HackingA growing threat: Car hacking

Published 26 May 2015

A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking. Researchers are now looking into the growing threat of automotive hacking. “More and more in your everyday life you see that we’re automating physical systems,” one researcher says. “And unlike an information system, a physical system could kill you by accident.”

A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices.

In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking.

On Friday, Virginia governor Terry McAuliffe announced a public-private working groupto address the threat of automotive hacking. A U.Va. release reports that the University of Virginia, the Virginia State Police, and the Charlottesville security firm Mission Secure Inc. will play key roles in conducting this joint research project between various government agencies and private firms.

McAuliffe appointed Barry Horowitz, professor and chair of U.Va.’s Department of Systems and Information Engineering, as a member of the Virginia Cyber Security Commissionin 2014, and Horowitz will help oversee the new research project.

“The motivation has been that more and more in your everyday life you see that we’re automating physical systems,” Horowitz said. “And unlike an information system, a physical system could kill you by accident.”

In 2012, Horowitz was part of a Department of Defense-funded research team that began identifying ways to protect unmanned aerial vehicles from cyberattacks on their controls. During that project, he and his fellow researchers realized that there were broader applications for their work. Together with U.Va.’s Licensing and Venture Group, they founded Mission Secure as a way to address threats to a variety of automated physical systems.

Mission Secure’s goal is to create a monitoring system that allows critical physical systems — like the vehicles used by the defense, energy, and transportation industries — to keep working during a cyberattack.

The new working group involving U.Va., the State Police, and Mission Secure will help the government gain an advantage over future cyber criminals by learning to anticipate and respond to possible threats before they occur.

“Our goal is to help with this vulnerability assessment and testing and see what is potentially possible for forensics,” Mission Secure CEO David Drescher said. “At some point when the police show up at an accident, they will need to determine whether that accident was caused by human error or whether some kind of a cyber incident occurred.”