1 00:00:00,910 --> 00:00:04,040 Your organization may have a lot of different vehicles, 2 00:00:04,040 --> 00:00:06,570 depending on what kind of operations you're involved in. 3 00:00:06,570 --> 00:00:08,480 For example, if you run a warehouse, 4 00:00:08,480 --> 00:00:10,430 you may have forklifts and trucks. 5 00:00:10,430 --> 00:00:11,730 If you run a delivery service, 6 00:00:11,730 --> 00:00:13,720 you might have cars and motorcycles. 7 00:00:13,720 --> 00:00:16,040 Maybe you even have unmanned aerial vehicles 8 00:00:16,040 --> 00:00:18,620 if you work with law enforcement or the military. 9 00:00:18,620 --> 00:00:19,620 Each of these vehicles 10 00:00:19,620 --> 00:00:21,660 has their own control systems on board 11 00:00:21,660 --> 00:00:24,740 and many of these are now becoming networked together. 12 00:00:24,740 --> 00:00:27,850 Automobiles are becoming more and more advanced everyday. 13 00:00:27,850 --> 00:00:29,760 Some cars can even drive themselves 14 00:00:29,760 --> 00:00:32,260 while others have fantastic touchscreen displays 15 00:00:32,260 --> 00:00:34,360 that do everything from controlling the air conditioning 16 00:00:34,360 --> 00:00:36,570 to playing music to even driving the car, 17 00:00:36,570 --> 00:00:38,420 in the case of some advanced cars 18 00:00:38,420 --> 00:00:40,890 like those that are manufactured by Tesla. 19 00:00:40,890 --> 00:00:41,840 All of these systems 20 00:00:41,840 --> 00:00:43,790 have to be connected together to communicate 21 00:00:43,790 --> 00:00:47,210 and it's what we call a Controller Area Network or CAN 22 00:00:47,210 --> 00:00:49,360 that does this connection in your car. 23 00:00:49,360 --> 00:00:50,750 This is great for operations, 24 00:00:50,750 --> 00:00:53,340 but again, it can be horrible for security. 25 00:00:53,340 --> 00:00:54,810 In fact, a couple of years ago, 26 00:00:54,810 --> 00:00:57,570 a team of security researchers got into a new jeep 27 00:00:57,570 --> 00:00:59,910 and tried to take over the onboard computer 28 00:00:59,910 --> 00:01:01,930 by breaking into that controller area network 29 00:01:01,930 --> 00:01:03,150 from the stereo. 30 00:01:03,150 --> 00:01:05,010 After rewriting some of the function calls, 31 00:01:05,010 --> 00:01:06,050 they were able to do it 32 00:01:06,050 --> 00:01:07,710 and they were able to turn off the car 33 00:01:07,710 --> 00:01:09,210 as it drove down the road. 34 00:01:09,210 --> 00:01:11,480 This again is something we don't want to happen 35 00:01:11,480 --> 00:01:13,400 and so security is important. 36 00:01:13,400 --> 00:01:15,080 Now, to prevent this from occurring, 37 00:01:15,080 --> 00:01:17,800 manufacturers use an air gap solution. 38 00:01:17,800 --> 00:01:20,430 An air gap is a method of isolating an entity, 39 00:01:20,430 --> 00:01:22,780 effectively separating it from everything else. 40 00:01:22,780 --> 00:01:24,620 So, in the case of an automobile, 41 00:01:24,620 --> 00:01:26,870 the engine's control unit should be isolated 42 00:01:26,870 --> 00:01:28,520 from the controller area network. 43 00:01:28,520 --> 00:01:30,250 This will ensure that the attacker can't jump 44 00:01:30,250 --> 00:01:32,930 from the radio or the air conditioning through the CAN 45 00:01:32,930 --> 00:01:35,680 and shut off the engine while the car is in motion. 46 00:01:35,680 --> 00:01:37,330 Whatever vehicle type you're using, 47 00:01:37,330 --> 00:01:39,900 you should look to include appropriate security policies 48 00:01:39,900 --> 00:01:41,140 to help protect it. 49 00:01:41,140 --> 00:01:43,280 This may include disabling advanced technologies 50 00:01:43,280 --> 00:01:45,360 and Internet connections, if you're the user, 51 00:01:45,360 --> 00:01:47,450 developing your code and using proper secure 52 00:01:47,450 --> 00:01:49,490 software development lifecycle methodologies, 53 00:01:49,490 --> 00:01:50,900 if you're the manufacturer, 54 00:01:50,900 --> 00:01:53,520 and ensuring that you minimize your system's open ports 55 00:01:53,520 --> 00:01:55,890 and services as much as practical. 56 00:01:55,890 --> 00:01:58,360 Remember, anything with a CPU and memory 57 00:01:58,360 --> 00:01:59,720 can serve as a computer. 58 00:01:59,720 --> 00:02:01,170 And if it's serving as a computer, 59 00:02:01,170 --> 00:02:03,083 it can be attacked or exploited.