The new front in cyber warfare: embedded systems
At the recent Take Down Conference, a scheduled talk on security vulnerabilities in SCADA (Supervisory Control And Data Acquisition) systems was cancelled due to direct requests from the Department of Homeland Security and Siemens (CNET – "SCADA hack talk canceled after U.S., Siemens request" . The request was made because the details of the vulnerabilities and the exploits associated with these vulnerabilities were too sensitive at this point in time. (The researchers have announced that these will be revealed at the upcoming Black Hat conference in August 2011).
This type of request is unusual since the common approach of researchers in the security field is full disclosure so that vulnerabilities are well understood and hopefully, quickly fixed. What this does indicate is the emerging importance of embedded system security in the eyes of the government, the security research community and the technology media in general. The Stuxnet malware initiated this new awareness since its public revelation in 2010.
Embedded systems are the key control and data acquisition point for much our infrastructure – power grid, nuclear power plants, dam control, factory control, robotics, etc.