Editing Computer security (section)

==Systems at risk==
The growth in the number of computer systems and the increasing reliance upon them by individuals, businesses, industries, and governments means that there are an increasing number of systems at risk.

===Financial systems===
The computer systems of financial regulators and financial institutions like the [[U.S. Securities and Exchange Commission]], SWIFT, investment banks, and commercial banks are prominent hacking targets for [[Cybercrime|cybercriminals]] interested in manipulating markets and making illicit gains.<ref>{{Cite journal|title=The New Market Manipulation|first=Tom C. W.|last=Lin|date=3 July 2017|ssrn=2996896|journal= Emory Law Journal |volume=66|page=1253 }}</ref> Websites and apps that accept or store [[credit card number]]s, brokerage accounts, and [[bank account]] information are also prominent hacking targets, because of the potential for immediate financial gain from transferring money, making purchases, or selling the information on the [[black market]].<ref>{{cite journal|title=Financial Weapons of War |journal=Minnesota Law Review|year= 2016|ssrn=2765010|last1=Lin|first1=Tom C. W.}}</ref> In-store payment systems and [[Automated teller machine|ATMs]] have also been tampered with in order to gather customer account data and [[Personal identification number|PINs]].

The [[UCLA]] Internet Report: Surveying the Digital Future (2000) found that the privacy of personal data created barriers to online sales and that more than nine out of 10 internet users were somewhat or very concerned about [[credit card]] security.<ref>{{cite report|last1=Cole|first1=Jeffrey I.|first2=Michael|last2=Suman|first3=Phoebe|last3=Schramm|first4=Daniel|last4=van Bel|first5=B.|last5=Lunn|first6=Phyllisane|last6=Maguire|first7=Koran|last7=Hanson|first8=Rajesh|last8=Singh|first9=Jedrix-Sean|last9=Aquino|first10=Harlan|last10=Lebo|title=The UCLA Internet report: Surveying the digital future|website=ccp.ucla.edu|year=2000|url=http://ccp.ucla.edu/UCLA-Internet-Report-2000.pdf|archive-url=https://web.archive.org/web/20030423221926/http://ccp.ucla.edu/UCLA-Internet-Report-2000.pdf|archive-date=23 April 2003|access-date=15 September 2023}}</ref>

The most common web technologies for improving security between browsers and websites are named SSL (Secure Sockets Layer), and its successor TLS ([[Transport Layer Security]]), [[identity management]] and [[authentication]] services, and [[domain name]] services allow companies and consumers to engage in secure communications and commerce. Several versions of SSL and TLS are commonly used today in applications such as web browsing, e-mail, internet faxing, [[instant messaging]], and [[VoIP]] (voice-over-IP). There are various [[Interoperability|interoperable]] implementations of these technologies, including at least one implementation that is [[open source]]. Open source allows anyone to view the application's [[source code]], and look for and report vulnerabilities.

The credit card companies [[Visa Debit|Visa]] and [[MasterCard]] cooperated to develop the secure [[EMV]] chip which is embedded in credit cards. Further developments include the [[Chip Authentication Program]] where banks give customers hand-held card readers to perform online secure transactions. Other developments in this arena include the development of technology such as Instant Issuance which has enabled shopping [[mall kiosk]]s acting on behalf of banks to issue on-the-spot credit cards to interested customers.

===Utilities and industrial equipment===
Computers control functions at many utilities, including coordination of [[telecommunications]], the [[power grid]], [[nuclear power plant]]s, and valve opening and closing in water and gas networks. The Internet is a potential attack vector for such machines if connected, but the [[Stuxnet]] worm demonstrated that even equipment controlled by computers not connected to the Internet can be vulnerable. In 2014, the [[Computer Emergency Readiness Team]], a division of the [[Department of Homeland Security]], investigated 79 hacking incidents at energy companies.<ref>{{cite web |last1=Pagliery |first1=Jose |title=Hackers attacked the U.S. energy grid 79 times this year |url=https://money.cnn.com/2014/11/18/technology/security/energy-grid-hack/ |website=CNN Money |publisher=Cable News Network |access-date=16 April 2015 |url-status=live |archive-url=https://web.archive.org/web/20150218070238/https://money.cnn.com/2014/11/18/technology/security/energy-grid-hack |archive-date=18 February 2015  |date=18 November 2014 }}</ref>

===Aviation===
The [[aviation]] industry is very reliant on a series of complex systems which could be attacked.<ref>{{cite conference |first=P. G. |last=Neumann |title=Computer Security in Aviation: Vulnerabilities, Threats, and Risks |conference=International Conference on Aviation Safety and Security in the 21st Century, White House Commission on Safety and Security |year=1997 |url=https://www.csl.sri.com/~neumann/air.html}}</ref> A simple power outage at one airport can cause repercussions worldwide,<ref>{{cite report | last=Dillingham | first=Gerald L. | title=Aviation security: terrorist acts demonstrate urgent need to improve security at the nation's airports | publisher=United States. General Accounting Office | date=20 September 2001 | url=https://rosap.ntl.bts.gov/view/dot/33937}}</ref> much of the system relies on radio transmissions which could be disrupted,<ref>{{cite web|url=http://www.securityweek.com/air-traffic-control-systems-vulnerabilities-could-make-unfriendly-skies-black-hat|title=Air Traffic Control Systems Vulnerabilities Could Make for Unfriendly Skies [Black Hat] – SecurityWeek.Com|date=27 July 2012 |url-status=live|archive-url=https://web.archive.org/web/20150208070914/http://www.securityweek.com/air-traffic-control-systems-vulnerabilities-could-make-unfriendly-skies-black-hat|archive-date=8 February 2015}}</ref> and controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore.<ref>{{cite web |date=4 August 2014 |title=Hacker Says He Can Break into Airplane Systems Using In-Flight Wi-Fi |url=https://www.npr.org/blogs/alltechconsidered/2014/08/04/337794061/hacker-says-he-can-break-into-airplane-systems-using-in-flight-wi-fi |url-status=live |archive-url=https://web.archive.org/web/20150208072554/http://www.npr.org/blogs/alltechconsidered/2014/08/04/337794061/hacker-says-he-can-break-into-airplane-systems-using-in-flight-wi-fi |archive-date=8 February 2015 |access-date=2020-03-19 |work=NPR}}</ref> There is also potential for attack from within an aircraft.<ref>{{cite news |first=Jim |last=Finkle |date=4 August 2014 |title=Hacker says to show passenger jets at risk of cyber attack |newspaper=Reuters |url=https://www.reuters.com/article/us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804 |url-status=live |access-date=2021-11-21 |archive-url=https://web.archive.org/web/20151013061705/http://www.reuters.com/article/2014/08/04/us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804 |archive-date=13 October 2015}}</ref>

Implementing fixes in aerospace systems poses a unique challenge because efficient air transportation is heavily affected by weight and volume. Improving security by adding physical devices to airplanes could increase their unloaded weight, and could potentially reduce cargo or passenger capacity.<ref>{{cite magazine  | last = Cesar | first = Alan | title = Online course bolsters cybersecurity in aviation | magazine = Aerogram | date = 15 Dec 2023 | url =  https://engineering.purdue.edu/AAE/Aerogram/2023-2024/articles/41-cyber-course | publisher=Purdue University School of Aeronautics and Astronautics| access-date =2024-01-09 }}</ref>

In Europe, with the ([[Pan-European Network Service]])<ref>{{cite web|url=https://www.eurocontrol.int/articles/pan-european-network-services-pens|title=Pan-European Network Services (PENS) – Eurocontrol.int|url-status=live|archive-url=https://web.archive.org/web/20161212175606/https://www.eurocontrol.int/articles/pan-european-network-services-pens|archive-date=12 December 2016}}</ref> and NewPENS,<ref>{{cite web|url=https://www.eurocontrol.int/news/centralised-services-newpens-moves-forward|title=Centralised Services: NewPENS moves forward – Eurocontrol.int|work=Eurocontrol |url-status=live|archive-url=https://web.archive.org/web/20170319025329/https://www.eurocontrol.int/news/centralised-services-newpens-moves-forward|archive-date=19 March 2017|date=17 January 2016}}</ref> and in the US with the NextGen program,<ref>{{cite web|url=https://www.faa.gov/nextgen/update/progress_and_plans/data_comm/|title=NextGen Data Communication|publisher=FAA|archive-url=https://web.archive.org/web/20150313110025/http://www.faa.gov/nextgen/update/progress_and_plans/data_comm/|archive-date=13 March 2015|access-date=15 June 2017}}</ref> [[air navigation service provider]]s are moving to create their own dedicated networks.

Many modern passports are now [[biometric passport]]s, containing an embedded [[Integrated circuit|microchip]] that stores a digitized photograph and personal information such as name, gender, and date of birth. In addition, more countries{{which|date=December 2012}} are introducing [[facial recognition technology]] to reduce [[identity fraud|identity-related fraud]]. The introduction of the ePassport has assisted border officials in verifying the identity of the passport holder, thus allowing for quick passenger processing.<ref>{{Cite web |title=e-Passports {{!}} Homeland Security |url=https://www.dhs.gov/e-passports |access-date=2023-02-03 |website=www.dhs.gov}}</ref> Plans are under way in the US, the [[UK]], and [[Australia]] to introduce SmartGate kiosks with both retina and [[fingerprint recognition]] technology.<ref>{{Cite web|url=http://www.dfat.gov.au/dept/passports/|title=The Australian ePassport. Australian Government Department of Foreign Affairs and Trade website|access-date=1 May 2023|archive-date=9 January 2015|archive-url=https://web.archive.org/web/20150109033115/http://www.dfat.gov.au/dept/passports/}}</ref> The airline industry is moving from the use of traditional paper tickets towards the use of [[electronic ticket]]s (e-tickets). These have been made possible by advances in online credit card transactions in partnership with the airlines. Long-distance bus companies{{which|date=December 2012}} are also switching over to e-ticketing transactions today.

The consequences of a successful attack range from loss of confidentiality to loss of system integrity, [[air traffic control]] outages, loss of aircraft, and even loss of life.

===Consumer devices===
Desktop computers and laptops are commonly targeted to gather passwords or financial account information or to construct a botnet to attack another target. [[Smartphone]]s, [[tablet computer]]s, [[smart watch]]es, and other [[mobile devices]] such as [[quantified self]] devices like [[activity tracker]]s have sensors such as cameras, microphones, GPS receivers, compasses, and [[accelerometers]] which could be exploited, and may collect personal information, including sensitive health information. WiFi, Bluetooth, and cell phone networks on any of these devices could be used as attack vectors, and sensors might be remotely activated after a successful breach.<ref name="nestwatch">{{cite web|url=https://www.npr.org/blogs/alltechconsidered/2014/08/06/338334508/is-your-watch-or-thermostat-a-spy-cyber-security-firms-are-on-it|title=Is Your Watch Or Thermostat A Spy? Cybersecurity Firms Are On It|date=6 August 2014|work=NPR|url-status=live|archive-url=https://web.archive.org/web/20150211064650/http://www.npr.org/blogs/alltechconsidered/2014/08/06/338334508/is-your-watch-or-thermostat-a-spy-cyber-security-firms-are-on-it|archive-date=11 February 2015}}</ref>

The increasing number of [[home automation]] devices such as the [[Nest thermostat]] are also potential targets.<ref name="nestwatch" />

===Healthcare===
Today many healthcare providers and [[health insurance]] companies use the internet to provide enhanced products and services. Examples are the use of [[Telehealth|tele-health]] to potentially offer better quality and access to healthcare, or fitness trackers to lower insurance premiums.{{citation needed|date=January 2025}} Patient records are increasingly being placed on secure in-house networks, alleviating the need for extra storage space.<ref>{{Cite journal |last1=Kruse |first1=CB |last2=Smith |first2=B |last3=Vanderlinden |first3=H |last4=Nealand |first4=A |date=July 21, 2017 |title=Security Techniques for the Electronic Health Records |journal=Journal of Medical Systems |volume=41 |issue=8 |page=127 |doi=10.1007/s10916-017-0778-4 |pmc=5522514 |pmid=28733949}}</ref>

===Large corporations===
Large corporations are common targets. In many cases attacks are aimed at financial gain through [[identity theft]] and involve [[data breach]]es. Examples include the loss of millions of clients' credit card and financial details by [[Home Depot]],<ref>{{cite news |first=Melvin |last=Backman |date=18 September 2014 |title=Home Depot: 56 million cards exposed in breach |publisher=[[CNNMoney]] |url=https://money.cnn.com/2014/09/18/technology/security/home-depot-hack/ |url-status=live |archive-url=https://web.archive.org/web/20141218221105/https://money.cnn.com/2014/09/18/technology/security/home-depot-hack/ |archive-date=18 December 2014  }}</ref> [[Staples Inc.|Staples]],<ref>{{cite magazine |url=http://fortune.com/2014/12/19/staples-cards-affected-breach/ |title=Staples: Breach may have affected 1.16 million customers' cards |magazine=Fortune.com |date=19 December 2014 |access-date=21 December 2014 |url-status=live |archive-url=https://web.archive.org/web/20141221160612/http://fortune.com/2014/12/19/staples-cards-affected-breach/ |archive-date=21 December 2014  }}</ref> [[Target Corporation]],<ref>{{cite news|author=<!--Not stated.-->|title=Target: 40 million credit cards compromised|url=https://money.cnn.com/2013/12/18/news/companies/target-credit-card/index.html|access-date=29 November 2017|work=CNN|date=19 December 2013|url-status=live|archive-url=https://web.archive.org/web/20171201035530/https://money.cnn.com/2013/12/18/news/companies/target-credit-card/index.html|archive-date=1 December 2017}}</ref> and [[Equifax]].<ref>{{cite news|last1=Cowley|first1=Stacy|title=2.5 Million More People Potentially Exposed in Equifax Breach|url=https://www.nytimes.com/2017/10/02/business/equifax-breach.html|access-date=29 November 2017|work=The New York Times|date=2 October 2017|url-status=live|archive-url=https://web.archive.org/web/20171201054900/https://www.nytimes.com/2017/10/02/business/equifax-breach.html|archive-date=1 December 2017}}</ref>

Medical records have been targeted in general identify theft, health insurance fraud, and impersonating patients to obtain prescription drugs for recreational purposes or resale.<ref>{{cite news|url=https://www.reuters.com/article/us-cybersecurity-healthcare-fbi-exclusiv-idUSBREA3M1Q920140423|title=Exclusive: FBI warns healthcare sector vulnerable to cyber attacks|first=Jim|last=Finkle|date=23 April 2014|newspaper=Reuters|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160604120725/http://www.reuters.com/article/us-cybersecurity-healthcare-fbi-exclusiv-idUSBREA3M1Q920140423|archive-date=4 June 2016}}</ref> Although cyber threats continue to increase, 62% of all organizations did not increase security training for their business in 2015.<ref>{{Cite news|url=https://www.infosecurity-magazine.com/news/lack-of-employee-security-training/|title=Lack of Employee Security Training Plagues US Businesses|last=Seals|first=Tara|date=6 November 2015|work=Infosecurity Magazine|access-date=8 November 2017|url-status=live|archive-url=https://web.archive.org/web/20171109081033/https://www.infosecurity-magazine.com/news/lack-of-employee-security-training/|archive-date=9 November 2017}}</ref>

Not all attacks are financially motivated, however: security firm [[HBGary Federal]] had a serious series of attacks in 2011 from [[Hacktivism|hacktivist]] group [[Anonymous (group)|Anonymous]] in retaliation for the firm's CEO claiming to have infiltrated their group,<ref>{{cite web |last=Bright |first=Peter |url=https://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/ |title=Anonymous speaks: the inside story of the HBGary hack |publisher=Arstechnica.com |date=15 February 2011 |access-date=29 March 2011 |url-status=live |archive-url=https://web.archive.org/web/20110327045801/http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars |archive-date=27 March 2011  }}</ref><ref>{{cite web |last=Anderson |first=Nate |url=https://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars/ |title=How one man tracked down Anonymous{{snd}}and paid a heavy price |publisher=Arstechnica.com |date=9 February 2011 |access-date=29 March 2011 |url-status=live |archive-url=https://web.archive.org/web/20110329090824/http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars |archive-date=29 March 2011  }}</ref> and [[Sony Pictures]] was [[Sony Pictures hack|hacked in 2014]] with the apparent dual motive of embarrassing the company through data leaks and crippling the company by wiping workstations and servers.<ref>{{cite web |url=https://money.cnn.com/2014/12/24/technology/security/sony-hack-facts/ |title=What caused Sony hack: What we know now |first=Jose |last=Palilery |website=[[CNN Money]] |date=24 December 2014 |access-date=4 January 2015 |url-status=live |archive-url=https://web.archive.org/web/20150104195455/https://money.cnn.com/2014/12/24/technology/security/sony-hack-facts/ |archive-date=4 January 2015  }}</ref><ref>{{cite news |first=James |last=Cook |date=16 December 2014 |url=http://www.businessinsider.com/the-sony-hackers-still-have-a-massive-amount-of-data-that-hasnt-been-leaked-yet-2014-12 |title=Sony Hackers Have Over 100 Terabytes Of Documents. Only Released 200 Gigabytes So Far |work=[[Business Insider]] |access-date=18 December 2014 |url-status=live |archive-url=https://web.archive.org/web/20141217204735/http://www.businessinsider.com/the-sony-hackers-still-have-a-massive-amount-of-data-that-hasnt-been-leaked-yet-2014-12 |archive-date=17 December 2014  }}</ref>

===Automobiles===
{{See also|Autonomous car#Potential disadvantages|Automated driving system#Risks and liabilities|Automotive hacking}}
Vehicles are increasingly computerized, with engine timing, [[cruise control]], [[anti-lock brakes]], seat belt tensioners, door locks, [[airbag]]s and [[advanced driver-assistance systems]] on many models. Additionally, [[connected car]]s may use WiFi and Bluetooth to communicate with onboard consumer devices and the cell phone network.<ref name="vox" /> [[Self-driving car]]s are expected to be even more complex. All of these systems carry some security risks, and such issues have gained wide attention.<ref>{{cite report | url=http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf | title=Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk | date=6 February 2015 | access-date=4 November 2016 | url-status=live | archive-url=https://web.archive.org/web/20161109040112/http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf | archive-date=9 November 2016 | df=dmy-all }}</ref><ref>{{cite web|author=<!--Not stated.-->|title=Cybersecurity expert: It will take a 'major event' for companies to take this issue seriously|url=https://www.aol.com/article/news/2016/12/26/expert-warns-major-event-will-need-to-happen-for-cybersecurity/21632630/|website=AOL.com|date=5 January 2017 |access-date=22 January 2017|language=en|url-status=live|archive-url=https://web.archive.org/web/20170120180918/https://www.aol.com/article/news/2016/12/26/expert-warns-major-event-will-need-to-happen-for-cybersecurity/21632630/|archive-date=20 January 2017}}</ref><ref>{{cite news|title=The problem with self-driving cars: who controls the code?|url=https://www.theguardian.com/technology/2015/dec/23/the-problem-with-self-driving-cars-who-controls-the-code|newspaper=The Guardian|access-date=22 January 2017|date=23 December 2015|url-status=live|archive-url=https://web.archive.org/web/20170316152605/https://www.theguardian.com/technology/2015/dec/23/the-problem-with-self-driving-cars-who-controls-the-code|archive-date=16 March 2017}}</ref>

Simple examples of risk include a malicious [[compact disc]] being used as an attack vector,<ref>{{cite conference|url=http://www.autosec.org/pubs/cars-usenixsec2011.pdf|title=Comprehensive Experimental Analyses of Automotive Attack Surfaces|year=2011|conference=SEC'11 Proceedings of the 20th USENIX conference on Security|page=6|publisher=USENIX Association|location=Berkeley, California, US|first1=Stephen|last1=Checkoway|first2=Damon|last2=McCoy|first3=Brian|last3=Kantor|author-link3=Brian Kantor|first4=Danny|last4=Anderson|first5=Hovav|last5=Shacham|first6=Stefan|last6=Savage|author-link6=Stefan Savage|first7=Karl|last7=Koscher|first8=Alexei|last8=Czeskis|first9=Franziska|last9=Roesner|first10=Tadayoshi|last10=Kohno|url-status=live|archive-url=https://web.archive.org/web/20150221064614/http://www.autosec.org/pubs/cars-usenixsec2011.pdf|archive-date=21 February 2015}}</ref> and the car's onboard microphones being used for eavesdropping. However, if access is gained to a car's internal [[controller area network]], the danger is much greater<ref name="vox">{{cite web|url=https://www.vox.com/2015/1/18/7629603/car-hacking-dangers|title=The next frontier of hacking: your car|first=Timothy B.|last=Lee|date=18 January 2015|work=Vox|url-status=live|archive-url=https://web.archive.org/web/20170317212726/http://www.vox.com/2015/1/18/7629603/car-hacking-dangers|archive-date=17 March 2017}}</ref> – and in a widely publicized 2015 test, hackers remotely carjacked a vehicle from 10 miles away and drove it into a ditch.<ref>{{cite magazine|last1=Greenberg|first1=Andy|title=Hackers Remotely Kill a Jeep on the Highway{{snd}}With Me in It|magazine=Wired|url=https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/|access-date=22 January 2017|url-status=live|archive-url=https://web.archive.org/web/20170119103855/https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/|archive-date=19 January 2017|date=21 July 2015}}</ref><ref>{{cite news|title=Hackers take control of car, drive it into a ditch|url=https://www.independent.co.uk/news/science/hackers-remotely-carjack-jeep-from-10-miles-away-and-drive-it-into-ditch-10406554.html|newspaper=The Independent|access-date=22 January 2017|date=22 July 2015|url-status=live|archive-url=https://web.archive.org/web/20170202061247/http://www.independent.co.uk/news/science/hackers-remotely-carjack-jeep-from-10-miles-away-and-drive-it-into-ditch-10406554.html|archive-date=2 February 2017}}</ref>

Manufacturers are reacting in numerous ways, with [[Tesla Motors|Tesla]] in 2016 pushing out some security fixes ''over the air'' into its cars' computer systems.<ref>{{cite news|title=Tesla fixes software bug that allowed Chinese hackers to control car remotely|url=https://www.telegraph.co.uk/technology/2016/09/21/tesla-fixes-software-bug-that-allowed-chinese-hackers-to-control/|newspaper=The Telegraph|access-date=22 January 2017|url-status=live|archive-url=https://web.archive.org/web/20170202014932/http://www.telegraph.co.uk/technology/2016/09/21/tesla-fixes-software-bug-that-allowed-chinese-hackers-to-control/|archive-date=2 February 2017|date=21 September 2016|author=<!--Not stated.-->}}</ref> In the area of autonomous vehicles, in September 2016 the [[United States Department of Transportation]] announced some initial safety standards, and called for states to come up with uniform policies.<ref>{{cite news|last1=Kang|first1=Cecilia|title=Self-Driving Cars Gain Powerful Ally: The Government|url=https://www.nytimes.com/2016/09/20/technology/self-driving-cars-guidelines.html|newspaper=The New York Times|access-date=22 January 2017|date=19 September 2016|url-status=live|archive-url=https://web.archive.org/web/20170214045032/https://www.nytimes.com/2016/09/20/technology/self-driving-cars-guidelines.html?_r=0|archive-date=14 February 2017}}</ref><ref>{{cite web|title=Federal Automated Vehicles Policy|url=https://www.transportation.gov/sites/dot.gov/files/docs/AV%20policy%20guidance%20PDF.pdf|access-date=22 January 2017|url-status=live|archive-url=https://web.archive.org/web/20170121161404/https://www.transportation.gov/sites/dot.gov/files/docs/AV%20policy%20guidance%20PDF.pdf|archive-date=21 January 2017}}</ref><ref>{{Cite web |title=Vehicle Cybersecurity |url=https://www.nhtsa.gov/technology-innovation/vehicle-cybersecurity |access-date=2022-11-25 |website=nhtsa.gov |language=en}}</ref>

Additionally, e-Drivers' licenses are being developed using the same technology. For example, Mexico's licensing authority (ICV) has used a smart card platform to issue the first e-Drivers' licenses to the city of [[Monterrey]], in the state of [[Nuevo León]].<ref>{{cite web | title=Thales supplies smart driver license to 4 states in Mexico | website=Thales Group | url=https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases/mexico }}</ref>

===Shipping===
Shipping companies<ref>{{Cite web |title=4 Companies Using RFID for Supply Chain Management |url=https://www.atlasrfidstore.com/rfid-insider/4-companies-using-rfid-for-supply-chain-management |access-date=2023-02-03 |website=atlasRFIDstore |language=en}}</ref> have adopted [[RFID]] (Radio Frequency Identification) technology as an efficient, digitally secure, [[tracking device]]. Unlike a [[barcode]], RFID can be read up to 20 feet away. RFID is used by [[FedEx]]<ref>{{Cite web|url=https://www.supplychainmarket.com/doc/the-cutting-edge-of-rfid-technology-and-appli-0001|title = The Cutting Edge of RFID Technology and Applications for Manufacturing and Distribution| website=Supply Chain Market}}</ref> and [[United Parcel Service|UPS]].<ref>{{Cite conference|last1=Rahman|first1=Mohammad Anwar|last2=Khadem|first2=Mohammad Miftaur|last3=Sarder|first3=MD.|title=Application of RFID in Supply Chain System|conference=Proceedings of the 2010 International Conference on Industrial Engineering and Operations Management Dhaka, Bangladesh, January 9 – 10, 2010|citeseerx=10.1.1.397.7831}}</ref>

===Government===
Government and [[military]] computer systems are commonly attacked by activists<ref>{{cite news |url=https://www.telegraph.co.uk/news/worldnews/northamerica/usa/4320901/Gary-McKinnon-profile-Autistic-hacker-who-started-writing-computer-programs-at-14.html |location=London |work=The Daily Telegraph |title=Gary McKinnon profile: Autistic 'hacker' who started writing computer programs at 14 |date=23 January 2009 |url-status=live |archive-url=https://web.archive.org/web/20100602065423/http://www.telegraph.co.uk/news/worldnews/northamerica/usa/4320901/Gary-McKinnon-profile-Autistic-hacker-who-started-writing-computer-programs-at-14.html |archive-date=2 June 2010  }}</ref><ref>{{cite news |url=https://www.bbc.co.uk/news/uk-19506090 |title=Gary McKinnon extradition ruling due by 16 October |work=BBC News |date=6 September 2012 |access-date=25 September 2012 |url-status=live |archive-url=https://web.archive.org/web/20120906185731/http://www.bbc.co.uk/news/uk-19506090 |archive-date=6 September 2012  }}</ref><ref>{{cite court |url=https://publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm |litigants=Mckinnon V Government of The United States of America and Another |court=House of Lords |date=16 June 2008 |quote=15. ... alleged to total over $700,000 |access-date=30 January 2010  }}</ref> and foreign powers.<ref>{{cite news | title=Fresh Leak on US Spying: NSA Accessed Mexican President's Email | website=SPIEGEL ONLINE | date=2013-10-20 | url=http://www.spiegel.de/international/world/nsa-hacked-email-account-of-mexican-president-a-928817.html | archive-url=https://web.archive.org/web/20151106193613/http://www.spiegel.de/international/world/nsa-hacked-email-account-of-mexican-president-a-928817.html | archive-date=2015-11-06 }}</ref><ref>{{cite web |url=https://www.npr.org/sections/thetwo-way/2015/06/04/412086068/massive-data-breach-puts-4-million-federal-employees-records-at-risk |title=Massive Data Breach Puts 4 Million Federal Employees' Records at Risk |work=NPR |date=4 June 2015 |access-date=5 June 2015 |author=Sanders, Sam |url-status=live |archive-url=https://web.archive.org/web/20150605041629/http://www.npr.org/sections/thetwo-way/2015/06/04/412086068/massive-data-breach-puts-4-million-federal-employees-records-at-risk |archive-date=5 June 2015  }}</ref><ref>{{cite news |url=http://www.cnn.com/2015/06/04/politics/federal-agency-hacked-personnel-management/ |title=U.S. government hacked; feds think China is the culprit |work=CNN |date=4 June 2015 |access-date=5 June 2015 |author=Liptak, Kevin |url-status=live |archive-url=https://web.archive.org/web/20150606063139/http://www.cnn.com/2015/06/04/politics/federal-agency-hacked-personnel-management/ |archive-date=6 June 2015  }}</ref><ref>{{cite news |title=Encryption "would not have helped" at OPM, says DHS official |first=Sean |last=Gallagher |url=https://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/ |url-status=live |archive-url=https://web.archive.org/web/20170624014751/https://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/ |archive-date=24 June 2017  }}</ref> Local and regional government infrastructure such as [[traffic light]] controls, police and intelligence agency communications, [[Office of Personnel Management data breach|personnel records]], as well as student records.<ref>{{cite journal|url=http://www.edweek.org/ew/articles/2015/10/21/lessons-learned-from-security-breaches.html|title=Schools Learn Lessons From Security Breaches|date=19 October 2015|journal=Education Week|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160610130749/http://www.edweek.org/ew/articles/2015/10/21/lessons-learned-from-security-breaches.html|archive-date=10 June 2016|last1=Davis|first1=Michelle R.}}</ref>

The [[FBI]], [[CIA]], and [[The Pentagon|Pentagon]], all utilize secure controlled access technology for any of their buildings. However, the use of this form of technology is spreading into the entrepreneurial world. More and more companies are taking advantage of the development of digitally secure controlled access technology. GE's ACUVision, for example, offers a single panel platform for access control, alarm monitoring and digital recording.<ref>{{cite web |title=GE's Introduces ACUVision as a Single Panel Solution |url=https://www.securityinfowatch.com/access-identity/access-control/press-release/10577631/ge-infrastructure-security-ges-introduces-acuvision-as-a-single-panel-solution |website=www.securityinfowatch.com |date=11 August 2005 |publisher=Security Info Watch |access-date=24 September 2019}}</ref>

===Internet of things and physical vulnerabilities===
The [[Internet of things]] (IoT) is the network of physical objects such as devices, vehicles, and buildings that are [[Embedded system|embedded]] with [[electronics]], [[software]], [[sensor]]s, and [[Internet access|network connectivity]] that enables them to collect and exchange data.<ref>{{cite web|url=http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx|title=Internet of Things Global Standards Initiative|work=ITU|access-date=26 June 2015|url-status=live|archive-url=https://web.archive.org/web/20150626125229/http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx|archive-date=26 June 2015}}</ref> Concerns have been raised that this is being developed without appropriate consideration of the security challenges involved.<ref>{{cite journal|last1=Singh|first1=Jatinder|last2=Pasquier|first2=Thomas|last3=Bacon|first3=Jean|last4=Ko|first4=Hajoon|last5=Eyers|first5=David|title=Twenty Cloud Security Considerations for Supporting the Internet of Things|journal=IEEE Internet of Things Journal|volume=3|issue=3|date=2015|pages=269–284|doi=10.1109/JIOT.2015.2460333|s2cid=4732406|url=https://dash.harvard.edu/bitstream/1/35349952/1/iot-2016.pdf|url-access=}}</ref><ref>{{cite news|url=https://www.forbes.com/sites/chrisclearfield/2013/09/18/why-the-ftc-cant-regulate-the-internet-of-things/|title=Why The FTC Can't Regulate The Internet Of Things|first=Chris|last=Clearfield|work=Forbes|access-date=26 June 2015|url-status=live|archive-url=https://web.archive.org/web/20150627090938/http://www.forbes.com/sites/chrisclearfield/2013/09/18/why-the-ftc-cant-regulate-the-internet-of-things/|archive-date=27 June 2015}}</ref>

While the IoT creates opportunities for more direct integration of the physical world into computer-based systems,<ref>{{cite web | url=https://hbr.org/resources/pdfs/comm/verizon/18980_HBR_Verizon_IoT_Nov_14.pdf |archive-url=https://web.archive.org/web/20150317052909/https://hbr.org/resources/pdfs/comm/verizon/18980_HBR_Verizon_IoT_Nov_14.pdf |archive-date=2015-03-17 |url-status=live | title=Internet of Things: Science Fiction or Business Fact? | work=Harvard Business Review | access-date=4 November 2016}}</ref><ref>{{cite web | url=http://www.internet-of-things-research.eu/pdf/Converging_Technologies_for_Smart_Environments_and_Integrated_Ecosystems_IERC_Book_Open_Access_2013.pdf | title=Internet of Things: Converging Technologies for Smart Environments and Integrated Ecosystems | publisher=River Publishers | access-date=4 November 2016 | first1=Ovidiu | last1=Vermesan | first2=Peter | last2=Friess | url-status=live | archive-url=https://web.archive.org/web/20161012010519/http://www.internet-of-things-research.eu/pdf/Converging_Technologies_for_Smart_Environments_and_Integrated_Ecosystems_IERC_Book_Open_Access_2013.pdf | archive-date=12 October 2016 | df=dmy-all }}</ref>
it also provides opportunities for misuse. In particular, as the Internet of Things spreads widely, cyberattacks are likely to become an increasingly physical (rather than simply virtual) threat.<ref>{{cite journal | last=Clearfield | first=Chris | title=Rethinking Security for the Internet of Things | journal=Harvard Business Review | date=2013-06-20 | url=http://blogs.hbr.org/2013/06/rethinking-security-for-the-in/ | archive-url=https://web.archive.org/web/20130920145534/http://blogs.hbr.org/2013/06/rethinking-security-for-the-in/ | archive-date=2013-09-20 | url-status=live }}</ref> If a front door's lock is connected to the Internet, and can be locked/unlocked from a phone, then a criminal could enter the home at the press of a button from a stolen or hacked phone. People could stand to lose much more than their credit card numbers in a world controlled by IoT-enabled devices. Thieves have also used electronic means to circumvent non-Internet-connected hotel door locks.<ref>{{cite web|url=https://arstechnica.com/security/2012/11/hotel-room-burglars-exploit-critical-flaw-in-electronic-door-locks/|title=Hotel room burglars exploit critical flaw in electronic door locks|work=Ars Technica|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160514002208/http://arstechnica.com/security/2012/11/hotel-room-burglars-exploit-critical-flaw-in-electronic-door-locks/|archive-date=14 May 2016|date=26 November 2012}}</ref>

An attack aimed at physical infrastructure or human lives is often called a cyber-kinetic attack. As IoT devices and appliances become more widespread, the prevalence and potential damage of cyber-kinetic attacks can increase substantially.

===Medical systems===
{{See also|Medical device hijack|Medical data breach}}
[[Medical devices]] have either been successfully attacked or had potentially deadly vulnerabilities demonstrated, including both in-hospital diagnostic equipment<ref>{{cite web|url=http://www.darkreading.com/vulnerabilities---threats/hospital-medical-devices-used-as-weapons-in-cyberattacks/d/d-id/1320751|title=Hospital Medical Devices Used As Weapons in Cyberattacks|work=Dark Reading|date=6 August 2015|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160529002947/http://www.darkreading.com/vulnerabilities---threats/hospital-medical-devices-used-as-weapons-in-cyberattacks/d/d-id/1320751|archive-date=29 May 2016}}</ref> and implanted devices including [[pacemaker]]s<ref>{{cite web|url=http://www.computerworld.com/article/2492453/malware-vulnerabilities/pacemaker-hack-can-deliver-deadly-830-volt-jolt.html|title=Pacemaker hack can deliver deadly 830-volt jolt|first=Jeremy|last=Kirk|date=17 October 2012|work=Computerworld|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160604201841/http://www.computerworld.com/article/2492453/malware-vulnerabilities/pacemaker-hack-can-deliver-deadly-830-volt-jolt.html|archive-date=4 June 2016}}</ref> and [[insulin pump]]s.<ref>{{cite news|url=http://www.thedailybeast.com/articles/2014/11/17/how-your-pacemaker-will-get-hacked.html|title=How Your Pacemaker Will Get Hacked|newspaper=The Daily Beast|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160520155616/http://www.thedailybeast.com/articles/2014/11/17/how-your-pacemaker-will-get-hacked.html|archive-date=20 May 2016|date=17 November 2014|agency=Kaiser Health News}}</ref> There are many reports of hospitals and hospital organizations getting hacked, including [[ransomware]] attacks,<ref>{{cite magazine|last1=Leetaru|first1=Kalev|title=Hacking Hospitals And Holding Hostages: Cybersecurity In 2016|url=https://www.forbes.com/sites/kalevleetaru/2016/03/29/hacking-hospitals-and-holding-hostages-cybersecurity-in-2016/|magazine=Forbes|access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161229104021/http://www.forbes.com/sites/kalevleetaru/2016/03/29/hacking-hospitals-and-holding-hostages-cybersecurity-in-2016/|archive-date=29 December 2016}}</ref><ref name="wiwo1">{{cite web|title=Cyber-Angriffe: Krankenhäuser rücken ins Visier der Hacker|date=7 December 2016 |url=http://www.wiwo.de/technologie/digitale-welt/cyber-angriffe-krankenhaeuser-ruecken-ins-visier-der-hacker/14946040.html|publisher=Wirtschafts Woche|access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161229101724/http://www.wiwo.de/technologie/digitale-welt/cyber-angriffe-krankenhaeuser-ruecken-ins-visier-der-hacker/14946040.html|archive-date=29 December 2016}}</ref><ref>{{cite web|title=Hospitals keep getting attacked by ransomware{{snd}}Here's why|url=http://www.businessinsider.com/hospital-ransomware-hack-2016-5|website=Business Insider|access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161229101247/http://www.businessinsider.com/hospital-ransomware-hack-2016-5|archive-date=29 December 2016}}</ref><ref>{{cite web|title=MedStar Hospitals Recovering After 'Ransomware' Hack|url=https://www.nbcnews.com/news/us-news/medstar-hospitals-recovering-after-ransomware-hack-n548121|work=NBC News|date=31 March 2016 |access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161229103355/https://www.nbcnews.com/news/us-news/medstar-hospitals-recovering-after-ransomware-hack-n548121|archive-date=29 December 2016}}</ref> [[Windows XP]] exploits,<ref>{{cite web|last1=Pauli|first1=Darren|title=US hospitals hacked with ancient exploits|url=https://www.theregister.co.uk/2016/06/28/medjack/|website=The Register|access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161116141207/http://www.theregister.co.uk/2016/06/28/medjack|archive-date=16 November 2016}}</ref><ref>{{cite web|last1=Pauli|first1=Darren|title=Zombie OS lurches through Royal Melbourne Hospital spreading virus|url=https://www.theregister.co.uk/2016/01/19/melbourne_hospital_pathology_wing_splattered_by_virus/|website=The Register|access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161229101019/http://www.theregister.co.uk/2016/01/19/melbourne_hospital_pathology_wing_splattered_by_virus/|archive-date=29 December 2016}}</ref> viruses,<ref>{{cite news|title=Hacked Lincolnshire hospital computer systems 'back up'|url=https://www.bbc.com/news/uk-england-humber-37849746|work=BBC News|access-date=29 December 2016|date=2 November 2016|url-status=live|archive-url=https://web.archive.org/web/20161229101819/http://www.bbc.com/news/uk-england-humber-37849746|archive-date=29 December 2016}}</ref><ref>{{cite news|title=Lincolnshire operations cancelled after network attack|url=https://www.bbc.com/news/uk-england-humber-37822084|work=BBC News|access-date=29 December 2016|date=31 October 2016|url-status=live|archive-url=https://web.archive.org/web/20161229101209/http://www.bbc.com/news/uk-england-humber-37822084|archive-date=29 December 2016}}</ref> and data breaches of sensitive data stored on hospital servers.<ref>{{cite news|title=Legion cyber-attack: Next dump is sansad.nic.in, say hackers|url=http://indianexpress.com/article/technology/tech-news-technology/legion-hacking-no-political-agenda-just-computer-geeks-says-hacker-4423167/|newspaper=The Indian Express|access-date=29 December 2016|date=12 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161229100631/http://indianexpress.com/article/technology/tech-news-technology/legion-hacking-no-political-agenda-just-computer-geeks-says-hacker-4423167/|archive-date=29 December 2016}}</ref><ref name="wiwo1" /><ref>{{cite web|title=Former New Hampshire Psychiatric Hospital Patient Accused Of Data Breach|url=http://boston.cbslocal.com/2016/12/27/former-patient-accused-data-breech-new-hampshire-psychiatric-hospital/|publisher=CBS Boston|access-date=29 December 2016|url-status=live|archive-url=https://web.archive.org/web/20170929233237/http://boston.cbslocal.com/2016/12/27/former-patient-accused-data-breech-new-hampshire-psychiatric-hospital/|archive-date=29 September 2017|date=27 December 2016}}</ref><ref>{{cite web|title=Texas Hospital hacked, affects nearly 30,000 patient records|url=http://www.healthcareitnews.com/news/texas-hospital-hacked-affects-nearly-30000-patient-records|publisher=Healthcare IT News|access-date=29 December 2016|date=4 November 2016|url-status=live|archive-url=https://web.archive.org/web/20161229171117/http://www.healthcareitnews.com/news/texas-hospital-hacked-affects-nearly-30000-patient-records|archive-date=29 December 2016}}</ref> On 28 December 2016 the US [[Food and Drug Administration]] released its recommendations for how medical [[Medical device manufacturing|device manufacturers]] should maintain the security of Internet-connected devices – but no structure for enforcement.<ref>{{cite web|last1=Becker|first1=Rachel|title=New cybersecurity guidelines for medical devices tackle evolving threats|url=https://www.theverge.com/2016/12/27/14095166/fda-guidance-medical-device-cybersecurity-cyberattack-hacking-guidelines|website=The Verge|access-date=29 December 2016|date=27 December 2016|url-status=live|archive-url=https://web.archive.org/web/20161228210257/http://www.theverge.com/2016/12/27/14095166/fda-guidance-medical-device-cybersecurity-cyberattack-hacking-guidelines|archive-date=28 December 2016}}</ref><ref>{{cite web|title=Postmarket Management of Cybersecurity in Medical Devices|website=[[Food and Drug Administration]]|url=https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf|access-date=29 December 2016|date=28 December 2016|url-status=dead|archive-url=https://web.archive.org/web/20161229102808/https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf|archive-date=29 December 2016}}</ref>

=== Energy sector ===
In distributed generation systems, the risk of a cyber attack is real, according to ''Daily Energy Insider''. An attack could cause a loss of power in a large area for a long period of time, and such an attack could have just as severe consequences as a natural disaster. The District of Columbia is considering creating a Distributed Energy Resources (DER) Authority within the city, with the goal being for customers to have more insight into their own energy use and giving the local electric utility, [[Pepco]], the chance to better estimate energy demand. The D.C. proposal, however, would "allow third-party vendors to create numerous points of energy distribution, which could potentially create more opportunities for cyber attackers to threaten the electric grid."<ref>{{Cite news|url=https://dailyenergyinsider.com/featured/13110-d-c-distributed-4:.energy-proposal-draws-concerns-of-increased-cybersecurity-risks/|title=D.C. distributed energy proposal draws concerns of increased cybersecurity risks|last=Brandt|first=Jaclyn|date=18 June 2018|work=Daily Energy Insider|access-date=4 July 2018|language=en-US}}</ref>

===Telecommunications===
Perhaps the most widely known digitally secure telecommunication device is the [[Subscriber Identity Module|SIM]] (Subscriber Identity Module) card, a device that is embedded in most of the world's cellular devices before any service can be obtained. The SIM card is just the beginning of this digitally secure environment.

The Smart Card Web Servers draft standard (SCWS) defines the interfaces to an [[HTTP server]] in a [[smart card]].<ref>{{cite web|url=http://www.openmobilealliance.org/Technical/release_program/scws_v1_0.aspx|title=Current Releases - The Open Mobile Alliance|work=openmobilealliance.org}}</ref> Tests are being conducted to secure OTA ("over-the-air") payment and credit card information from and to a mobile phone. 
Combination SIM/DVD devices are being developed through Smart Video Card technology which embeds a [[DVD]]-compliant [[optical disc]] into the card body of a regular SIM card.

Other telecommunication developments involving digital security include [[mobile signature]]s, which use the embedded SIM card to generate a legally binding [[electronic signature]].