On Hacking Automated Trucks #cybersecurity #y2k #iot

Regarding this article from a post on Linked In:


Is #cybersecurity the #Y2K of this generation?

This author seems to think so. This is telling:

“Yes, that [hacking automated trucks] is possible, but the designers of these systems are aware of the issue and are putting measures in place to avoid it.”

This completely misses risk calculation that needs to be made when creating real-world/IoT systems. Any organisation that builds such system needs to account for risk. Dismissing risk, especially as real as #cybersecurity, may be to the significant detriment of that organisation.

Let’s assume that designers are good and working to put into place systems to alleviate cybersecurity risk. First, designers are not infallible and make mistakes. Second, there are errors of omission, and those most often are completely innocent. Third, even if the designers of the systems were 100% correct in their designs, there’s still the testing that has to be done, and that can miss things. Fourth, there’s the consequence that when you combine pieces together, you get issues that are present in the large system that wouldn’t be in the smaller pieces. (See anything on chaos theory.) Fifth, there’s real-world usage which will often never include scenarios that you’d find building something – ever seen lightning during a snowstorm? I’m guessing it’s not included in the “testnet” on which automated truck software manufacturers make their software, and probably not even included in their simulators. This much has already been shown with Tesla and other AI vision manufacturers. (That’s not to say this derails all building of such systems, merely that the “well intentioned design” theory has some sub-optimal manifestations.)

Addressing again the main point of “hacking in” – while we’ve not seen this (in the public’s knowledge?) per se in the automated vehicle world, there are COUNTLESS examples of it elsewhere. The designers of nuclear systems, who undoubtedly designed their systems well and purposefully – have been experiencing increased attacks lately. The idea of people attempting to hack automated trucks is not a worst case scenario and should have been taken seriously as an extension of the conversation, and as part of an overall risk calculus. If the author didn’t want to participate, he should have walked away, rather than negating a realistic risk for which people must account.

(Picture taken from linked article.)