Plenty of phish in the sea
Cybersecurity conference at UND attracts hundreds while boosting awareness, promoting research
Once upon a time, automotive security involved locking the door and taking the keys.
But these days, there’s a reason why that statement sounds like the first line of a fairy tale.
These days, the typical new car basically is a supercomputer on wheels, using a total of some 100 million to 150 million lines of code to operate everything from the steering to the engine to the brakes. Moreover, the cars typically are connected to the Internet, meaning hackers can access the vehicle’s network and listen in as the occupants speak — remember, the electronic network includes a microphone — or access the occupants’ networked smartphones and get personal information, or even cause a crash.
That’s on top of hackers being able to capture and mimic a key fob’s transmission, and thus stealing a car within seconds. And if all of the above is sobering, it’s meant to be, said Srinivasagan Ayyappan, senior expert on infotainment cybersecurity for the Aston Martin Lagonda luxury-car manufacturer in the United Kingdom.
“Think of it: Cars are becoming mobile offices, our homes away from home, and we have Internet in the vehicle,” he said.
That means the payment accounts stored in your vehicle’s infotainment system can be accessed by a hacker, as can the past and current GPS location info, as can safety features such as lane-departure warnings, as can …
“In short, do we need automotive cybersecurity? Definitely,” Ayyappan said.
Free and open to the public
Ayyappan was one of the featured speakers at the 2022 Cyber Awareness & Research Symposium, an event hosted by the Center for Cyber Security Research at UND. The event was held both online and in the UND Memorial Union, and it attracted some 240 registrants, said Prakash Ranganathan, the center’s director and an associate professor of Electrical Engineering at UND.
“We have a wide variety of people participating — a combination of industries, faculty and students, including graduate, undergraduate and even high school students — and on a wide variety of aspects of cybersecurity,” Ranganathan said as the conference wrapped up. “And I think everybody learned from and enjoyed it. I know I did.”
The symposium’s goals were twofold, Ranganathan said. It was meant first, to boost awareness for the community; and second, to showcase and spread awareness of the cybersecurity research being conducted at UND and elsewhere.
With those goals in mind, the symposium was free and open to the public, but also presented national-level research and discussion on critically important topics in cybersecurity. Some 30 researchers stood beside and presented posters describing their work, while panel discussions explored topics such as cyber resilience, cyber risk management and cybersecurity for the electric-power grid.
Among the speakers addressing the conference was Mark Hagerott, chancellor of the North Dakota University System, who spoke remotely from Bismarck.
“I can tell you as a former cyber professor and deputy director of a cybersecurity center, the work you’re doing is among some of the most important being done anywhere,” Hagerott said.
Why? Because the emergence of technologies such as intelligent machines and networks is presenting the world with challenges that have never before been seen, Hagerott said. Moreover, those challenges are showing up in virtually every domain of modern life, from the suburban kitchen with its smart appliances to the command-and-control of various nations’ nuclear postures.
Furthermore, all of those linked technologies and networked machines have a security component.
“And that’s the issue you’re dealing with right now: the cybersecurity problem,” he said.
Experts are hard-pressed to name a more important technological issue facing the world in the 21st century.
A bipartisan effort
Sen. Kevin Cramer, R-N.D., also addressed the symposium and agreed with Hagerott’s assessment. But there’s one piece of very good news, which is that cybersecurity is among the key issues in Congress that draw strong and sincere bipartisan support, said Cramer, who spoke remotely from Washington.
“Over the past year, I’ve worked with my Senate colleagues on several bipartisan cybersecurity efforts,” he said.
“For example, in February, I joined a bipartisan letter that urged the Securities & Exchange Commission to increase transparency requirements for companies to include mandatory cybersecurity reporting, which is especially important for defense companies dealing with highly classified information and systems.
“In March, I joined another bipartisan letter urging Defense Secretary Lloyd Austin and Homeland Security Secretary Alejandro Mayorkas to provide resources for private and public institutions to defend against cyberattacks. It really is a bipartisan effort, as cybersecurity is among our most significant priorities, and we are doing what we can as lawmakers to bolster it.”
In short, the participants in this year’s symposium should be aware that they’re doing essential work, Cramer said.
They’re doing a task that urgently needs to be done, he added: “You have brought together a broad audience of academics, students and industry professionals to further what’s really a very important mission. So, thank you.”