Public Affairs

The Internet of Things, My Car, and Cyber Threat Sharing

Posted Paul Ferrillo

Paul Ferrillo | April 19th, 2016

The Internet of Things, My Car, and Cyber Threat Sharing

There are certainly some mornings where I found myself exhausted and i think to myself, “I wish my car could drive me to the train station.” And perhaps while I am at work, my car could find its way to the service station for an oil change and inspection. And then, perhaps my car could find itself back to the train station in time for my train home.

Now cue the “Jetsons” theme song (“Jetsons, Meet the Jetsons”).

With the advent of driverless cars and technology once thought not possible, according to experts we are likely no more than 5 to 10 years away from true driverless vehicles. The benefits of this technology, if proven, could be substantial for many segments of the population.  However, left without check and balances, recent history has proven that in the wrong hands (that of a hacker), my car might decide (without my input) to drive itself into a ditch. In a recent speech to the SAE World Congress, Assistant Attorney General John Carlin noted that wireless transportation could be the next “battleground” for hackers. See “Automakers, Tech Industries Must Plug Cybersecurity Gaps, Says U.S. Official”. AAG Carlin noted that there are not yet firm rules of the road regarding the incorporation of wireless technology into vehicles. Leaving the industry left to voluntarily secure its vehicles in a “safe by design” manner. Carlin noted, “If you were able to do something that could affect a large scale of an industry — like 100,000 cars — you could see that being in the arsenal of a nation-state™’s tool kit as a new form of warfare….” 

Though certainly cyber safety could be mandated by statute, one less intrusive suggestion that AAG Carlin left with this audience is the concept of cyber threat intelligence sharing within industry sectors AND between industry sectors. For years, various industry sectors have shared threat intelligence with its members (for instance, the Financial Services ISAC) with great success. Government and private industry have also at times been successful in sharing threat intelligence information. Given the potential for common navigational technologies between vehicles and industry sectors, and given the potential harm to life and limb if cars and vehicles are subject to cyber attacks, transportation seems ripe for a bountiful and plentiful real time threat intelligence sharing platform.  Though threat sharing is recognized as beneficial within the IT community, surveys have indicated a reluctance among industry sectors to share information.

In this case, the costs of NOT sharing seem to far outweigh the benefits of sharing common threats among peer industry participants.  We agree with AAG Carlin that threat sharing in the transportation sector is critically important. Especially if I want my car to drive me home from the train station, safely and securely.

Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.

Paul Ferrillo | April 19th, 2016

The Internet of Things, My Car, and Cyber Threat Sharing

There are certainly some mornings where I found myself exhausted and i think to myself, “I wish my car could drive me to the train station.” And perhaps while I am at work, my car could find its way to the service station for an oil change and inspection. And then, perhaps my car could find itself back to the train station in time for my train home.

Now cue the “Jetsons” theme song (“Jetsons, Meet the Jetsons”).

With the advent of driverless cars and technology once thought not possible, according to experts we are likely no more than 5 to 10 years away from true driverless vehicles. The benefits of this technology, if proven, could be substantial for many segments of the population.  However, left without check and balances, recent history has proven that in the wrong hands (that of a hacker), my car might decide (without my input) to drive itself into a ditch. In a recent speech to the SAE World Congress, Assistant Attorney General John Carlin noted that wireless transportation could be the next “battleground” for hackers. See “Automakers, Tech Industries Must Plug Cybersecurity Gaps, Says U.S. Official”. AAG Carlin noted that there are not yet firm rules of the road regarding the incorporation of wireless technology into vehicles. Leaving the industry left to voluntarily secure its vehicles in a “safe by design” manner. Carlin noted, “If you were able to do something that could affect a large scale of an industry — like 100,000 cars — you could see that being in the arsenal of a nation-state™’s tool kit as a new form of warfare….” 

Though certainly cyber safety could be mandated by statute, one less intrusive suggestion that AAG Carlin left with this audience is the concept of cyber threat intelligence sharing within industry sectors AND between industry sectors. For years, various industry sectors have shared threat intelligence with its members (for instance, the Financial Services ISAC) with great success. Government and private industry have also at times been successful in sharing threat intelligence information. Given the potential for common navigational technologies between vehicles and industry sectors, and given the potential harm to life and limb if cars and vehicles are subject to cyber attacks, transportation seems ripe for a bountiful and plentiful real time threat intelligence sharing platform.  Though threat sharing is recognized as beneficial within the IT community, surveys have indicated a reluctance among industry sectors to share information.

In this case, the costs of NOT sharing seem to far outweigh the benefits of sharing common threats among peer industry participants.  We agree with AAG Carlin that threat sharing in the transportation sector is critically important. Especially if I want my car to drive me home from the train station, safely and securely.

Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.

  • [blog_shorcode_show]