CypherCon 2024

Cyber Security and the Lure of the Open Road

Walter Schilling

Abstract:

The automobile of today is complex, with more than 150 million lines of code on board. It is a modern distributed computing system on wheels. It has large scale data aggregation, with between 100 and 200 sensors on board measuring environmental conditions hundreds of times per second. In 2021 alone during the heart of the pandemic, the industry used 9.7 billion electronic sensors in the production of new vehicles. This is the epitome of big data: multiple networked sensors. But this is just the start, as the first fully autonomous vehicles will have more than one billion lines of code on board. These vehicles will be networked. These vehicles will communicate with each other. These vehicles will need to be safe yet reliable. But these vehicles will also be under attack. The future success of these vehicles relies not only on appropriate handling of big data, quality software engineering techniques, but also ensuring that these systems are secure from cyber-attack.

This presentation will provide a brief history of cyber security as it is related to the auto industry, as the auto industry has had cyber security related concerns since the first micros were introduced in the 1970’s. More importantly, it will focus on the more recent concerns, including remote hacking, data collection and falsification, and firmware attacks.  It will also look at the current real-world concerns to the public welfare from denial-of-service attacks against traditional infrastructure by autonomous vehicles and the unreliability of the current prototypes.  It will look at threats against the systems using adversarial machine learning.  And it will also look forward, talking about the risks to autonomous vehicles if the integrity of inter-vehicle networking – and the big data stream between vehicles – is compromised.

Importance: In 1962, the first program to ever be broadcast on ABC TV in color was the first episode of the Jetsons.  This futuristic cartoon provided a humoristic look at the future, with a flying car that was inspired by a 1954 Ford concept car.  Today, we are more than half way to the time in which the Jetson’s was set: 2062.  While many of the things demonstrated were right, such as the ability to talk to computers, videoconferencing, and ordering food by touching a flatscreen, other aspects are as far away today as they were in 1962.  In the past decade, there has been significant hype about autonomous vehicles, with numerous startups entering the field.  For all this hype, however, we are still substantially far away from being able to engineer robust autonomous vehicles.  And in doing so, there are significant risks and tradeoffs which have not been covered.  The goal of this talk is twofold: to provide background knowledge about autonomous vehicles and, more importantly, to stimulate critical thought as to whether as a society this is the right approach to be taking given some of the known risks we are seeing.

While there will be some technical aspects, the talk does not require deep technical understanding or an engineering background.  That is key, for the decisions made impact the quality of life for all people, not just those who are technically savvy.

Walter Schilling

MSOE

Walter Schilling is a Professor in the Software Engineering program at the Milwaukee School of Engineering. He received his BSEE from Ohio Northern University and MS and PhD from the University of Toledo. Prior to returning to graduate school, he worked in the Detroit Metro area for multiple years as a practicing embedded software engineer within the automotive industry. He has spent time at NASA Glenn Research Center in Cleveland, Ohio, and consulted embedded systems companies in the Midwest. In addition to one U.S. patent, Schilling has numerous publications in refereed international conferences and other journals. He received the Ohio Space Grant Consortium Doctoral Fellowship and has received awards from the IEEE Southeastern Michigan and IEEE Toledo Sections. He is a member of WiCyS, IEEE, IEEE Computer Society and ASEE. At MSOE, he coordinates courses in software verification, real time systems, operating systems, and cybersecurity topics and has taught courses across the Software Engineering and Computer Engineering spectrums.