Stopping Self-Driving Cars From Becoming Cybersecurity Weapons - Automotive News #21

in #automotive7 years ago

Stopping Self-Driving Cars From Becoming Cybersecurity Weapons

Written by Gil Press

Quoted from:
https://www.forbes.com/sites/gilpress/2017/07/19/stopping-self-driving-cars-from-becoming-cybersecurity-weapons/#b2409e06723b

IMG_3245.JPG
Volkswagen 'Cedric' self-driving car (Harold Cunningham/Getty Images)

At the upcoming 20th annual Black Hat Conference (July 22-27), Billy Rios of Whitescope and Jonathan Butts of QED will present When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices. The talk will demonstrate how to make an IoT device intentionally strike a person.

What if the “IoT device” is a self-driving car? Could the promised flood of autonomous vehicles put weapons of mass destruction on the road?

At Black Hat 2015, the talk of this annual gathering of cybersecurity experts was the remote hacking into and subsequent control of a Jeep Cherokee driving 70 mph on a public highway. Preparing for an autonomous future, the many ways by which today’s cars are linked to the internet—and the new opportunities and risks these connections imply—multiply exponentially. “The connected car is changing the automotive industry from inside,” says Yuval Diskin.

Diskin is former head of Israel’s internal security service (Shin Bet) and Chairman of CyMotive Technologies. Five years ago, he and two former Shin Bet colleagues co-founded a cybersecurity consultancy. Their work in the automotive industry led him to a number of observations about this rapidly changing industry.

The car industry is run by engineers. Up until a few years ago, they thought of information technology (i.e., computers) as some kind of basic support infrastructure, like water and electricity. It’s been a challenge for the industry to better integrate its core competency—electrical engineering—with IT or computer engineering. But they now understand that IT is at the core of their business.

A related challenge is the lack of a holistic approach to cybersecurity. It’s naïve to think that installing a firewall or intrusion detection system in the car will suffice to protect from cyberattacks. Serious attacks can and will happen at the fleet level where you can impact many cars—“imagine stopping thousands of Toyota cars on the highways of Europe,” says Diskin.
Given the poor cybersecurity preparedness of the automotive industry, Diskin’s recommends slowing down the rush to put self-driving cars on the roads, but “I am afraid it will not happen,” he says. Diskin thinks that eventually regulators will intervene and make the car makers join forces and come up with solutions once they will realize the magnitude of the cybersecurity challenge

Going beyond the automotive industry, Diskin also offered interesting commentary on the state of cybersecurity in general:

We often forget that behind every cyberattack there are human beings, not computers. They design, they reconnaissance, they devise a plan of infiltration, they construct a command and control system. Human beings make mistakes and they consistently behave in a certain way. This calls for a new approach to cybersecurity: Identify specific behaviors and intentions of specific attackers, construct their “digital signature”—their unique patterns of behavior, make behavioral science an important aspect of cyber defense. Without understanding the attackers, “you will never be a good defender,” says Diskin.

Today, the attackers are very dynamic and the defenders are very passive in their work. For defense, we rely too much on “muscles”—hundreds and thousands of technological solutions, most of them focused on defense inside the enterprise’s network. Instead, we need to deploy what Diskin calls “intelligence-driven offensive defense.” By “intelligence” he means both using our brains and collecting information.
“We don’t see much brain in cyber today, even though we talk a lot about artificial intelligence and machine learning,” says Diskin. We should have the brain instruct the muscle and not the other way around--create smart IT systems, know how to collect and process information and connect the dots, provide intelligence that allows decision-makers to make decisions as fast as possible. To do that, “you must go out of the network, go to the adversary and stop them before they attack.”

The Internet of Things—and interconnectivity in general—is a big cybersecurity challenge. “People don’t understand how things are connected to each other,” says Diskin, so they miss important vulnerabilities in a world where all physical objects are connected. An example he provides is a parking lot barrier, not an object that you would think has anything to do with the internet or computer systems. But the barrier in question was installed at a parking lot used by bank employees and was connected to the bank’s HR database. Once a hacker makes the connection, the barrier can serve as an entry point into all the bank’s computer systems.

In September 2016, Diskin and his co-founders established a joint venture, CyMotive Technologies, with German car maker Volkswagen. One division is developing solutions for protecting connected and autonomous cars, the other is simulating attacks on the hardware and software of these cars. In addition, Diskin is in the process of creating a new company pursuing his “intelligence-driven offensive defense” approach.

Coin Marketplace

STEEM 0.25
TRX 0.20
JST 0.038
BTC 96845.67
ETH 3584.40
USDT 1.00
SBD 3.79