vehicle race. The benefits of autonomous vehicles include safer roads and less traffic, but the report states that one malfunction could have unintended consequences such as traffic accidents, property damage, injury and even death.
- Internet of Things mesh networks: With the emergence of the IoT, mesh networks have been established as a way for “things” to connect and pass data. The report notes that mesh networks carry the same risks as traditional wireless networking devices and access points such as spoofing, man in the middle attacks and reconnaissances. In addition, the mesh networks pose more risks due to device designs and implementations. “A single compromised device may become a staging point for attacks on every other node in the mesh as well as on home or business networks that act as Internet gateways,” the report states.
- Machine learning: Machine learning provides the ability to add automation to big data and derive business insights faster, however the SEI worries about the security impact of vulnerabilities when sensitive information is involved. In addition, just as easy as it is to train machine learning algorithms on a body of data, it can be as easy to trick the algorithm also. “ The ability of an adversary to introduce malicious or specially crafted data for use by a machine learning algorithm may lead to inaccurate conclusions or incorrect behavior,” according to the report.
- Robotic surgery: Robot-assisted surgery involves a surgeon, computer console and a robotic arm that typically performs autonomous procedures. While the technique has been well established, and the impact of security vulnerabilities have been low, the SEI still has its concerns. “Where surgical robots are networked, attacks—even inadvertent ones—on these machines may lead to unavailability, which can have downstream effects on patient scheduling and the availability of hospital staff,” according to the report.
- Smart buildings: Smart buildings fall under the realm of the Internet of Things using sensors and data analytics to make building “efficient, comfortable, and safe.” Some examples of smart buildings include: real-time lighting adjustments, HVAC, and maintenance parameters. According to the SEI, the risks vary with the type of action. “The highest risks will involve safety- and security- related technologies, such as fire suppression, alarms, cameras, and access control. Security compromises in other systems may lead to business disruption or nothing more than mild discomfort. There are privacy implications both for businesses and individuals,” the wrote.
- Smart robots: Smart robots are being used alongside or in place of human workers. With machine learning and artificial intelligence capabilities, these robots and learn, adapt and make decisions based on their environments. Their risk include, but are not limited to, hardware, operating system, software and interconnectivity. “ It is not difficult to imagine the financial, operational, and safety impact of shutting down or modifying the behavior of manufacturing robots, delivery drones; service-oriented or military humanoid robots; industrial controllers; or, as previously discussed, robotic surgeons,” according to the researchers.
- Virtual personal assistants: Almost everyone has access to a virtual personal assistant either on their PC on mobile device. These virtual personal assistants use artificial intelligence and machine learning to understand a user and mimic skills of a human assistants. Since these assistants are highly reliant on data, the report states there is a privacy concern when it comes to security. “VPAs will potentially access users’ social network accounts, messaging and phone apps, bank accounts, and even homes. In business settings, they may have access to knowledge bases and a great deal of corporate data,” the researchers wrote.
According to the report, the top three domains that are the highest priority for outreach and analysis in 2017 are: intelligent transportation systems, machine learning and smart robots. “These three domains are being actively deployed and have the potential to have widespread impacts on society,” the report states.