This article also appears in
Subscribe now »

Doug Britton of Kaprica Security makes a point during the Cybersecurity panel at the SAE 2016 World Congress. Other panelists shown include Gloria D’Anna of General Telecom Systems (at left background), Dan Massey, and DoT’s Kevin Harnett. (Paul Weissler)

Cybersecurity experts confess their greatest worries

What keeps you up at night? Cybersecurity experts at the SAE 2016 World Congress were asked about their deepest worries during a panel session on the levels and nature of cyber challenges. Their responses:

"Identity theft, compromised commercial vehicles that affect domestic logistics systems, and a horrific event that affects our first responders' ability” to deliver aid, said panel moderator Gloria D’Anna, President of General Telecom Systems.  

“Patient, understated attackers” were cited first by Doug Britton, CEO of Kaprica Security. They’re not in it for headlines, he said, and “you’ll never know they were there” until perhaps 10 years later, if then. Will you become good enough to see them, he asked, because “they’re already here.”

Such attackers aren’t looking for a few social security numbers; they want an opportunity to get them all. Britton added there is a no uniform understanding of attack methods or distribution of secure coding capabilities in the world of cybersecurity.

The need for available mature security solutions that can be immediately deployed was cited by Brian Murray, Global Director, Safety and Security Excellence at ZF TRW. An overarching concern, he said, is getting the level of design focus to provide both the functional requirements of componentry along with reasonable safety as well as security.

Worry about nation-state-sponsored attackers causes insomnia for Dr. Andre Weimerskeich, a University of Michigan researcher. And he raised the issue of efficiently testing many possible new solutions in erecting defenses.

Dr. Weimerskeich currently has projects in automotive intrusion detection, providing secure CAN/on-board communications, management of the many issues associated with vehicle keyfob systems ) and V2X (vehicle to infrastructure). He also has a project to develop a resilient reference electronic architecture for cybersecurity systems development.

Vulnerability of the U.S. government's vehicle fleets is a logical worry for Dan Massey, Program Manager in the Dept. of Homeland Security's cybersecurity division. And he also sees this issue: “As cyber physical systems and the Internet of Things add new features to devices on which we all depend, are security design issues being overlooked?"

What about the motivation of cyber-criminals to perform zero-day (no warning) attacks? That gives nighttime jitters to the Dept. of Transportation's Kevin Harnett, Program Manager at the Volpe National Transportation Systems Center. He tosses and turns thinking about how to implement interim countermeasures to provide security for government vehicles, including application of best practices and industry standards—and use of aftermarket devices when appropriate.

A cyber-attack on U.S. aviation from a nation-state makes Faye Francy, Executive Director of Aviation-ISAC (Information Sharing and Analysis Center), a poor sleeper.

Continue reading »