2017 Emerging Technology Domains Risk Survey

Mark Weiser first coined the term ubiquitous computing, describing it as invisible, everywhere computing that does not live on a personal device of any sort, but is in the woodwork everywhere Weiser 1988. With advancements in miniaturization and in the economies of scale for systems-on-a-chip, Weisers vision is finally becoming a reality. Weisers vision of the future also included the difficult challenge of securing the near-infinite amounts of data generated, processed, and stored by ubiquitous devices or in todays parlance, the Internet of Things IoT. This increasing prevalence of new devicesand the extent to which Americans have come to rely upon them in daily lifepresents new challenges for the vulnerability coordination community. Can the Common Vulnerability Enumeration CVE methodology support this myriad of devices Can the Common Vulnerability Scoring System CVSS provide effective and meaningful vulnerability information as increasingly complex and interrelated vulnerabilities surface The Department of Homeland Securitys United States Computer Emergency Readiness Team US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world DHS 2017. To carry out its mission, US-CERT must be proactive, focusing on future threats and vulnerabilities amid fear and uncertainty that often result from highly publicized cybersecurity attacks. To support the US-CERT mission of proactivity, the CERT Coordination Center CERTCC located at Carnegie Mellon Universitys Software Engineering Institute was tasked with studying emerging systemic vulnerabilities, defined as exposures or weaknesses in a system that arise due to complex or unexpected interactions between subcomponents.