Why Hardware Engineers Have to Think Like Cybercriminals
The future of cybersecurity is in the hands of hardware engineers, reports IEEE Spectrum. According to Scott Borg, director of the U.S. Cyber Consequences Unit, hackers are increasingly focusing on hardware, not on software. Initially, hackers "focused on operations control, monitoring different locations from a central site. Then they moved to process control, including programmable logic controllers and local networks. Then they migrated to embedded devices and the ability to control individual pieces of equipment. Now they are migrating to the actual sensors[...]”
The issue with computer science is that through decades of abstraction, few people understand what is happening inside the hardware. Everyone is in love with the latest apps, but the hardware is taken for granted.
A system is only as good as its weakest link. No matter how secure we design the 10th level in our software architecture, the system can be compromised if level 0, the hardware, is insecure.
The Australian Digital Technologies Curriculum has a thread on Digital Systems where students explore hardware components, peripheral devices, how systems connect to transfer data and how this can be done securely. So there is an envelope in which hardware and security can be explored in depth.
The reason we developed the Blueberry4™ educational microprocessor is for students can get an understanding of the inner workings of the machine. And yes, we have designed it so that students can hack into it and learn about attack vectors. When you know how to hack you know what countermeasures can be taken. Knowing about the hardware in detail fundamentally helps students to write software that is less prone to cyber attacks.