In an era of ‘black hats’, denial-of-service attacks, worms, viruses and Edward Snowden, society is increasingly turning to computer scientists for solutions. While much of the debate has centered on cyber crime, surveillance and securing the Internet as we know it, computer scientists at UC San Diego see new threats arising as cyber security threats make their way into cyber-physical systems – those real-world systems that rely heavily on computers and networking to get things done. Like the electrical power grid, or the wireless communications infrastructure, there is growing evidence that the global transportation infrastructure faces escalating new security threats.
“…you don’t think of your car as being software version 3.1, but it is…these are fundamentally computers, it’s just that they’re computers that control a two-ton vehicle that we have hurtling forward with us in it at 75 miles an hour.”
– Stefan Savage: Professor, Computer Science and Engineering Department, UC San Diego Jacobs School of Engineering
Chair of the Computer Science and Engineering (CSE) department at UC San Diego Rajesh Gupta, an expert in cyber-physical systems, hosts two renowned cyber security experts from the computer-science faculty in UC San Diego’s Jacobs School of Engineering: Prof. Stefan Savage, and Prof. Hovav Shacham.
Since 2010, Prof. Savage and his team, including colleagues from the University of Washington, have generated controversy and debate over public policy after they demonstrated the vulnerability of modern automobiles to attack from hackers who can take advantage, directly or remotely, of internal as well as external digital components and systems in today’s cars.
Most recently, Prof. Shacham uncovered surprising security vulnerabilities involving the full-body backscatter, X-ray scanners deployed at entrances to airports, train stations and other public places.
“…passengers are going through a variety of devices…every single one of these devices…is a computer…we found the software is replaceable, our machine ran DOS, it ran Windows, it had no kind of access control on it…these were designed and evaluated in secret…either they found the same flaws we did…or in their testing they didn’t find these flaws…”
– Hovav Shacham: Professor, Computer Science and Engineering Department, UC San Diego Jacobs School of Engineering
So just how vulnerable is the global transportation infrastructure to cyber attack? Can computer science short-circuit attacks before they inconvenience or risk the lives of drivers, airline passengers and other consumers? And what can computer scientists proactively do to prevent future attacks… or will cyber security always be a reaction to new threats as they arise?