Cybersecurity and the Law

With the pressing issue of cybersecurity being brought into the public eye again as a result of last week’s WannaCry attack, lawmakers have been taking steps to see that laws are put into place to thwart similar incidents in the future. In a recent article by The Hill, Governor Terry McAuliffe is quoted in his dissatisfaction with congress’ approach to cybersecurity.

“I have been very public in my displeasure with the Congress,” McAuliffe said. “We don’t even have a committee [in] Congress today on cybersecurity. It is spread through many different committees — nobody will give up jurisdiction to come together.” (The Hill, May 17th 2017)

The governor’s words highlight the lack of concern for cyber defense in both chambers of congress up until now. As the fear of future large-scale cyber-attacks spreads, so does the pressure on lawmakers to begin enforcing regulations concerning state-level cybersecurity. As the chairman of the National Governors’ Association, Gov. McAuliffe is striving to establish basic minimum cybersecurity protocols that all states must abide by, with penal retaliation in the event of negligence on a state’s part.

With the increasing demand for safety from cyber-attacks, lawmakers and other governmental entities will be picking up speed in their establishment of standards for cybersecurity. Organizations such as the Society for Automotive Engineers (SAE) are already working in tandem with cybersecurity companies like Trillium to establish standards to protect automobiles and their drivers from cyber threats. The National Highway Traffic Safety Association (NHTSA) already dictates automotive safety measures through legislation, with safety policies for seat belts, airbags, brakes, and more.  It’s no stretch to say that the next major safety concern needing to be tackled in cars is cybersecurity, and to that end no small effort will suffice. The solutions must be potent, reliable, and dynamic enough to match speed with the ever changing environment of cyber-attacks, and Trillium is determined to provide those solutions.

Automotive Ransomware On The Rise

Not even a week has passed since the WannaCry incident began, and already cybersecurity experts around the world are voicing their concerns for the state of cyber defense today. In particular, attention has been brought to the possibility of a similar “ransomware” attack on automobiles, a potential threat dubbed “clampware.” News publications on both sides of the Atlantic have brought attention to this prospect, including coverage by Fox News’ Auto Tech column.

The idea of clampware comes from the notion that a car could be disabled through a cyber-attack, with the driver being ransomed into paying a sum in order to have control of the vehicle returned to them. It has already been shown that nearly all of an automobile’s functions can be controlled remotely by exploiting cracks in a car’s network connections. Software defects in a vehicle’s ECUs, radio, and wireless communication systems such as WiFi, Bluetooth, GSM, and 4G could be exploited to grant the attacker access to the car’s vital operation components.

In the event of such an attack, a driver could be left stranded on the road with no way to operate their vehicle unless they pay the ransom fee. If a driver is unable to pay the fee, it then begs the question of who’s responsibility it is to assist these drivers? Horrifyingly, even emergency vehicles such as ambulances, fire trucks, and police cars could be subject to such attacks. This has the potential to be a huge area of concern for car insurance companies and lawmakers alike, as standards for handling such scenarios will inevitably need to be put into place.

Not only is the integrity of the individual networks important, but so is the interconnectedness of the networks themselves. Services like Trillium’s SecureCAR that provide powerful encryption and authentication solutions for in-vehicle networks will rapidly become a necessity as cars become more integrated into the Internet of Things. As different forms of connectivity are added to the smart cars of the future, the number of attack surfaces that need to be protected increases at the same rate. To this end, static, unintegrated cybersecurity solutions will not hold up.

In a quote from professor Martyn Thomas, an IT expert at Gresham College, Financial Times brings to attention the necessity of speed in administering fixes to such problems. To reliably and efficiently keep an entire fleet of vehicles protected in such a constantly changing environment, smooth Over the Cloud updates such as those provided by Trillium’s SecureOTA are a necessity. The fixes need to be available as soon as an attack is discovered, and must be as un-intrusive as possible to minimize the disruption of customers’ everyday lives.

In the Wake of WannaCry

Last Friday gave the world a taste of the devastation a full-fledged cyber-attack can bring. Wannacry, as the ransomware attack has been dubbed, spread to over 150 countries, attacking individuals and corporations alike.

Even a Fortune 500 such as  Nissan was brought to its knees, as according to Business Insider, five of its plants had to stop production in the wake of this cyber-attack. The damage to the plants caused by this attack is almost ironic, as automotive plants are known to have very strict security measures in place when it comes to physical security. To protect the plant, anyone wishing to enter a plant often must be subject to metal detectors, searches, and other evaluations of their bodies and personal affects before being granted entry.

The devastation caused by this malware attack truly shows the importance of a layered approach. Corporations that focus on single layered defense, while neglecting others will find themselves at the mercy of attacks to their weak points. Trillium prides itself in its multi layered approach to cyber security, securing both the hardware and software aspects of in-vehicle networks. For example, our SecureIXS provides a strong firewall that repels any unwanted foreign messages from entering the network, while making use of AI-enhanced machine learning techniques to strengthen its defenses over time. This is further capitalized on with our seamless over the air updating schematic, allowing our products to always be ready to handle the newest cyber-attacks.

Seeing news like this further strengthens our determination to securing the world with our products, in the transportation space and elsewhere. This event serves as a harsh reality check for those companies that have neglected the importance of cybersecurity in protecting themselves, and we hope that this will motivate those corporations into taking preemptive actions to ensure a tragedy like this doesn’t reoccur.

Link to Original Article:

Autonomous-Drive Enabled Cities On The Rise – Cyber Security the enabling factor

With technology already at the point capable of enabling autonomous drive, the age of self-driving cars are now awaiting for the infrastructure to make it a reality. Some cities around the globe have already started to allow open-road testing of self-driving vehicles.

A recent piece from Motherboard explains the significant changes coming to the industry, that will evolve the current system.

The age of self-driving cars is indeed around the corner and with it, traditional businesses based off of human error, which will no longer be, will be faced with a significant model shift. “Self-driving vehicles have the potential to significantly disrupt the traditional auto insurance industry.” (PricewaterhouseCoopers, 2013).

The single biggest hurdle to overcome, to make this human error free, safer transportation landscape real  is undoubtably the deployment and development of cyber security to protect the systems that make it all possible.

This is the contribution that Trillium will play – to protect the infrastructure through an adaptive automotive cybersecurity subscription solution that will enable the security needed for autonomous drive solutions.  Paving the way for the the next generation of insurance policies.

Read the full story here