Some other concerns that we have to bear in mind, we have embedded systems which are typically purpose-built often single board computers or components that are installed within a larger context. These can use quite unique languages and factors but as a consequence of this and they're being so unique, they receive little or no attention regarding security as often happens with systems specifically designed for specific uses in specific industries, such as we encounter in IOT, industrial control systems, automated robots, and SCADA.

These are constructs of devices and components operating in various ways on types of public and industrial systems, such as plants, traffic control, air traffic control, and public transit. And they often are found operating critical infrastructure but they suffer from a lack of attention and end up becoming obsolete, but they suffer from the attitude of, if it ain't broke, don't fix it. Sadly, this has produced some very adverse consequences in many different locations.

Now we do have one form of attack that doesn't bother to attack in a straight frontal assault sort of manner. It is a non-direct attack form that attacks the implementation or other elements that are associated with a particular system without the head on attack on the operating system directly. These can be very, very effective as we've seen in many cases. These use the direct approach attacking cryptographic components or timing components such as in the TOCTOU or race condition, and Tempest, which is a set of countermeasures against electromagnetic interference and electromagnetic based attacks.

We have, of course, the final set of concerns which is by no means trivial and often a part of any other attack scenario you care to think about. And this of course, are the human assisted, social engineering. Now these are in fact, a category of effectively side channel attacks because by attacking the human, I should say, by directing these at human targets, they're able to prompt an assistive response on the part of that human target that will assist in arriving at the desired outcome.

Now, these are often employed as an early step in the actual planned attack sequence. They often employ various forms of deceptive techniques to produce this desired reaction that will then lead to a further step down the pathway of the intended planned attack sequence. Now in general, these are called phishing, of course, and that's phishing with a ph. Now, literally what happens is, a logical hook is baited with a seemingly genuine offer of some desirable bait. And it does make use of the fact that people seek various things and it employs various techniques of masquerading and the simple psychology to exploit human behavior.

Typically they use a promise of something for nothing. Sometimes it involves delivering a veiled threat and applying pressure to act without thinking. Making something sound urgent and I need you to do this right now or five minutes ago. And so they act without thinking and provide the attacker what they're seeking. Humans are tempted by things that are secret, hidden, or exclusive, and hackers make use of the psychology employed in that. And then there is the kind that feigns familiarity to gain trust for further exploitation, which is the classic way that phishing more or less came into existence. 

Now, except for the fact that we can train people to be watchful, mindful, and not to simply react to things that may seem genuine but don't seem to have a genuine source. There is very little we can do to system design to combat this particular threat because it is human based at least in its starting phases. The best defense is going to be part of the larger defense-in-depth program involving training. And there are phishing campaigns that are often conducted as periodic testing of users to see who can be caught on this particular hook.