For John, BLUF: Sure, it will be safer and more efficient, until someone hacks the program. Nothing to see here; just move along.
Here is the sub-headline:
Autonomous vehicles are giant security risk and the white hats need to get there before the black hats do.
From The Weekly Standard, by Mr Zach Aysan, 9 October 2018.
Here is the lede plus two:
Eight months ago I published my concerns about how autonomous vehicles could be weaponized at scale via cyber-attack. (For those who missed it, here’s the gist: Due to the all-or-nothing nature of certain classes of cyber-attack, self-driving cars and other autonomous systems can be utilized by hostile actors to create a coordinated mass attack.) It’s time for an update.I don't see a major threat during rush hour, but just before or just after rush hour, with lots of cars moving at speed, there could be thousands dead. Another 9/11, only more so. The reason is that once you hack all the cars on I-495 around Lowell you have probably hacked all the self-driving cars from Portland, Maine, to Washington, DC, and beyond. At that point it is only a question of how fast you can get out your signal before someone hits the kill switch.
At a closed-door Q&A session at the software hacking conference DEF CON, Elon Musk said that a fleetwide attack was Tesla’s “nightmare scenario” and announced that they were going to open-source their security modules so that automakers could work together to secure a safe self-driving future. (He later announced the security open source initiative on Twitter.) Musk’s announcement is a great start, and I’m encouraged, since an open source initiative is the single most important step to securing autonomous vehicles. But there have been other developments as well.
At an offensive cybersecurity conference earlier this year, former GCHQ information security specialist, Matt Tait, presented the keynote. (Lawyers know Tait as a Lawfare contributor and hackers know him as @pwnallthethings. It’s fun and strange when worlds collide.) One of Tait’s concluding remarks was that there are now numerous strategic threats to the world from a mass cyber-attack. Military planners call nuclear weapons and other weapons of mass destruction strategic threats because they impact military planning at the level that concern the national defence strategy. Tait used the specific example of a hijacked Windows update since it could wipe out complex logistics chains, or the power grid. The same type of strategic threat exists for autonomous devices as well. Tait then implored his fellow cybersecurity researchers to be careful with the consequences of their actions. To illustrate this, he displayed a mushroom cloud as the slide’s background image.
Hat tip to the InstaPundit.
Regards — Cliff