ICYMI: Driverless cars, cyber espionage & the hidden cost of data breaches
This week's In Case You Missed It column considers early security questions on driverless cars, the hidden cost behind data breaches and new claims of industrial cyber espionage.
Security concerns voiced as UK trials driverless cars
UK forges ahead with driverless cars
UK business secretary Vince Cable announced this week that computer-controlled ‘driverless' cars are to be trialled in three cities from next year, with the government also offering £10 million in public funding to help develop related technology.
To date, driverless cars have been tested at Google and car manufacturer Nissan – as well as by researchers at the University of Oxford. They are already allowed on public roads in the US states of Nevada, Florida and California.
Up until now, however, they have remained banned from UK roads with the law stipulating that it is illegal for cars to operate without a driver in control. But Cable promised on Wednesday that the government will review the law, and that it will invite cities (cooperating with businesses and universities) to bid to trial the cars as test locations.
"Today's announcement will see driverless cars take to our streets in less than six months, putting us at the forefront of this transformational technology and opening up new opportunities for our economy and society,” Cable is reported to have said.
But the announcement has raised some issues, most notably on driver engagement (most people enjoy driving, the AA says) and information security.
On the latter, Matt Lewis, principal consultant at NCC Group, told Sky News that there are a multiple of issues to be addressed around in-car software. “From our research at NCC Group on current vehicles, not autonomous, we know that there are many issues in the software components that process sensor information so attackers could exploit that to gain control of a vehicle."
Head of research Andy Davis added in a blog post. “The risks posed are not just from the vehicles being hacked and control being taken, but also denial of service against their core functionality and sensor systems which may have an adverse effect on the vehicle's operation.
“We can expect the cars of the future to be highly connected which will present a rich attack surface for the ingenious, curious and malicious threat actors.”
These warnings come shortly after the FBI warned that driverless cars could be turned into ‘lethal weapons'.
China leading cyber espionage push
If any confirmation was needed that countries around the world are routinely engaging in industrial cyber espionage then all you needed to do was to cast your eyes in the direction of China.
Just this week, it was revealed that Chinese cyber spies compromised computer systems at contractors working on the Israeli Iron Dome System, and that they also attacked a Canadian research group with lot of intellectual property.
One commentator said to SCMagazineUK.com: “China doesn't care much for intellectual property laws.”
Separately, Kaspersky Lab revealed on Thursday that a cyber-espionage campaign, known as Energetic Bear (or Crouching Yeti), continues to target 2,800 enterprises worldwide, with particular emphasis on those in industrial/machinery, manufacturing, pharmaceutical, construction, education and IT.
In an in-depth analysis into the APT, the anti-virus giant found that the group used 219 domains in their C&C infrastructure, almost all of which were used on compromised websites. Interestingly, the firm said that the group stretches back four years but that they've started using new tools and targets in more recent times to reach a growing number of victims.