Archive for the ‘Security’ Category

Here Is How To Address Car Hacking Threats

When you connect a car to the Internet, it is no longer just a car: It is a computer on wheels.

For years, the security industry has asked itself, “When will cyberattacks affect the physical world?” The connected car is a clear example of where this manifests, especially as researchers release new information about vehicles’ vulnerabilities, such as my partner Marc Rogers’ and my deep dive into Tesla’s systems, or the recent Jeep Cherokee analysis, wherein researchers breached the vehicle’s drive systems from the Internet, slowing the vehicle to a crawl on a highway. Fiat Chrysler has since recalled more than one million vehicles as a result, and legislation aptly named the “Security and Privacy in your Car Act” is currently in consideration by Congress.

When a car can search Google, send tweets and be remotely accessed from a smartphone app, that car has more in common with your laptop than it does the Model T. Securing the next generation of connected automobiles means redefining what it means for a vehicle to be “road-ready.” The road-ready vehicle of the future needs cybersecurity measures beyond the traditional physical safety measures taken today.

It is inevitable that automobiles — alongside every other essential technology in our lives — become connected. Given how important cars and trucks are to both individuals and the world’s economy as a whole, it’s entirely expected that attackers will focus their energy on disrupting vehicles’ (hopefully) well-designed systems.

Thankfully, nothing catastrophic has happened yet, and the auto industry is in position to take necessary action to get ahead of this problem. However, it needs to learn from the software industry’s experience on the front lines of the Internet, something most auto manufacturers have yet to do.

For example, as part of its mission to reinvent the automobile, Tesla has taken a software-first approach to itscars. Knowing that the people will expect their car to be connected to the Internet, the conversation internally never was “when these cars become Internet-connected,” it always was “how can we build a great connected car?”

As with any software-driven product, cybersecurity must be a deliberate investment. Today, the auto industry can take three specific measures to dramatically improve the cybersecurity of its vehicles.

First, vehicles need over-the-air update systems to avoid expensive and lengthy recalls every time a security vulnerability is found. Second, manufacturers must separate infotainment systems and the critical drive systems, tightly controlling communication between them, just as commercial airliners isolate inflight Wi-Fi networks from critical avionics systems. Third, manufacturers must assume that some attacks will succeed and secure each individual software component in the vehicle, so that if an attacker compromises a single system they do not automatically get access to the entire vehicle.

While the state of automobile cybersecurity would be substantially improved if all manufacturers implemented these guidelines, they are just a start. It takes years for a company to develop a strong cybersecurity culture; even with a strong internal cybersecurity team, that team must be supported by and integrated into the organization as a whole.

Further, companies with experienced security teams look not just inside the company for support, but outside to the global community of security researchers identifying problems — and hoping to get them fixed — ahead of criminals. For example, Tesla launched a “Bug Bounty” program to encourage external security researchers to responsibly identify and help fix any security issues they uncover. I encourage all other manufacturers to follow a similar path.

Consider the consequences if the auto industry does not get security right: Manufacturers may need to issue a recall for every software vulnerability found. Recalls are a long process, and software vulnerabilities become a substantial personal safety issue, even a national security concern, if not fixed immediately. Further, if the frequency of software vulnerabilities in vehicles is anywhere near that of PCs — monthly and even weekly in some cases — recalls quickly become impractical.

I sincerely hope that all auto manufacturers proactively address cybersecurity, starting with the guidelines above, to make automobiles one of the most secure pieces of technology in our lives.

Here Is How To Address Car Hacking Threats

When you connect a car to the Internet, it is no longer just a car: It is a computer on wheels.

For years, the security industry has asked itself, “When will cyberattacks affect the physical world?” The connected car is a clear example of where this manifests, especially as researchers release new information about vehicles’ vulnerabilities, such as my partner Marc Rogers’ and my deep dive into Tesla’s systems, or the recent Jeep Cherokee analysis, wherein researchers breached the vehicle’s drive systems from the Internet, slowing the vehicle to a crawl on a highway. Fiat Chrysler has since recalled more than one million vehicles as a result, and legislation aptly named the “Security and Privacy in your Car Act” is currently in consideration by Congress.

When a car can search Google, send tweets and be remotely accessed from a smartphone app, that car has more in common with your laptop than it does the Model T. Securing the next generation of connected automobiles means redefining what it means for a vehicle to be “road-ready.” The road-ready vehicle of the future needs cybersecurity measures beyond the traditional physical safety measures taken today.

It is inevitable that automobiles — alongside every other essential technology in our lives — become connected. Given how important cars and trucks are to both individuals and the world’s economy as a whole, it’s entirely expected that attackers will focus their energy on disrupting vehicles’ (hopefully) well-designed systems.

Thankfully, nothing catastrophic has happened yet, and the auto industry is in position to take necessary action to get ahead of this problem. However, it needs to learn from the software industry’s experience on the front lines of the Internet, something most auto manufacturers have yet to do.

For example, as part of its mission to reinvent the automobile, Tesla has taken a software-first approach to itscars. Knowing that the people will expect their car to be connected to the Internet, the conversation internally never was “when these cars become Internet-connected,” it always was “how can we build a great connected car?”

As with any software-driven product, cybersecurity must be a deliberate investment. Today, the auto industry can take three specific measures to dramatically improve the cybersecurity of its vehicles.

First, vehicles need over-the-air update systems to avoid expensive and lengthy recalls every time a security vulnerability is found. Second, manufacturers must separate infotainment systems and the critical drive systems, tightly controlling communication between them, just as commercial airliners isolate inflight Wi-Fi networks from critical avionics systems. Third, manufacturers must assume that some attacks will succeed and secure each individual software component in the vehicle, so that if an attacker compromises a single system they do not automatically get access to the entire vehicle.

While the state of automobile cybersecurity would be substantially improved if all manufacturers implemented these guidelines, they are just a start. It takes years for a company to develop a strong cybersecurity culture; even with a strong internal cybersecurity team, that team must be supported by and integrated into the organization as a whole.

Further, companies with experienced security teams look not just inside the company for support, but outside to the global community of security researchers identifying problems — and hoping to get them fixed — ahead of criminals. For example, Tesla launched a “Bug Bounty” program to encourage external security researchers to responsibly identify and help fix any security issues they uncover. I encourage all other manufacturers to follow a similar path.

Consider the consequences if the auto industry does not get security right: Manufacturers may need to issue a recall for every software vulnerability found. Recalls are a long process, and software vulnerabilities become a substantial personal safety issue, even a national security concern, if not fixed immediately. Further, if the frequency of software vulnerabilities in vehicles is anywhere near that of PCs — monthly and even weekly in some cases — recalls quickly become impractical.

I sincerely hope that all auto manufacturers proactively address cybersecurity, starting with the guidelines above, to make automobiles one of the most secure pieces of technology in our lives.

Products
July 2017
M T W T F S S
« Jun    
 12
3456789
10111213141516
17181920212223
24252627282930
31  
  • America's Best Colleges
    Forbes' list of public and private colleges and universities ranks the best schools--from the students' point of view.
  • Twelve Nasty Work-From-Home Scams
    Does the offer of making a mint in your pajamas sound too good to be true? It surely is.
  • The World's Most Powerful Celebrities
    Oprah Winfrey takes back her crown while pop chart phenomenon Lady Gaga catapults to No. 4 on this year's Celebrity 100.
  • The World's Leading Companies
    This comprehensive report analyzes the world's biggest companies and the best performing of these titans.
  • The World's Billionaires
    Carlos Slim Helu takes the No. 1 spot on Forbes' annual list of the world's richest as a record 164 billionaires return to the ranking amid the global economic recovery.
  • Asking "What Was Your Last Salary?" May Be Illegal
    If you're used to asking "What was your last salary?" during job interviews, you might want to check your state and local laws.
  • Getting Published: Children's Books
    A Conversation with Children's Book Author and Editor Emma Walton Hamilton. Emma Walton Hamilton has co-authored twenty children’s books with her mother, Julie Andrews, six of which have been on the New York Times best-seller list. Emma’s own book, Raising Bookworms: Getting Kids Reading for Pleasure and Empowerment, premiered as a #1 best-seller on Amazon.com […]
  • Cash Flow Basics: 11 Ways to Fix Cash Flow Problems
    Cash flow problems affect most small businesses at some point. Don't let a cash crunch ruin your business. Here are 11 things you can do to keep your cash flow in the positive.
  • 4 Steps to Become More Influential
    Want to be a better leader? Want to be able to influence more people? Here are four things you need to do.
  • Tips for Making a Home Business Work
    Working from home doesn't come without its downfalls. This advice can help you deal with the cons to make your home business a success.
NY Business