Brian Hay on motor cars and cyber security!
Published on CSO Online 26th February 2018 - an article by Brian Hay
A few years back I received another invitation to present at AusCert. I had presented at the AusCert conference for several years in a row previously so whilst humbled and privileged, it was also challenging as AusCert is an event where you’re supposed to be at the forefront of thinking and you’re expected to challenge paradigms of thought.
Thus, the gauntlet had been thrown to come up with something new. Being a person who believes that lessons from the past can add value to the future I thought, “What technology in the past has presented both opportunities and threats that we’ve managed to come to terms with that can provide us with lessons of learning to better meet the challenges of cyber security?”.
I picked the evolution of the motor car… worst consequence - road death. It took us nearly 100 years in this great country to get road tolls steadily declining. I took the audience on a journey of the evolution of the modern motor car which arguably commenced around 1886.
For the next 25 minutes we explored a myriad of interesting “factoids” of the modern motor vehicle - one of the most interesting was the fact that from 1895 to 1905 the New York Taxi fleet was powered by electricity supported by a network of charging stations around the New York environment. All the technology was going electric until 1905 when a fellow called Henry Ford could mass produce the internal combustion engine motor car for half the price of an electric vehicle… and the rest is history! Boy were those folks ahead of their time!
At the 25-minute mark I looked down from the stage into the eyes of the audience and I could see that whilst they were finding this interesting, there was also that look of bewilderment that said, “Very interesting Brian but what the hell has this got to do with cyber security?” This was AusCert after all.
On my second last slide I compiled 5 points that were effective in reducing the road toll:
• Education and awareness training of users and the community;
• Investment in the development of safety technology;
• Integration of that safety technology into the motor vehicle;
• Development of regulation and legislation; and
• Enforcement of that regulation and legislation
My very last slide was a repeat of those 5 points, but I removed the word “road” and replaced it with the word “cyber” and uttered, “Ladies and gentlemen, we’ve faced these challenges before and perhaps this is a blueprint upon which we can go forth”.
The crowd erupted with undying applause…. Well not really, but a polite token was provided as indication of acknowledgement of what I posited.
Interestingly, about 3 months later I was walking down the street when I chap stopped me and said, “You’re Brian Hay.”
I glanced him quickly up and down not recognising any immediate threat and cautiously said, “Yes”.
He responded with, “I saw your car story talk at AusCert.”
I said, “What did you think?”
He replied, “Very cool, but I have a question.”
“What’s that?” I replied
“Where are we on the lineal scale? On the timeline?”
I thought to myself “that’s a good question” and after a several seconds I said, “1950’s”
Somewhat astonished he asked, “The 1950’s! Why?”
I explained that in the 1950’s society was embracing the technology of the motor vehicle. People wanted it in their homes, it was in their workplace, Government was using the technology to connect to the community, we saw the emergence of brands and names that didn’t exist in people’s lives 20 years earlier, it was driving international trade, and it was disrupting “traditional business” such as rail.
They still had road death and there had been significant development of safety technologies, but it was an “opt in” exercise. In 1957 they invented the lap-sash seat belt. Started saving lives immediately - if it was worn. It
wasn’t until 1972 they passed a law that stated you had to wear it - that was the significant turning point!
He thanked me for the explanation and we’ve not met since.
About 18 months later I recall having a conversation in Sydney with Kevin Mandia, now of Fire Eye fame and shared my car evolution theory with him.
He said he liked the theory, but he had one problem - the motor vehicle
didn’t have criminals attacking it constantly - sadly we couldn’t continue the conversation because he had to attend to an urgent meeting, but what I would have said to Kevin was that he was mistaken.
Organised crime has been attacking and exploiting the motor vehicle with international organised crime car theft syndicates for many decades not to mention the fraudulent motor vehicle accident enterprises that cost many millions. That too has diminished over time with the advent of better safety technology, GPS tracking, immobilisers, more regulation etc.
We saw motor vehicle manufacturers working with insurance companies, law enforcement, regulators, and community groups to make their products not only superior in performance, but harder to steal, and more importantly integrated with more safety technology to increase the likelihood of surviving a critical accident.
We are about to enter the 1970’s. Later this month we see the commencement of the Mandatory Data Breach disclosure legislation, a true turning point in the mandated protection of data, systems and citizens in this country. We are about to hit 1972 and we need to embrace this change and use it as the driver to accelerate our safety and protection of our organisations, society and communities.
So let’s get Step 1 in the plan nailed – build an organisational culture that enables our people to exploit cyber technologies and digital transformation journeys safely and securely.