Tag Archives: cybersecurity

Inspiring Improvement in the Field of Automotive Cybersecurity

A few weeks ago, I submitted a post about cybersecurity in the automotive industry, specifically about Volkswagen’s foray into invested into cybersecurity for automotive computers. Earlier today, the U.S. National Highway Traffic Safety Administration (NHTSA) suggested that automakers should “make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life.” These are not enforceable rules, but strong suggestions from one of the government institutions that are partially responsible for the creation of future regulations that will more strictly govern the automotive industry as a whole.

The NHTSA poses many potential security upgrades in their proposal, entitled “Cybersecurity Best Practices for Modern Vehicle.” Some of these suggestions are moves that manufacturers, like Volkswagen, are already putting into place. Most of the proposals made in the proposal are becoming standard operating procedure for automotive companies, while other suggestions are less likely to be taken into consideration. One proposal in question relates to the disclosure of proprietary information about critical components of electrical and data systems within vehicles. Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, explained in an interview that this section of the industry is incredibly competitive and that companies will probably avoid disclosing this information until they are required to.

As I mentioned in my last post, the threat of automotive hacking, while still extremely small, is becoming an increasing threat. As companies begin to offer significant vehicle upgrades through wireless data links, much the same as Tesla has been over the past few years, the need for secure connections will continue to grow. Massachusetts Senator Ed Markey agrees with this sentiment and stated in an interview today that “if modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.” I couldn’t agree more with this sentiment. As technology continues to impact our lives in increasingly different ways, the need for knowledgeable cyber security experts will continue to grow.

Cybersecurity in the Automotive Industry

Over the past decade or two, RMU has grown into a rather diverse university in regards to the variety of degrees available. With the influx of new technology during this time period, the need for cybersecurity has risen exponentially. RMU’s cyberforensics and information security program has done nothing but grow since its inception. If you were to ask students in the program where their dream job would be, most would probably respond with a government, law enforcement, or financial institution of some sort. If you happen to ask the same question at some point in the near future, you may be surprised to discover students who are looking for work in the automotive industry.

As I mentioned before, the growth of technology and integration of tech into our everyday lives has created new weak points for cyber criminals to exploit. Computers are increasingly being used in vehicles to control and operate basic functions and a number of features, such as remote engine start, can now be controlled through the use of smartphone apps. To combat the risk that modern vehicles are threatened with, Volkswagen is teaming up with Yuval Diskin, the former head of Israel’s intelligence agency. The joint venture was created with the goal of protecting the next generation of cars from hackers. The new company, called CyMotive Technologies, will be primarily run by acting chairman, Diskin, while Volkswagen will possess a 40% stake in the company.

This may be the first time you have heard of a cybersecurity firm dedicated specifically to automotive security, but it won’t be the last. IBM and Harman are two other major companies that have previously invested money in other Israeli firms focused on automotive security. These companies are hoping to restrict and limit automotive hacking while it is still in its infant stages. While we do not know what automotive advances will look like in the future, or what kind of features will become the new standard, one thing can be assumed for sure: the need for competent cybersecurity professionals will continue to increase.

10th Annual Intersections Undergraduate Research Conference – Friday, April 22nd

Everyone is cordially invited to the 10th Annual Intersections Undergraduate Research Conference on Friday, April 22, from 11:45am – 5:00pm in Sewall 3rd Floor.

This is going to be an great event. RMU students are doing some incredible work. Over 100 students will be participating, with 14 panels and 19 poster presentations.  The schedule for the conference is here: http://honors.rmu.edu/urc/program

There will also be one presentation from the CIS department: “Mobile Security Threats: How Safe Is Our Data?”. This will be presented by John Weingartner, Sarah Pfabe, Jayson Phouthavong, Aaron Steinberg, and Brandon Adams. They will present in the Pennsylvania Suite from 4:00-4:45pm.

Security Presentation by Christopher Mellen, PNC – Tuesday, April 5th

Christopher Mellen, CIO with PNC Financial Services and former Director of Information Management within the Office of the Chief Information Officer for the Executive Office of the President of the United States (Whitehouse), will present in the Wheatley Atrium on Tuesday, April 5th from 3:00 – 4:30pm. The Top Secret Colonials are sponsoring the event and there will be pizza provided. PNC recruiters for interns and full-time positions will also be attending. Students attending will obtain SET credit for their participation.

TSC Logo.jpg

Christopher Mellen Bio:
Chris currently leads the Strategic Security Initiatives group within the office of the Chief Information Security Officer with PNC Financial Services.  Chris manages the overall strategic direction of the organization as well as operational management responsibility for Identity Access Management, Mainframe security, Attack Surface Management, and Applied Cryptography.

Prior to joining PNC, Chris was the Director of Information Risk Management within the Office of the Chief Information Officer for the Executive Office of the President of the United States.  His directorate consisted of the Records Management Branch, Cyber Integrity (eDiscovery and investigations), Information Assurance and Security Operations.

Chris has worked as the Director of Professional Services with SAIC’s Incident Response, Computer Forensics and eDiscovery Service groups. He also created and managed the Professional Services Division for AccessData providing incident response, digital investigations and litigation support services. Additionally, Chris has served as a Manager with Guidance Software Professional Services, a Special Agent with the Department of Defense, Cyber Counterintelligence Activity, and a Computer Crime Specialist at the National White Collar Crime Center in Fairmont, WV.

Chris also spent 11 years on active duty in the United States Marine Corps. While in the Marines, Chris served with the Military Police, Customs, the Criminal Investigation Division and the Naval Criminal Investigative Service (Cyber Investigations and Operations).

Chris holds a Bachelor’s degree in Criminal Justice from Colorado Technical University and Master’s degree in Computer Information Systems from Boston University.

Wombat Security – Wednesday, February 24th

The Top Secret Colonials are sponsoring a presentation by Wombat Security on Wednesday, February 24th from 4:30 – 5:30 pm.

Wombat Security is a cyber security company whose goal is to deliver software-based cyber awareness and training to help employees understand the risks associated with improper cyber practices and subsequently correct their behavior to strength an organization’s overall security environment. Wombat utilizes a Continuous Training Methodology to serve its customers, assessing the vulnerability of employees through a variety of custom knowledge assessments before seeking to educate on those flaws to maximize learning through a broad set of interactive training modules. Those customers who have implemented this approach have experienced up to a 90% reduction in successful phishing attacks and malware infections on their company.

This presentation will focus on the products Wombat delivers to its customers. During the presentation, Sean Ehrman and Jake Pancari will simulate a mock-phishing attack and demonstrate the training modules customers would go through should they fall for said-attack. They will also discuss the dangers of social engineering while reviewing a real case study before ending in a Q&A segment.

Students will earn 1 SET credit for attending.

Here is their website: https://www.wombatsecurity.com/

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

The U.S. Department of Homeland Security (DHS) has launched the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

In the 2016 Cyber Student Volunteer Initiative program cycle, over 80 student volunteer assignments are available at over 40 local DHS field offices across the country and eight participating DHS Components, to include Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), National Protection and Programs Directorate (NPPD), Office of the Chief Information Officer (OCIO), Office of Intelligence and Analysis (I&A), Office of Policy/Cyber, Infrastructure and Resilience Policy, Transportation Security Administration (TSA), and United States Coast Guard (USCG).

The Cyber Student Volunteer Initiative application period is open until January 29, 2016 through the USAJOBS portal (https://www.usajobs.gov/GetJob/ViewDetails/425296700).

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov