Thursday, October 27, 2016

NHTSA Guidelines on Automotive Cybersecurity

The National Highway Traffic Safety Administration announces here a set of guidelines on best practices for cybersecurity of motor vehicles.

Tuesday, October 25, 2016

More on IoT-Driven DDOS Attacks

Extremetech writes here on the recent DDOS attacks on the Internet and possible long-term effects.

Saturday, October 22, 2016

DDoS Attacks Against Dyn, IoT Implicated

Bruce Schneier reports here on current attacks against the DNS service provider Dyn.  These attacks have in turn slowed down a number of Internet sites.  IoT bots have been implicated as the avenue of attack.

Tuesday, October 18, 2016

Return-Oriented Programming Attacks

I just learned about return-oriented programming attacks.  Wikipedia's discussion of the topic is here. These attacks are advanced forms of stack smashing attacks, but they rely on existing code rather than inserting entirely new code.

Friday, October 14, 2016

The Fuzzy Line Between Information Technology and Cyber-Physical Systems

NBC News reports here on a pair of computer problems that have caused flight delays.  In the past few months, both Delta and Southwest suffered computer problems that severely disrupted their flight operations.<p>
These problems were all related to information technology (IT)---traditional issues related to databases, networks, etc.  Nonetheless, they disrupted the physical plants of the airlines in the form of flight delays.  We often treat CPS and IT as separate domains but in the real world they blend together.<p>
Many utilities separate their billing and management IT systems from their computer systems that operate equipment.  Nonetheless, these systems must talk---you can't bill unless you know something about the equipment's operation.  And the operational computer systems that perform cyber-physical operations such as control make extensive use of hardware and software originally designed for IT.
<p>
A chain is only as strong as its weakest link.  If we want to build safe and secure cyber-physical systems, we need to be sure that IT and CPS work together.

Thursday, October 6, 2016

More Battery Problems For Galaxy Note 7

Extremetech reports here that a replacement Galaxy Note 7---one that had been provided by Samsung to avoid battery overheating---overheated and caught fire while on board an airplane.  Luckily, the airplane was still at the gate when this happened and the airplane was safely evacuated.  However, the airplane itself was damaged by the burning phone.

Sunday, October 2, 2016

Lessons from History on Autonomous Vehicles and ADAS

Many commentators refer to the surge commercial interest in automated driver assistance systems (ADAS) and autonomous vehicles as amazing, which is entirely true.  But many also refer to ADAS and autonomous vehicles as unprecedented, which is not so true.
<p>
One key concern for completely autonomous vehicles---those for which the passengers have no vehicle controls whatsoever---is how to mix them with driven vehicles and pedestrians.  We have seen before a mixture of vastly different vehicles, namely at the dawn of the automotive age.  Cars and trucks co-existed with horses and horse-drawn vehicles for several decades.  This was a difficult combination and one that bears a surprising resemblance to the mixture of autonomous and driven vehicles.  Horses are, after all, ultimately autonomous, something that becomes clear once you mount a horse and start to ride.  Silent motion pictures give us glimpses into this world.  Many silent pictures were filmed on the streets without benefit of modern film permits.  As a result, they captured typical interactions between motorized and horse-drawn vehicles.
<p>
ADAS has clear precedent in aviation.  Airbus airliners have for several decades been full-authority control systems---the controls do not always respond to the pilot's command if the control system believes that those commands are dangerous.   The Boeing 787 is also a full-authority control system. These planes have been involved in accidents that can be attributed, at least in part, on their control systems.  Even in the absence of accidents, a long-standing concern about these control systems is that they allow the pilot's attention to lapse, resulting in longer response times by the pilot in the case of something happening.
<p>
Perhaps the car companies are studying these historical precedents internally.  I certainly hope so.  We need to learn as much from history as we can in order to make the new generation of vehicles as safe as they can be.