CERT: These emerging technologies bring new risks

CERT updates its list of potentially worrisome innovations.
Written by Bob Violino, Contributor

Emerging technologies are finding their way into everyday life as they mature and gain acceptance. But that doesn't mean they're without risk.

The CERT Division of the Software Engineering Institute at Carnegie Mellon University once again has updated its list of technologies that might present challenges from an information security and safety perspective.

In its Emerging Technology Domains Risk Survey, CERT examines a variety of trends that can provide a lot of benefits to people and businesses, but also pose risks that need to be addressed.

Some of these areas are moving ahead so quickly in adoption that companies have not had a chance to completely evaluate their implications. For example, "machine learning and robotics are advancing more quickly than expected, and may have as-yet-undiscovered risks," said Dan Klinedinst, senior threat and vulnerability researcher at CERT and one of the authors of the report.

Here are the technologies that CERT, a group that researches various issues related to cybersecurity, will be watching especially closely in the coming months:

Blockchain: A blockchain is a highly distributed data structure that underlies technologies such as the Bitcoin digital currency. It's designed to provide a high level of data integrity without the need for centralized management. Blockchain technology has unique security challenges, CERT said. Since it's a tool for securing data, any programming bugs or security vulnerabilities in the technology itself would undermine its usability.

Intelligent Transportation Systems (ITS): Future ITSs will provide communications and data between connected and autonomous cars and trucks, road infrastructure, and other types of vehicles. The impact of security compromises is similar to that for individual autonomous or connected vehicles, CERT said, but on a larger scale. A miscommunication in systems, accidental or intentional, could lead to numerous traffic accidents. Privacy is a concern due to the ability to track a vehicle's location in real time.

Internet of Things (IoT) Mesh Networks: A mesh network is a decentralized network topology in which many of the networked devices act as nodes through which data can propagate. IoT stands to become a significant driver of their use, CERT said, and by interfacing with traditional network technologies to obtain internet connectivity, IoT mesh networks will extend the perimeter both as access points and as additional targets for exploitation.

Machine Learning: Real-world applications of machine learning range from big data analytics and mining to image processing, spam filtering, intrusion detection systems, and self-driving cars. The actual security impact of vulnerabilities in machine learning tools will largely depend on specific implementations, CERT said. Where sensitive information is aggregated, for instance, there is the potential for theft or leakage.

Robotic Surgery: This typically refers to robot-assisted surgery in which a surgeon performs an operation through a computer console that controls a robotic arm. But it might also refer to fully autonomous procedures. The biggest area of concern is devices with networked communications, as these might be at risk for remote attacks.

Smart Buildings: Smart buildings involve use of IoT sensors and data analytics to make commercial buildings more efficient, comfortable, and safe. CERT said the security risks of smart building technologies will vary according to the specific technologies, but the highest risks will involve safety- and security-related technologies.

Smart Robots: These are autonomous machines that work alongside or in the place of human workers. As machine learning and artificial intelligence come into prominence, smart robots will emerge that can learn from their environments, adapt, and make informed decisions. Current research on the security of existing robots has resulted in the discovery of numerous specific vulnerabilities, according to CERT.

Virtual Personal Assistants (VPA): VPAs are applications that mimic the skills and functions of a human assistant. As VPA technology continues to mature, its functionality will continue to expand. Given that VPAs will have access to huge amounts of personal data, there are privacy concerns regarding the technology.

Editorial standards