Eric: Hello everyone. Thank you all for coming to today’s webinar. My name is Eric and I’ll be the host for this presentation. Please utilize the Q&A function for any questions that you may have throughout the course of the presentation and our guest speaker will do his best to answer at the end. For today’s presentation, our guest speaker is Dr. Raziq Yaqub, associate professor in the department of electronic engineering and computer science at Alabama A&M University. He earned his PhD in wireless communications from Keio University Japan and his MBA in marketing from Fairleigh Dickinson University in New Jersey. He has a total of 34 issued pennants (1:02) and the recipient of Inventor of the Year 2014 from the Inventors Hall of Fame in New Jersey. For his presentation today, Dr. Yaqub will talk to us about the EAV system, and its evolution provided into cyber security landscape, cyber [inaudible] (01:20) and the possible types of attacks. With that being said, I will like to now hand over your attention to Dr. Yaqub who will begin his presentation.
Dr. Yaqub: Thank you very much, Eric. It is really a pleasure to be a speaker on this conference. I hope my audience, my participants, they would enjoy the talk and before I start the talk, I would like to say that if you have any questions, please do ask me. And normally what I do is that when I deliver the talks in face, person to person, or in face normally what I say is that if you don’t ask questions, I will ask questions. Now I cannot see my audience so probably I don’t have the capability to ask the questions but if you have any questions, just type in your Q&A and I would be more than happy to answer. So, the agenda of today’s talk is that first, we will see that what is the landscape of cybersecurity. Then, we will move over and see how security evolved from security to cybersecurity and then we will see why cybersecurity is a challenge for ariel vehicles. And then we will look into the attack types in ariel vehicles, what are the possible attacks, what are the types of attacks and what are the possible attack vectors in case of ariel vehicles. And then the next item on my agenda would be what is the future cybersecurity technology. I will not go into detail, or depth, but I would simply mention, slightly mention, about the quantum computing and 6G technologies. Right now, we have 4G. Some of the big companies are deploying 5G. Now, 6G is the future technology. And finally, there would be some recommendations. So, next jump into talk and see what I have we will explain here.
So, first as it says, what is the landscape of security let’s say what is the landscape of security. By the way, since I cannot ask the questions directly but if you would like to participate, could you tell me to your Q&A, what is the cost of developing a stealth bomber? Just a ballpark cost. What do you think? What would be the cost of a stealth bomber? Anyone? Okay, I don’t see any answers so the cost. Okay, I think there is one. Not sure. Okay. Well, the cost of this stealth bomber is approximately 2 billion dollars. And by the way, can you tell me the cost of developing the cyber weapon? Any idea? Just guess? Guesstimate? Any guess? What do you think? What would be the cost of developing a cyber weapon? 4 billion? Okay, good guess. But actually, you know what? The cost of developing a cyber weapon is free. It is almost zero. It is just an engage of college student and have him write a code and that code becomes a cyber weapon. So, it is almost free. Cost of developing this kind of weapon is way, way, too high. But cost of developing a cyber-attack, you just need a laptop and a student or some expert, and he will develop a code for you, and you can launch an attack. Actually, that is the problem. That is the reason that anyone can jump into this cyber security field. Anyone can become a hacker if he has the knowledge of computer, he can become a hacker. That is the alarming thing. That we are scared not only from the expensive technology. It is just a free technology that anyone can use and develop. For example, a student can develop a game, right? Exactly the same way, a student can develop an attack as well.
Let me ask one more question. What do you think how many countries are engaged in cyber arms? How many countries are looking into cyber attacks? Any idea? Any idea that how many countries? Give me any guesstimate. So, actually it is 160 plus countries that are engaged in cyber arms race. In other words, there are almost all the countries. Almost all the world, almost all the countries in the world engage in cyber arms race. Who sponsors these attacks? Number one, terrorists. Why do they do that? To sabotage the network. Then, groups. Why? Why do they sponsor the attacks? For financial benefits. They want to get financial benefits, maybe they want to rob a bank. They want to get some money. They want to get the ransom for the money. So, the groups sponsor the attacks just because of the financial reasons. Then, the companies may sponsor the attacks because they want to stay ahead of competition. They want to stay ahead of competition means that they want to succeed. They want to fight with their competitors. They want to be number one in the world. So that could be that other motivation behind sponsors of attacks. And finally, the government. The government wants to sponsor the attacks of cyber security because they want to spy for their own security and safety.
Now, who is vulnerable? Who is vulnerable to the attacks? Who is the target for these attacks? So, the number one thing that come to my mind is power industry, power industry it can be under attack. Telecom industry could be under attack. Financial industry could be under attack. Health industry could be attacked. Governments and airline industry. So, there are several companies, there are several industries that could be targeted that are vulnerable for attack but in short almost everyone is vulnerable. When I talk about the power industry, everyone uses power. When I talk about the phone, everyone uses phone. When I talk about the banks, everyone has an account in bank. When I say healthcare, everyone has a doctor. Everyone has a health record, and those health records may be compromised. When I say government, again, all the countries and when I say aircraft industry all the passengers. So, almost everyone is vulnerable for cyber-attacks. Now, how security evolved from security to cybersecurity? What is the background? We used to use the word security. Now we use cyber security. What is cybersecurity? How security evolved into cybersecurity?
So, it takes me back to late 1960s when there was voice communication proliferating. The phones that started to become available to the public. And at that time, there was no concern at all. People just wanted to talk to each other and that was it. Nobody even talked about cybersecurity. It was such a simple age. It was such a simple era that people were not concerned about cybersecurity at all. But then, the concern of confidentiality and privacy erupted. Why? Because this lineman could hear your conversation just by tapping the wire, just by connecting the wires of his telephone to the line he could simply hear what you’re talking about. That was okay for common conversation, but it may not be okay if you’re making a deal with a company. If you’re signing a contract, if you’re discussing a business so that might not be good for those who were making deals or doing businesses on the phones. So, the solution was to encrypt the conversation. Whatever goes into this device, it would be encrypted, and it would be sent that encrypted talk would be sent. And the seer would simply receive the when the receiver would receive, then the conversation would be decrypted so that it would understand what is that. So, in case of encryption, this device would encrypt and send it on the line on the wireless channel and then it would be received then it would be decrypted.
Now, in late 1980s, and let me just pause and ask Eric. Eric, are there any attendees or is it only me and you?
Eric: No, there’s attendees.
Dr. Yaqub: Okay, good. So, in late 1980s there was a proliferation of computers. Here in 1960s, it was phone. And in late 1980s, there was a proliferation of computers. Computers started popping up. It was new it was a new age when the computers started proliferating. And again, when the computers were initially introduced, there were no concern. The computer was considered to be a cool device. It would calculate it would do competition. It would be used to write your manuscript or whatever. And people were happy. But then later on, there was a concern of information security. If I save my file, someone may take it out. And that was a concern that what if I have my data, if I have my files and someone guess or someone come to my office and steal those files steal that information or whatever files that I have. Then, the solution to that was well, use a password. And with the password you could protect your screen and if someone guess or comes, it cannot take those files unless you know the username and password.
Then in late 1990s, look at this. It was 60’s when the phone was common, started to be common. It was 80’s when computers started becoming common. Then it was 1990’s when people talked that well, these computers should be connected to each other so that we could send messages over computers and that is called proliferation of Internet. That was the development of Internet that the computer could be connected to each other. Again, when the Internet was being introduced into the world, initially there were no concerns at all. Nobody even actually knew about the Internet. Very few people what is email. Initially, in those days Hotmail was very popular, and people started using Hotmail and stuff like that. And even before that, there were no Hotmail. There were universities who were providing the email addressees and whatever universities used, maybe for academics. But then, a lot of other companies started popping up here and there. And again, initially there were no concern at all. But then, there was a concern of virus. People started making virus and sending to the computer and why was that? Because they wanted to get some money by making some antivirus stuff. So, they came up with the solution or antivirus software. I’m not sure if you remember this antivirus. Then there were some firewalls and so on. So, the Internet, there were no concern but later on, there were concern about the viruses.
Then in late 2000s, proliferation of Internet in the industry. People started thinking that why don’t we connect the industrial control systems with the Internet. What does it mean? It means that instead of going to the site to turn the well on or off, instead of going to the site to do certain operation, can we send a message on the Internet to that device to that well to turn off or turn on? Yeah, that was possible, and it became possible in late 2000s which is called Internet for industrial control systems or Internet for things. Internet of things and stuff like that. And again, initially there were no concern but then, the concern was cyber-attacks on critical cyber infrastructure. If this power system is also connected to the Internet, then this guy can send a virus to a system. Not to the laptop. Laptop is a small thing to attack. Now the people want to attack the industry. They want to attack the power systems. Why? Because if they are successful in having the back out then, they can ask to see you as well. We are the culprit. We did this back out. Give me $1 million and we will restore your electricity. Or these attacks in the launch in the telecommunication system. Or in the financial industry where they can steal millions of dollars and it is not just word people are doing that. Everyday millions of dollars are stolen from the banks all over the world. The financial industries wonder about that. What to do, how we can why this stealing of money how it happens if I come to know the key information about my about your account in a bank and if I can jog into the system and transfer your money into my account. Well, your money is gone, and it is in my account now. So, it is so simple. You can steal money without actually going to the bank. Just through cyber-attack, you can do whatever you want. So, this is called critical infrastructure. These are critical infrastructures. The power industry is considered a critical industry. Telecom industry are considered as a critical industry. Financial, health, government, airline, these are critical industries. If we called attacks, if we could launch an attack on these industries that would be, that is a major concern.
Now, why? Why it is dangerous? Why it is dangerous if someone attacks a power industry? It is because, as I mentioned earlier, that if someone hacks a financial institution, there would be a loss of money. If hacks a power system, there would be an outage. There could even be a flooding as well. A city could be destroyed if I could attack or if I could launch an attack on a hydroelectric power plant where I could open the gates of the dam so that the water can go into the city and the city would be very damaged. Or it is dangerous because if someone launches an attack on nuclear power plant, there would be all the radiation all over. And that would be a disaster for them, for the city, for the country and for the whole world. It actually happened in Iran when some sort of attack was launched which is called Stuxnet Attack and there was huge laws. Though the disaster was avoided, but still it was an alarm, it was an alert that anything could happen. And then, looking at this picture, looks like this man has a pacemaker attached to his heart. And this pacemaker is capable of sending the information to the doctor so that he could monitor the patient’s health. But imagine that if this pacemaker is sending the data to the doctor or receiving the data from the doctor and if someone hacks the channel and stops this pacemaker. If someone stops this pacemaker, you can kill this man. And it would be so silent that no one would be able to know what happened to this person, right. Then, vehicle hacking: human and capital loss. In this picture, what I’m trying to show is this car and this car was driving. And suddenly, the driver noticed that the wipers started moving. He was confused that why? What happened? Later on, he came to know that it was a cyber-attack. This hacker, this attacker attacked on the car in such a way that it went into the car’s communication system and made the wipers move. So, if this man can make the wipers move, then this man can make the steering wheel move as well. This man can take the control of breaks as well. This man can take the control of the whole car. And this would be dangerous. If an outsider, if my enemy takes the control of my car, it can do whatever he wants. Normally, no one would even be knowing that it was hacked. People would think just accident happens. So, that is how it is dangerous. And again, universities are hacked almost every other day. The hackers demand for the ransom, the ransom demand is there in order to release the data back. Recently it happened in the city where I lived. There was an attack on schools where they stole all the data of students, their house papers, their records, their grades and everything. And then they said okay, if you need this information back, give us this much money and we will release that information back to you. So, that is how the cybersecurity is so important and that’s very dangerous.
Now, why is cybersecurity a challenge for aerial vehicles? Why? Why the aerial vehicles? Why the airplanes or drones or whatever? So, there are three basic reasons. Cybersecurity is a challenge for aerial vehicles because these days, e-enablement is happening. Hybridization is happening and distributed control systems. These are the three main advancements in the aircraft that on one hand, are the advancements but on the other hand, they are inviting a lot of cybersecurity challenges. On one end, these enablement, e-enablement, hybridization, distributed controls, on one hand these are blessings. They will bring a lot of new things. But on the other hand, they will bring a lot of challenges. A lot of cybersecurity challenges. So, let’s see what e-enablement is. Then what is hybridization, then what is distributed control and then we will see how or what are the cybersecurity challenges in this.
So, let’s first see about the e-enablement. E-enablement is equipping aerial vehicles with advanced communication systems. For example, ATC, ATM, IEE 802.16e, Satellite, AIDS B-System and so on. So, equipping the aerial vehicles with new communication interfaces is called e-enablement. For example, ADS-B is the automatic surveil system for the planes. IEEE 802.16e is aeronautical mobile airport communication system. ATC is air traffic control system. ATM is air traffic management. So, a lot of technologies out there to communicate with the plane. It is a good thing basically. It is a good thing. And then it continues with e-enablement. The next thing is the planes are equipped for the value-added services. The planes are equipped with advanced communication systems for the value-added services. And when I say value-added services, I mean the Wi-Fi inside the plane. The Wi-Fi for the staff, for the crew members. Also, the Wi-Fi for the passengers. And also, now the planes are allowing BYOD, bring your own device. If you want to bring your laptop, you can just connect your iPad and watch your movie. Or whatever was displaying on your screen on the back of the seat, now, you can see it on your own device. So, bring your own devices. Even on the plane, you can have Internet. You can use whatever. On one end, these are good features right. But on the other end, they bring some challenges as well.
So, what is hybridization? As I mentioned, there are three things which are good, but they are bringing challenges as well. E-enablement, I explained, that you will have a lot of communications systems inside the plane and the hybridization is basically, there are two issues. One is the reduction of carbon dioxide emissions. And the second issue is the reduction of noise emissions. Let me explain a little bit further. When I say reduction of CO2 emissions, the targets set by the governments are that CO2 should be reduced by 70% per passenger kilometers by 2030. Means it should be reduced, the emissions of carbon dioxide from the planes should be reduced a lot. 70% per passenger per kilometers, right? So, it is a lot to be reduced by 2030. It is just 9 years from now. The second one, the second issue is to reduce the noise by 65% by 2050. Noise means actual noise. Noise pollution right. So, these are the two issues. Now, we want to solve these issues. Number one solution is gas propulsion. But gas propulsion cannot meet these aggressive goals. These are very very aggressive goals. Gas propulsion cannot meet these aggressive goals. What is gas? They have a chemical energy, engine and engine fans that are terrible engines. These are terrible friends. So, very simple. Fuel tank runs the engine and then you run the fan. And this engine has a controller called engine controller, right? So, it is very simple system as I showed in this picture. So, gas propulsion is one option for the planes, right? But it cannot meet these aggressive goals because of the gasoline taking a lot of carbon dioxide. Now the second option is electrified propulsion. Electrified propulsion means instead of using chemicals or stuff like that, use the electrical metrics. Use a converter and an electric motor and these fans. And again, there would be some controllers needed and that’s it. Metrics, converters, motors and some controllers. In case of gasoline, we need gasoline the fuel, engine and the turbo fans. And these are control. And in case of electrical, we need just batteries and converters and motors and this way we can reduce the pollution a lot. Because in case of batteries, there is zero pollution. In case of batteries, there is zero, not zero. But almost zero noise, right. But the issue with the electrical propulsion are that low quality heat is produced in the motors. If the motors are 1–2-megawatt motor, a lot of heat would be produced. So, this is an issue that how to dissipate that heat. How to mitigate that issue of heat. And then the second issue of heat as well. And that one is battery energy density. What is battery energy density? What it really means is that look at this lithium-ion batteries. If I have an electrified plane, this battery which is called lithium-ion batteries, it gives me 160 watt-hour per kilogram. If I have a battery of 1 kilogram, I can get the power 160 watt. So this watt-hour is associated with the rate of the battery. Whatever I want, the rate of the battery would be more. But in case of airplanes the weight is a big issue, right. I don’t want to have a bulky, bulky battery on the plane because it cannot be able to fly then. So, in case of batteries, it’s very heavy. One kilogram of battery can give me 160 watt-hours. Now, look at this gasoline. 1 kilogram of gasoline gives me 12,500 watt-hours. It is 160. It is 12,500 watt-hours. So here, the weight of 1 kilogram. Look at this. How much power I can get here the weight of battery of one kilogram. How much power do I get? So, this is another challenge. One challenge is heat. The other challenge is the weight of the batteries. Fuel, the gasoline is much, much lighter whereas the batteries are much, much heavier. And for the aircraft, we don’t want that heavy load on the plane.
Now, as I said, that these are the issues, right. Gas propulsion is one option, but it is not a good option. Electrified planes is another option but then these have two issues with that. Now, what is the middle ground. Middle ground is just hybridization. Hybridize means make the plane with both options. For example, hybridization is powering the propulsion system and by gas as well as electric motor. The hybridized plane would look like this. This is by fuel. It runs the engine and it runs the blade. Here is by battery. There’s a converter run by the motor and motor runs it. This is a controller is for this engine, the gasoline. This is the controller for the motors. And now, in order to have a super control on these two, I have a hybrid control. So, hybridization can provide me a better option because now I will be using partially gasoline, partially battery. So, this is the ideal solution for now because I will be able to meet some of these challenges and I will be able to overcome these issues as well. Now, when I say that hybridization. It means that a battery and electric motor to control this and a controller. And again, for the gasoline part, these are controllers. And now there is a super controller so these controllers. Now there are three controllers in one plane. Earlier, there was only one controller. Earlier, there was only one controller. But now for this kind of control, I need more controllers, at least three, visible in this picture. So, more controls are needed. More controls mean more communication between the parts. More communication means more cybersecurity because when [inaudible] (38:56) then again, there is an issue of cybersecurity.
So, in order to achieve this control, people suggested a distributed control system. In order to have this control kind of efficient control, people suggested distributed control system. And what is distributed control system? Distributed control system is basically there are two types of systems. There are two types of control systems. Number one is centralized, and number two is decentralized. What is centralized? In centralized control, there is only one controller and there are several sensors and actuators. In case of decentralized, there are multiple sensors and multiple actuators. So here you see only actuators and sensors connected to the controller directly. Here you see a controllers and sensors connected to the network, right. So, controller 1 is attached to the network. Controller 2 is attached to the network. Controller 3 is attached to the network. Sensor 1 is attached to the network, 2 is attached to the network, 3 is attached to the network. Similarly, to actuator 1, actuator 2, actuator 3. It is kind of a network. It is not like one to one. It is a network situation. That makes the control system very efficient. But again, when it comes to the network, it could be an Internet. And if it is an Internet then again, there is an issue of cybersecurity. Now what do you do? When you have lot of communication interfaces and you need distributed control system, and the distributed control system is in a form of network. Now there is possibility of attacks. Just because as I mentioned about the attacks or whatever. This is the reason that attacks can happen.
Now, what are the types of attacks on the aerial vehicles? What kind of attacks are there? Let’s see this picture. Let’s take a look at the normal system. So, what do you see here? There is a plane. There is one well, for example, the fuel well. This is a sensor and whenever it senses, it is a need for more fuel to be sent to the engine and send the message to the controller. And this well open and more fuel is allowed to the engine and they run faster. So, this sensor senses, sends the message to the controller. Controller translates that message as the actuator takes the action. For example, this pilot has pressed the accelerator to accelerate the plane. This sensor will notice that the pilot wants to accelerate the plane. It will send this message to the controller. Controller will send this message to the well and more well will be open, more fuel will go and faster the plane. So, this is a normal system. Here this is a sensor. This is an actuator, this one, right? This is our plane and the aircraft, the engine and stuff. And a controller. Whatever commands from the sensor goes to the actuator that is to the controller, right? Now. This is the system under attack. The same thing but under attack and here you see that there are several types of attacks for example, X1 attack. I will explain that. X2 attack. I will explain that. X3 attack. X4 attack. X5 attack. X6 attack. X7 attack and X8 attack. So, there are so many attack types. So, let’s see one by one. X1 attack. X1 attack is the deception attack to intercept communication between the sensor and the controller. The sensor was sending some information to the controller and this guy actually intercepted those and didn’t allow the packets to go to the controller. And the controller thinks that it had sent a message but actually that message has been taken away from the hacker and nothing else. Right? For example, a pilot is pressing the accelerator to accelerate the plane. But the message is not going to the controller in terms of control and actuator and the plane is not moving fast. So now the pilot is confused that even though I’m pressing the accelerator far and hard but the plane is not moving. And he calls the drone team and they say well, your plane is hacked. It is a cyber-attack. So, this is one type of attack. The second type of attack is DoS attack to block the communication channel between the sensor and the controller. What is DoS attack? Someone is sending the messages to the controller so often that the controller is confused that how to respond to so many persons, so many questions. And finally, what happens is that the actual command it is supposed to handle it could not handle because he is busy in responding to the other [inaudible] (45:40). So basically, looks like someone has disconnected. Actually, physically the connection is there but this controller is not capable of receiving that because somebody has made it so busy that it is not responding to this. This is called the attack, the DoS attack. And the third attack, X3 attack, is someone actually hacked the controller. Someone actually injected some malware into this controller. Someone might have injected a SQL code and that’s how this controller stopped. It is disabled. It is not working. Right? So, whatever is coming from here will not be processed and sent to the actuator. The next one is X4 attack, and this is again, a similar type of attack. It is same as X2 attack. The only difference between this one and this one is that here, the communication between the sensors and the controllers is blocked and here the communication between actuator and controller is blocked. These are both the same but here, the communication between the sensor and controller here communication between actuator and controller is blocked. Then, X5 is exactly same as X1 and that is deception attack to intercept the communication between actuator and controller. So, someone just not allowing there’s somebody taking the package and not allowing the package to go to the actuator and this actuator is not responding. Even though the command is to open the walls for the more few. It is coming to here coming to here, coming to here but then this package is taken away by someone and the package does not reach here and nothing happens. And then, X6 attack is same as X7 attack. And what are these two attacks? I have not yet explained. X6 attack is someone had attached the actuator itself and it is not responding or someone has attacked the sensor itself and it is not responding, right? So, these are additional two types of attacks. And then, X7 there’s someone has moved the sensor and X6 was someone who moved the actuator and the attack number 8 is the physical attack. Someone has physically inserted, for example, a USB and downloaded the code into the system. So, these are the eight different types of attacks.
What are the possible attack vectors? Well, how these attacks could happen. How the hackers would be able to launch that kind of attack? That is called the attack vector. So, attack vector-1 is that 4G/5G communication channels, right? The external communication channels which are talking to the distributed control systems. And attack vector-2 is the satellite or Internet or internal channels are distributed control systems. And the third one is the BYOD device, bring your own devices, right? So, these are some of the attacks that may have attack vectors, right? Then, the other attack vector could be the radio device in Cargo. For example, you put your suitcase in the Cargo, right? And you’re sitting in the plane, right? Because you cannot carry any electronics, which is dangerous for the plane, you cannot carry. And you are smart, you put that electronics into the Cargo in your suitcase and you gave it to the company, the airline company. And now it is sitting in the Cargo. You have a remote control for that while sitting on a plane seat, you try to activate that electronic that is in the Cargo. And now that may start hacking the system or that device may play whatever it is meant for, you brought it on the plane to do something on that thing, so you are successful to do that. Attack vector number five is the ground maintenance. For example, battery charging if it is an electric plane then there would be a battery charging system. So, though the attacks are related to the battery charging for example, when it is connected, this plane is connected for the charging actually. But this charging station is actually connected to the utility company and then this utility company has consumers as well at home. And this consumer has a smart meter at home. If he could send something from smart meter to this utility company to this charging station to this plane, then you have actually injected the code. You actually injected some bad stuff in the computer system of this plane because it is physically connected to the utility company, right? Then access to the electronic components related are for example, if you connect the computer the plane is on the ground for maintenance and you connect the computer and stuff like that, you actually hack the electronics that the computer in the plane then this plane is infected. Or maybe you connect these kinds of diagnostic systems to diagnose that the plane is good to fly or not so basically when you connect this computer to the plane then you decide who’s connected to this plane, maybe a bad person, he can inject the bad stuff into the plane. And again, the last one on the ground is about the connections when it is on ground, people are still connecting to the Wi-Fi and so on, that kind of network can be used to basically inject the code to the virus or inject the virus and so on.
What are the some of the possible attack steps? Number one is hacker sends a malware. So, pay attention to this. This is interesting. Hackers sends a malware maybe in an email attachment or maybe a service level exploit and when I say service level exploit, I mean web FTP,
Telnet or SSH. So, the hacker sends some malware. The recipient opens the attachment and when you open the attachment, the malware gets installed quietly into his laptop. Then hacker takes control of the email recipient’s PC. The person who opened the email, his laptop, his PC will be compromised. Now, hacker performs the ARP scan to find the slave database. And once he finds the slave database, he sends the SQL code to the slave database. And when hacker performs, when the hacker knows the slave database, he performs another ARP scan to find the remote terminal unit. And once the remote terminal unit is found, it is launched. So, whatever I have written here, let’s see it in a simulation. Look at this email is sent, which goes to this laptop and this guy opens this attachment and his laptop or his computer is infected, right? Now, he performs the ARP scan. He scans all the devices, right? And finds the slave database. Once he finds the slave database, he performs another scan and injects the SQL command on the master database. And then finally, he performs another ARP scan and finds the RTU. And once the RTU is found, he can do whatever he wants. Just imagine that this RTU is connected to the wall to open and close. So, if this is compromised, now the hacker can control open the control of wall. So, if the pilot finds some [inaudible] (56:32) on the plane, he may accelerate the plane and so on.
So, what is the future of this cybersecurity technology? The quantum security and quantum security basically votes on the quantum on chemical properties which are superpositions of entanglement, wave and particle, Heisenberg’s uncertainty principle. So, these are the main principals behind this quantum security. And this quantum security would be more robust because it would be impossible to copy the data, it would render the longer keys and it will deliver the keys just for one time.
Now we reach to the last part of this presentation which are key recommendations. So, what are my recommendations for the audience. Number one patch the systems in a timely manner. Sometimes you see notifications on your computer or your laptop that obviates needy. Restart your computer. Those are important. Patch the systems in timely manner. Number two update the rules and alerts. This is for the system administrator who maintains the firewalls and stuff so they need to update the rules and the alerts. And then update the signatures database. This is for cybersecurity experts who protect the system. So, it is for them to update the signature database regularly, on a regular business. And this recommendation number two that if attack happens, then you will be problemed so try to deploy some of the advanced appliances that could detect the attack and that could actually answer for me questions. For example, what information was taken when the attack happened, who took it, and when did the breach occur, how did the breach occur? And how do we prevent the system from future recurrences? So, these are some of the things that an expert should know why the attacks in the future. The recommendation number three is stronger authentication mechanisms. Your mechanism for authentication, a person or a machine should be strong. Then intrusion detection and prevention system, anomaly detection, DPI deep packet inspection, DMZ, physical security and continuous monitoring. These are some of the recommendations. Then the next one is that you should train your staff for software security and hardware security. So, training carries a lot of importance. With this, I end my talk. We still have some time for questions and answers. So, I purposely designed my talk for one hour so that we could devote 30 minutes for question and answer. So, if you have any questions, let me know or let our moderator know, Eric. And Eric would either transfer those questions to me. Or you can write in the Q&A directly and I will be happy to answer. Eric, any questions from the audience?
Eric: No, I’m not seeing anything. We’ll just give it a minute and see if anybody wants to type anything. Just like he said, there’s a Q&A function at the bottom of your screen. If you have any questions, go ahead and type them there.
Dr. Yaqub: I don’t have questions so far.
Eric: Yeah, I’m not seeing anything either.
Dr. Yaqub: Okay, so if we do not have any questions, let’s wait another two minutes and we will end this session. Eric, are you in engineering?
Eric: No, I’m in marketing. But I did find all that, all the different vectors, all the different possibilities that where cyber-attack could happen actually very interesting. I didn’t know that there were that many opportunities for a hacker to get into a system like that. It’s mind-blowing honestly. It looks like no questions for you, sir. No questions. But I do want to thank you for your time. Thank you for discussing all the information with us, and thank you to the audience for attending, everybody who’s here. At the end of the webinar, once I close it out, there will be a short survey for everybody, I would just ask you guys to please to fill that out. It will take a minute or so to fill it out. But that’s all for me. You have any last words for them?
Dr. Yaqub: No, I don’t have anything. So, if the audience has any questions for me, they can send me an email to me. My email address is here. They can just send an email. I would be more than happy to respond to any questions. They can also contact with me on LinkedIn. If they type my name as ‘Dr. Raziq Yaqub’ on LinkedIn, they can find me there as well. They can send their answers on LinkedIn as well. So, with that I would like to end my talk. Thank you very much, Eric.
Eric: Thank you, sir.
Dr. Yaqub: Nice meeting with you. Have a good rest of your day.
Eric: Alright. Take care, now.