CSI Distinguished Speaker Series continues with Faye Francy, Auto-ISAC
On Friday, Feb. 14 the CSI Distinguished Speaker Series continued, sponsoring an hour-long talk by Auto-Information Sharing and Analysis Center (ISAC) mogal Faye Francy in the Lower Hangar. The ISAC Francy spoke of is a blending of automotive and aviation industries. Francy is a major player, leading two collaborations to combat cyberattacks in the public and private sectors. With a future-oriented perspective, Francy suggests renaming the Department of Transportation to the “Department of Mobility.”
Improving safety of automobiles is a paramount concern, especially considering the 40,000 annual deaths caused by vehicle accidents, Francy mentioned. In this sense, cybersecurity is key to saving lives as well as businesses. Francy explained the risks businesses experience when a cyberattack occurs: endangerment of customers, damage to the brand and reputation, undermining of trust in connectivity and autonomy, exposure to costly litigation, and overall disruption to the business. A real-life example of this is the 9/11 attack, which caused “a 10-year aviation industry setback,” according to Francy. Francy shared her firsthand experience with the emerging, asymmetric cyber challenges facing the industry, re-coining another term: IOT to mean “Internet of Threats.” Additionally, back in July 2015, Wired Magazine’s Andy Greenberg featured a hacked Jeep Cherokee. A cybercriminal exercised a zero-day exploit by hacking the vehicle while it was still on the highway, utilizing the automotive “vulnerabilities of the cellular card, head unit SOC processor, and the microcontroller.” This is the modern-day kryptonite bar. Criminals have evolved from physical attacks to cyberattacks. In parallel, Auto-ISAC has transitioned from the digital age to connected vehicles to connected vehicles integrate across systems (SOS).
In conclusion, the value of public and private partnerships is unprecedented, and especially needed for defense against cyberattacks. Francy’s main suggestion for protection is a “security by design” framework. She recognizes the automotive attack vectors being “keyless entry, servers, mobile applications, and OBD ports” and targets her thwarts against them. Overall, Francy and her collaboration of industry giants at the Auto-ISAC are working side-by-side to ensure the industry is not derailed by cyberattacks.