Mar 23
2016

Surreal Paradigms… Automotive and Cybersecurity Cultures

Well – had a great time today at the 3rd Annual Cybersecurity Summit.  Basically there’s a lot of conferences out there on this subject lately, but I love the mixture I see with Cybersecurity experts and Engineers.

I did a 15 minute talk about how the Engineering and Cybersecurity cultures differ, and how we both need to focus more on the common good.  Highlighting Charlie Miller/Chris Valasek and compared him/them to Roger Boisjoly because they both found vulnerabilities in vehicles (Charlie/Chris – cars; Roger a rocket in the Space Shuttle Challenger).

It’s important because it’s been 30 years this year since the Challenger malfunction, and there’s a lot of parallels to be drawn (especially with hero’s of the industry being shunned for presenting findings that have scientific testing behind them).

We need to strike down the differences (both automotive and cybersecurity) and listen without prejudice when security researchers come forward with findings, as this helps to create an opportunity to fix issues. I’m sure business people are thinking about the money this costs, however – it may cost in the way of litigation as well.

Craig Smith/Charlie/Chris and Roger have been criticized from time-to-time and even shunned from companies for coming forward.  In short, I see the same type of environment (denial of the possibility of a hack) coming from various companies – just like there was a denial to fix the space shuttle issue and delay launch in 1986.

I highlighted the following video:

Basically following up to the video that the people in the conference has the ability to take action followed up by: “Conferences are OK, but Action wins the day!”

Automotive manufacturers have to take action to become more agile in response to various issues, and cyber warriors need to understand not everyone can talk about what’s going on in the automotive industry due to legal obligations (and the fact they want to keep their job to feed their children).

Overall, we need to foster (together) a wonderful environment/community and that’s the atmosphere we are creating at Walsh College in regard to our Cybersecurity vehicle certification.  However, it doesn’t need to stop there… as everyone can do it (the bigger the better)!

We are partnering with people and making connections across industry because we all have to be part of the solution.  Silos and keeping things closed source won’t work.

We have developed a two part course for understanding automotive systems and testing controls… along with providing findings to those people that actually want to partner with us (and yes there will be nondisclosure statements).

Think of the world of possibility and what we are all capable of if we take action and most importantly work together to combine our knowledge.  How fascinating!

Chris Valasek, Charlie Miller, and Craig Smith to name a few are great talented people and gifts to our cybersecurity community and most importantly the automotive industry.

Embracing their ideas, dropping the negative perception of a hacker in a hoodie, and recreating that impression as a partner at the table is important for all of our success.  Media tries to play and spin perceptions, don’t buy into it – it holds us back as a true team by limiting all of our potential.

We owe it to  ourselves as it is our generation’s responsibility to work together for a common goal.   We owe it to ourselves and to our children that will have to carry the weight after we are ready to move on to that beach and fun in the sun.

Link to the presentation is here: Walsh Connected Vehicles

This entry was posted in Information Assurance, New Technologies. Bookmark the permalink.