In May, as part of the Virginia Cyber Security Commission and Virginia Cyber Security Partnership, Governor Terry McAuliffe announced the launch of a new, collaborative public-private initiative to explore solutions to stop cyberattacks targeted at both state and civilian automobiles.
Wednesday’s event was effectively an unveiling of the progress that has been made via this mission.
McAullife, who appeared pleased with the mid-week update, said in a statement “this invaluable research is essential for the Commonwealth to advance its objectives to better safeguard our drivers, their vehicles and, especially, our public safety professionals. The data and protocols derived from this project are some of the first of its kind in the nation, and will be instrumental in facilitating a more universal discussion about mitigating the risks that potentially exist for vehicle fleets of all kinds.”
The organizations, businesses and individuals who were involved in this endeavor include: the Virginia State Police, University of Virginia, the MITRE Corporation, Mission Secure, Kaprica Security, Spectrum Comm, Johns Hopkins, Applied Physics Lab, Digital Bond Labs, the Aerospace Corporation, the Va. DMV in coordination with U.S. DOT’s Volpe Center and the DHS Science & Technology Directorate.
“Police cars are less equipped with electronics, and police communicate through private networks so they are not as vulnerable as a consumer. But the [cruisers] have many of the same features as a consumer car has and are potentially hackable,” Barry Horowitz, chair of the systems and information engineering department at the University of Virginia, told DarkReading.
During the test, described by Kaprica Security VP of public sector Peter Laitin, a 2012 Chevrolet Impala police vehicle was hacked, it’s engine was cut off and the team was subsequently required to present a defense for this sort of attack.
The team at Kaprica Security, a Reston, Va.-based Internet of Things (IoT) security startup, was selected to carry-out the development of a hardware product which could be manually installed into a new car’s console via a dongle—thereby inhibiting attacks that would affect critical components of the car—like its engine, transmission, brakes and lighting systems. In addition, this proof-of-concept tool can collect forensic data related to the hacker that initiated the attack. It’s among the first product of its kind, used to collect this sort of realtime cyberattack data on a moving vehicle.
“Striving for Excellence, Onward and Upward!”