Cyber attacks, once primarily directed against networks to steal confidential information and wreak virtual havoc, have begun to expand and are now directly affecting the physical world. For example, the recent hacking of the Associated Press's Twitter account by the Syrian Electronic Army and subsequent tweet about an explosion at the White House caused the U.S. stock market to decline almost 1% before the news was revealed as a hoax. In 2010 the computer worm Stuxnet was discovered and implicated in the attack that caused physical damage to centrifuges at Iranian nuclear enrichment facilities. In 2012 a hacker built and revealed a simple device that can open Onity-brand electronic locks (which secure over 4 million hotel room doors) without a key. The growing Internet of Things, the connection of physical devices to the internet, will rapidly expand the number of connected devices integrated into our everyday lives. From connected cars, iPhone-controlled locks (versions of which here, here, and here are in or close to production), to the hypothetical "smart fridge" that will one day order milk for me when I've run out, these technologies bring with them the promise of energy efficiency, convenience, and flexibility. They also have the potential to allow cyber attackers into the physical world in which we live as they seize on security holes in these new systems. As consumer demand for connected devices increases (and projections from Cisco and others suggest that there will be 50 billion connected devices by 2020), traditional manufacturers will, en masse, become manufacturers of connected devices. As these devices become subject to the same cyber threats with which software developers have long been familiar, companies will need to take steps to integrate security considerations into their designs and design processes right from the start.
