Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 5)

Andrew McLennan: Hacking cars is essentially a numbers game. What is the risk of your car being hacked when you’re doing 50 miles an hour? The only acceptable answer should be zero. Any other answer that means a non-zero chance of death due to software in your car is unacceptable. That would just kill the product.

Sramana Mitra: I know what you’re saying, but it’s not just the brakes switched off. It could be all kinds of other things.

Andrew McLennan: When we do have autonomous cars and they’re driving themselves, someone can hack the software and kidnap you. It could be anything from location tracking to stealing your car. It could be just stealing data that’s in your car for whatever purpose. There are so many hacks in car systems. It’s terrifying.

Sramana Mitra: That applies in the consumer context as well. I don’t want to be in a highly networked home where people can preview our surveillance cameras. If somebody hacks into the surveillance cameras and starts to intrude into my privacy, I have problems with that.

I’m sure retailers have huge problems because they’ve gone through incredible breaches. Target breach for instance was high profile and was highly publicized. I’m sure they’re wondering that if we expose the surface area for breaches, to what extent is the frequency of these kinds of problems going up? That’s really the question I was asking you. What are you seeing in terms of people’s willingness to roll out Internet of Things at a large scale?

Andrew McLennan: We do see that there are lots of commercial pressures for businesses. That’s absolutely a certainty. There is a great deal of fear as is a great deal of internal validation of previous schemes. There’s one retailer that had a problem where the mobile app got into the back-end system. There’s the inventory control side as well. Things are happening and breaches are happening. Corporate espionage is going on. Retailers are more scared than automotive.

Automotive adopted these systems because it had software control systems that made cars more efficient. You end up in a situation where it’s not just the fact that your car may have a hot spot in it, you’re in a classic security situation where can you trust the technician working on the car. What happens if the software  is attacked by malware? There are lots of interesting ways to compromise the system. The only thing that you can actually do to secure anything in any meaningful sense is to have to get that level of granularity. You need to have trust on that application.

This segment is part 5 in the series : Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure
1 2 3 4 5 6