Cynthia Wright, a retired military officer with over 25 years of experience in national security and cyber strategy and policy, now Principal Cyber Security Engineer at The MITRE Corporation, will give the opening keynote at the upcoming MEMS & Sensors Executive Congress, October 29-30, 2018 in Napa, Calif. SEMI’s Maria Vetrano interviewed Wright to give MSEC attendees an advance look at Wright’s highly anticipated presentation.
SEMI: MEMS and sensors suppliers provide intelligent sensing and actuation to hundreds of billions of autonomous mobility devices – but historically, our community has not been at the forefront of cybersecurity. Why is now a good time for us to get involved?
Wright: From wearables, smartphones, refrigerators and agriculture to medical devices and military hardware, autonomous mobility devices pervade our lives. At the same time, Internet of Things (IoT) botnet attacks like Mirai — and other demonstrated cyberattacks on home devices, vehicles and infrastructure — highlight the increasingly urgent need to address cybersecurity and privacy in MEMS/sensors-enabled devices.
As building-block players in autonomous devices, MEMS and sensors suppliers have several good reasons to get involved.
The number of IoT cyber security bills before state and federal legislatures suggest that regulation is coming, and it is in everyone’s best interest to prepare. While original equipment manufacturers (OEMs) would generally be held liable in cases of component malfunction or data breach, if insecurity stems from a microelectromechanical component, OEMs would most likely choose component suppliers with secure products.
Beyond legislation and competitive advantage, we must consider that people’s well-being, even lives, could be at stake. Imagine what could happen if someone hacks into an insulin pump, the accelerometer on a train, or the LIDAR of an autonomous car. Intrusions of this sort could prove catastrophic.
SEMI: Where do you perceive the biggest potential threats to consumers, industry, government?
Wright: In good military fashion, I would say that it depends. If a person is a consumer of medical implants, that’s a big threat. On the government side, we could be talking about networked devices involved in military situational awareness. In industry, it could be sensors governing critical manufacturing or safety processes.
I am not saying that every sensor must be secure. In every sector, there are areas of greater or lesser vulnerability, depending on context.
SEMI: What is security or privacy by design?
Wright: Addressing security flaws is cheaper and more easily accomplished at the design stage and not after the vulnerabilities are discovered. At MITRE, we practice systems- and design-oriented thinking as we consult with people doing development. We help them to develop security standards and approaches that are broadly applicable, rather than focusing on a specific product.
For example, MITRE looks at the ways that a person might hack into a car to steal location and life history data — or alter its functions — to facilitate general standards and approaches that will help manufacturers better ensure the privacy and security of autonomous vehicles. Hackers have demonstrated that they can interfere with vehicle transmissions and brakes. Ignition, steering and other critical systems are theoretically accessible through the same types of attacks. To what degree can MEMS/sensors suppliers help automotive manufacturers ensure the privacy and security of autonomous cars, and the safety of their drivers?
SEMI: What would you like MSEC attendees to take away from your presentation?
Wright: MEMS/sensors suppliers are on the leading edge of computing and should take some responsibility for considering cybersecurity and privacy, for the safety of their customers and their own competitive advantage. Recognize which devices should be secure and act accordingly. Get involved at the design stage. The market for secure microelectronics is only going to grow, and this will benefit suppliers who take secure design seriously.
Cynthia Wright will present Cyber Security and Privacy in the Age of Autonomous Sensing on Monday, October 29 at MEMS & Sensors Executive Congress in Napa, Calif.
Register today to connect with her at the event.
Maria Vetrano is a public relations consultant at SEMI.