Industrial Cyber Vulnerabilities: Lessons from Stuxnet and the Internet of Things

Abstract

Cyber breaches continue at an alarming pace with new vulnerability warnings an almost daily occurrence. Discovery of the industrial virus Stuxnet during 2010 introduced a global threat of malware focused toward disruption of industrial control devices. By the year 2020, it is estimated that over 30 billion Internet of Things (IoT) devices will exist. The IoT global market spend is estimated to grow from $591.7 billion in 2014 to $1.3 trillion in 2019 with a compound annual growth rate of 17%. The installed base of IoT endpoints will grow from 9.7 billion in 2014 to more than 25.6 billion in 2019. With this tremendous growth in both data and devices, a security nightmare appears more reasonable than not. The proliferation of novel consumer devices and increased Internet-dependent business and government data systems introduces vulnerabilities of unprecedented magnitude. This paper adds to our understanding of the development of cyber vulnerabilities resulting directly from: (1) the Stuxnet code and its progeny, and (2) widespread malware exposure associated with the IoT.