With this summer’s tragedy at sea with our navy destroyer, the USS John S McCain, serious questions arise. Who’s steering the ships?
The US military has embraced technology like no other entity in the world. Initially, the Navy said that they were investigating whether these serious and tragic incidents at sea might have been caused by a cyber attack. This was especially prudent considering the current tension between the US and North Korea in that area of the world.
When the pilot steering a ship turns the ship, the steering device sends a signal to the rudder to turn. A wireless signal then tells the rudder how to respond. There are no physical connections from the helm to the actual rudder.
Many of us have warned our leaders for decades that technology is a double-edged sword. Security must be built in before deploying the technology in a real-world operational environment.
This applies to private sectors as well, including the automotive and aerospace industries. Fortunately or unfortunately, depending on one’s perspective, technology developers don’t think like criminals, terrorists, or rogue national leaders.
In 2013 I was asked to speak at an auto hacking camp sponsored by a prestigious university, a world class research company, and the auto makers. The same technology used in our naval vessels is used in automobiles today. You turn the wheel or step on the accelerator or brake, and a wireless signal is sent to the actual device telling it how to respond. Nothing could go wrong there!
One of the automotive executives asked me why a criminal/counterintelligence investigator from the Department of Defense would be interested in attending and speaking at their conference. I was totally shocked by the question.
I told them that as an investigator, I wanted to understand the forensics of an accident in order to investigate whether the incident could have been caused by a criminal or terrorist act. The auto executive asked me why someone would intentionally cause an accident. Scary!
But this is still the mentality that we in the community must change. Executives and developers (governments and private sector) must understand and address the threat in the development stage. They must not wait until the technology is deployed in an operational environment.
When will we start taking necessary precautions to ensure we know who is driving our cars and steering our ships?
Jim Christy is VP of Investigations and Digital Forensics at Cymmetria. Jim retired from the U.S. government in 2013, ending a career investigating computer crimes and running digital forensics labs that began in 1986 at the Air Force Office of Special Investigations.
Jim can be reached by email at firstname.lastname@example.org.
Connect with Jim on Twitter: @jimchristyusdfc