1 00:00:05,480 --> 00:00:09,519 Speaker 1: The idea that someone might impact a bunch of vehicles 2 00:00:09,560 --> 00:00:13,240 to cause accidents. It's real that absolutely could happen. 3 00:00:23,160 --> 00:00:26,879 Speaker 2: Welcome everyone to the Industrial Security Podcast. My name is 4 00:00:26,960 --> 00:00:30,359 Nate Nelson. I'm here with Andrew Ginter, the vice president 5 00:00:30,440 --> 00:00:34,759 of Industrial Security at Waterfall Security Solutions, who's going to 6 00:00:34,759 --> 00:00:38,039 introduce the subject and guest of our show today. Andrew, 7 00:00:38,240 --> 00:00:38,799 how's it going. 8 00:00:39,560 --> 00:00:41,759 Speaker 3: I'm very well, Thank you, Nate. Our guest today is 9 00:00:41,799 --> 00:00:47,759 Matt McKinnon, the director of Global Strategic Alliances at Upstream Security. 10 00:00:48,240 --> 00:00:50,439 And I don't know if you remember a number of 11 00:00:50,520 --> 00:00:53,240 episodes ago, we had a gentleman on talking about the 12 00:00:53,320 --> 00:00:57,159 canvas in automobiles, you know, the hundreds of CPUs in 13 00:00:57,359 --> 00:01:01,679 a modern automobile, and you know how that canvas, you know, 14 00:01:01,719 --> 00:01:06,760 that network of automation reached out to the cloud, to 15 00:01:06,840 --> 00:01:11,480 the vendor cloud whoever built the automobile, Matt, you know, 16 00:01:11,560 --> 00:01:15,159 and Upstream secure that cloud. So we're going to be 17 00:01:15,200 --> 00:01:20,040 talking about the security of cloud systems connected to automobiles. 18 00:01:20,680 --> 00:01:24,280 Speaker 2: Then, without further Ado, here's your conversation with Matt. 19 00:01:27,120 --> 00:01:29,760 Speaker 3: Hell On, Matt, and welcome to the show. Before we 20 00:01:29,799 --> 00:01:32,200 get started, can I ask you to introduce yourself to 21 00:01:32,200 --> 00:01:34,799 say a few words about your background and about the 22 00:01:34,840 --> 00:01:37,560 good work that you're doing at Upstream Security. 23 00:01:38,640 --> 00:01:42,120 Speaker 1: Hey, Andrew, thanks for having me today. Yeah. I've been 24 00:01:42,159 --> 00:01:44,959 working in network security or cybersecurity in general for the 25 00:01:44,959 --> 00:01:47,519 better part of the last twenty five years. Got started 26 00:01:47,519 --> 00:01:51,200 in network security, endpoint security, IoT security, did even some 27 00:01:51,319 --> 00:01:54,239 DoD work, and some cloud security, so kind of been 28 00:01:54,280 --> 00:01:56,680 around the cybersecurity market in a lot of different ways. 29 00:01:57,359 --> 00:02:01,799 Most recently, I've been working in automotive or mobility IoT security. 30 00:02:02,840 --> 00:02:05,719 This is in particular where I am today is Upstream Security, 31 00:02:05,719 --> 00:02:08,479 where we protect cars and trucks and tractors and pretty 32 00:02:08,560 --> 00:02:10,840 much anything that moves around and it's connected via cell 33 00:02:10,879 --> 00:02:13,439 you a network. I was really drawn to this company 34 00:02:13,479 --> 00:02:17,560 because of the connection between mobility and things that physical, 35 00:02:17,599 --> 00:02:20,759 things that move around in cybersecurity, and it really is 36 00:02:20,800 --> 00:02:23,280 easy to relate to everyday life and very rewarding to 37 00:02:23,280 --> 00:02:24,879 be able to work on something that we can sort 38 00:02:24,879 --> 00:02:28,400 of see and feel and observe in our every day And. 39 00:02:28,360 --> 00:02:31,840 Speaker 3: Our topic today is automobiles. I mean, we had a 40 00:02:31,840 --> 00:02:35,280 guest on a little while ago talking about the CANbus, 41 00:02:35,319 --> 00:02:39,159 in automobiles, in trucks, in you know, things that move. 42 00:02:40,319 --> 00:02:44,000 You're not talking about the CANbus. You're still talking about 43 00:02:44,120 --> 00:02:46,919 things that move, but you're up in the cloud. Can 44 00:02:46,960 --> 00:02:49,719 you explain to us, you know, what is that, what's 45 00:02:49,800 --> 00:02:53,360 what's happening out there, how does it work, and why 46 00:02:53,400 --> 00:02:54,319 should we be worried. 47 00:02:55,319 --> 00:02:58,439 Speaker 1: It's a great question, and it's really important to think 48 00:02:58,439 --> 00:03:01,639 about what's happening with with cars and with trucks and 49 00:03:01,680 --> 00:03:04,360 how they operate today and what's and how we think 50 00:03:04,360 --> 00:03:06,400 they're going to change in the future as well. So 51 00:03:06,439 --> 00:03:09,680 if we think about your modern car, it has really 52 00:03:09,680 --> 00:03:12,080 got a lot of computers in it, everything from the 53 00:03:12,080 --> 00:03:15,919 infotainment system to you know, the most modern things have 54 00:03:15,919 --> 00:03:21,280 autonomous driving. So those those cars, they the car itself 55 00:03:21,759 --> 00:03:26,080 can be can be compromised. Those cars communicate with the cloud. 56 00:03:26,360 --> 00:03:28,479 They send a lot of telematic data about where they 57 00:03:28,520 --> 00:03:30,719 are and what they're doing into the cloud. This is 58 00:03:30,800 --> 00:03:33,240 very useful for a lot of different purposes. We also 59 00:03:33,319 --> 00:03:35,680 have AP apps on our phones. We can schedule a 60 00:03:35,719 --> 00:03:38,599 remote start, or we can schedule service of the dealer 61 00:03:38,639 --> 00:03:40,919 and things like that in our phones. When we get 62 00:03:40,919 --> 00:03:43,560 into electronic vehicles, we have to charge them, and so 63 00:03:43,599 --> 00:03:45,400 we connect them to charging stations and we have to 64 00:03:45,400 --> 00:03:49,199 authenticate and pay for pay for electricity, and so what 65 00:03:49,199 --> 00:03:52,520 what Upstream is realized and recognized many years ago was that, 66 00:03:52,840 --> 00:03:55,039 you know, no longer can you worry about just securing 67 00:03:55,080 --> 00:03:58,400 the car itself. The car is part of this connected ecosystem, 68 00:03:58,759 --> 00:04:01,199 and if you're not looking at that ecosystem at once, 69 00:04:01,919 --> 00:04:04,479 you're really not looking at the full, full spectrum of 70 00:04:04,520 --> 00:04:09,319 what can be compromised. The other thing that's interesting to 71 00:04:09,360 --> 00:04:11,879 look at from the last five or ten years is 72 00:04:12,840 --> 00:04:17,680 Upstream does an annual report about the state of automotive cybersecurity, 73 00:04:17,720 --> 00:04:20,439 and we've been doing it since about twenty nineteen. There's 74 00:04:20,639 --> 00:04:24,839 really been a pretty dramatic shift in the cybersecurity or 75 00:04:24,879 --> 00:04:27,720 automotive cybersecurity over that time. You know, if you look 76 00:04:27,759 --> 00:04:30,759 back twenty fourteen twenty fifteen, people were trying to compromise 77 00:04:30,879 --> 00:04:33,120 or hack or steal one car at a time. But 78 00:04:33,199 --> 00:04:35,319 if you look at the data today, that's not the 79 00:04:35,360 --> 00:04:38,399 case at all. Over ninety five percent of the attacks 80 00:04:38,439 --> 00:04:41,319 that happened last year didn't even require physical access to 81 00:04:41,360 --> 00:04:44,720 the vehicle at all. Over fifty percent of the attacks 82 00:04:44,720 --> 00:04:48,600 that happened last year, we're attacks against thousands, if not millions, 83 00:04:48,639 --> 00:04:51,519 of vehicles at one time. So we're no longer talking 84 00:04:51,560 --> 00:04:54,759 about bad actors going after just trying to steal your 85 00:04:54,800 --> 00:04:57,759 car or my car. We're talking about bad actors who 86 00:04:57,800 --> 00:05:00,240 are really going after these connected systems. Though we just 87 00:05:00,240 --> 00:05:03,519 talked about and how can they compromise that entire system, 88 00:05:03,560 --> 00:05:04,839 not as one card at time? 89 00:05:08,199 --> 00:05:10,639 Speaker 2: Andrew, Before we get into all of the detail of 90 00:05:10,639 --> 00:05:12,720 what he said there, can you just give me a 91 00:05:12,759 --> 00:05:15,759 brief over few We've talked about it in a couple 92 00:05:15,759 --> 00:05:20,160 of episodes before. But what does the threat attack surface 93 00:05:20,240 --> 00:05:22,639 of my car look like? Because I have some notion 94 00:05:22,720 --> 00:05:24,519 that you know, my center console is a computer and 95 00:05:24,560 --> 00:05:27,240 maybe some other parts of the car, but it sounds 96 00:05:27,240 --> 00:05:28,040 like it's more than that. 97 00:05:28,720 --> 00:05:31,920 Speaker 3: Yeah, we had Ken Tindall on and he was one 98 00:05:31,959 --> 00:05:36,000 of the designers of the Canvas, which is the dominant 99 00:05:36,600 --> 00:05:40,720 communications system that's used in modern vehicles. I recalled that. 100 00:05:40,800 --> 00:05:43,399 He said, look, Andrew, at the rate at which we're 101 00:05:43,480 --> 00:05:46,399 adding features to the vehicles. So, for example, if you 102 00:05:46,959 --> 00:05:49,800 have a feature that says you can only start the 103 00:05:49,879 --> 00:05:52,319 car if your foot's on the brake, he says, for 104 00:05:52,360 --> 00:05:56,279 each feature, we used to run a wire, a small 105 00:05:56,720 --> 00:05:59,319 wire with an analog signal from let's say the brake 106 00:05:59,439 --> 00:06:03,639 sensor directly to the logic that controlled the key and 107 00:06:03,680 --> 00:06:07,360 the ignition. And there was a lot of features being added, 108 00:06:07,439 --> 00:06:09,920 and so for every feature, when one part of the 109 00:06:09,959 --> 00:06:11,959 car was relevant to another part of the car, you 110 00:06:12,000 --> 00:06:14,600 had to run a new wire. He said. They did 111 00:06:14,600 --> 00:06:17,319 a projection at the rate at which new features were 112 00:06:17,360 --> 00:06:20,879 being added. They figured that new cars by the year 113 00:06:21,000 --> 00:06:24,680 twenty fifty would be solid copper, which is of course nonsense, 114 00:06:25,240 --> 00:06:28,720 and so they invented the canvas. And so now most 115 00:06:29,000 --> 00:06:34,240 devices in vehicles that are relevant to a feature, like 116 00:06:34,600 --> 00:06:38,879 you know, the brakes, you know, when you're starting a 117 00:06:38,879 --> 00:06:41,879 car or something like that, they have a little CPU 118 00:06:42,199 --> 00:06:45,800 and they get power on one wire. They get the 119 00:06:46,639 --> 00:06:50,680 network communications on another little wire. And now every piece 120 00:06:50,680 --> 00:06:53,000 of the car has one, you know, two wires or 121 00:06:53,040 --> 00:06:55,199 maybe one if you can run both power and signal 122 00:06:55,199 --> 00:06:57,399 over the same wire, has one or two wires running. 123 00:06:57,439 --> 00:07:00,639 It was not a gazillion one for each of feature 124 00:07:00,680 --> 00:07:03,800 that is affecting another part of the car, which means 125 00:07:04,480 --> 00:07:06,560 a modern car has two or three hundred CPUs in 126 00:07:06,639 --> 00:07:09,879 it with you know, each CPU has a little wire 127 00:07:10,000 --> 00:07:12,160 or two running to it. This is this is the 128 00:07:12,160 --> 00:07:16,120 modern vehicle. There's a lot of software in the vehicle. 129 00:07:16,439 --> 00:07:19,959 Speaker 2: And then how does that connect to Matt's domain the cloud. 130 00:07:20,920 --> 00:07:25,519 Speaker 3: Yeah, so many vehicles are connected through the cellular network 131 00:07:25,600 --> 00:07:28,279 or by other means, but you know, satellite, whatever. But 132 00:07:28,319 --> 00:07:32,360 most often I think it's cellular to the vendor, whoever 133 00:07:32,439 --> 00:07:37,360 made the car, or you know, Matt's business upstream is 134 00:07:38,040 --> 00:07:42,839 upstream security is interested in the big eighteen wheelers, in tractors, 135 00:07:42,839 --> 00:07:45,639 in anything that moves. But let's stay with cars for now. 136 00:07:46,160 --> 00:07:50,199 You know, you buy a car from whoever, you know, Chrysler, Ford, whatever. 137 00:07:51,560 --> 00:07:55,399 A lot of the cars are connected cellularly into the 138 00:07:55,399 --> 00:07:58,120 cloud so that you know, you can on your cell 139 00:07:58,199 --> 00:08:03,160 phone start them remotely and effect charging. For electric vehicles, 140 00:08:03,199 --> 00:08:07,079 there's you know, these networks of two and three hundred 141 00:08:07,160 --> 00:08:10,639 CPUs in the vehicle are now connected through the Internet 142 00:08:10,720 --> 00:08:13,079 into cloud systems. And of course anything connected through the 143 00:08:13,120 --> 00:08:16,360 Internet can be attacked through the Internet. The cloud systems 144 00:08:16,480 --> 00:08:18,399 can be attacked through the Internet. And this is the 145 00:08:18,439 --> 00:08:22,360 focus of today's conversation is what's happening in these cloud 146 00:08:22,480 --> 00:08:24,399 systems and how are they being protected. 147 00:08:25,439 --> 00:08:27,160 Speaker 2: Maybe you get to this later in the interview. I 148 00:08:27,199 --> 00:08:30,480 don't know, but The statement that stood out most to 149 00:08:30,519 --> 00:08:34,440 me already from Matt was this notion that over fifty 150 00:08:34,480 --> 00:08:37,279 percent of attacks that happened in the last year were 151 00:08:37,320 --> 00:08:41,799 against like thousands or millions of vehicles at one time. Now, I, personally, 152 00:08:42,080 --> 00:08:43,759 I don't know if I'm just not up on the news. 153 00:08:44,120 --> 00:08:47,360 Have never heard of a cyber attack against a vehicle 154 00:08:47,639 --> 00:08:50,759 that wasn't conducted in a laboratory setting or in an 155 00:08:50,799 --> 00:08:55,279 experiment of some kind. So what exactly was Matt referring 156 00:08:55,320 --> 00:08:55,720 to there? 157 00:08:56,360 --> 00:08:58,519 Speaker 3: Well, that's a good question, and that, in fact is 158 00:08:58,960 --> 00:09:01,080 kind of the next question, and I asked our guests, 159 00:09:01,120 --> 00:09:02,919 so why don't we get back to Matt and have 160 00:09:03,080 --> 00:09:08,120 him give us the answer first? So that's a lot, 161 00:09:08,200 --> 00:09:10,879 you know, one hundreds thousands, millions of vehicles at once. 162 00:09:10,879 --> 00:09:14,480 Can you give us an example? What what has happened? 163 00:09:14,480 --> 00:09:16,320 What are we worried is going to happen? 164 00:09:17,279 --> 00:09:19,360 Speaker 1: Yeah, there's there's a variety of things that are happening. 165 00:09:19,799 --> 00:09:21,240 And I can give you a couple of real world 166 00:09:21,240 --> 00:09:24,320 of examples, things that we've seen in our in our 167 00:09:25,320 --> 00:09:29,440 in our company's interaction. So a couple of things. One 168 00:09:29,519 --> 00:09:32,080 is what what we like to call sort of a 169 00:09:32,200 --> 00:09:34,759 vind spray attack, and this is kind of interesting. So 170 00:09:34,879 --> 00:09:39,399 imagine a bad actor using their app on their phone 171 00:09:39,799 --> 00:09:42,519 to actually try to authenticate to many vehicles at one time, 172 00:09:42,559 --> 00:09:44,519 so not just connecting to their car, but connecting to 173 00:09:44,559 --> 00:09:47,840 many vehicles at one time. If you can trick a 174 00:09:48,000 --> 00:09:51,519 user into accepting sure you can connect. Now you've basically 175 00:09:51,600 --> 00:09:54,320 given control over of your vehicle and can remote start 176 00:09:54,399 --> 00:09:57,960 or modify your still date off your car. Don't have 177 00:09:57,960 --> 00:09:59,279 to be anywhere near you could be those out of 178 00:09:59,320 --> 00:10:01,559 the world, but use the APIs that are connecting your 179 00:10:01,639 --> 00:10:04,440 phone like you are supposed to, but using it in 180 00:10:04,440 --> 00:10:10,200 a malicious way. Similar kinds of examples with using enterprise 181 00:10:10,240 --> 00:10:14,240 IT and API security type of techniques to generate tokens 182 00:10:14,279 --> 00:10:17,759 to connect to many vehicles at one time execute remote commands. 183 00:10:18,200 --> 00:10:21,559 But also also cases that aren't directly stealing data, things 184 00:10:21,639 --> 00:10:25,120 like odometer fraud to roll back odometers so that your 185 00:10:25,240 --> 00:10:27,879 mileage on your car isn't as high as it you 186 00:10:27,960 --> 00:10:29,960 think or it really is, to be able to get 187 00:10:30,000 --> 00:10:34,080 a warranty claim, or stealing stealing power from an EVY 188 00:10:34,159 --> 00:10:37,679 charging station. So these are all variations on real, real 189 00:10:37,679 --> 00:10:40,720 things that are happening right now today. Some are very 190 00:10:40,720 --> 00:10:43,240 bad with people trying to take over other things. Are 191 00:10:43,559 --> 00:10:46,519 people trying to steal data and other times just people 192 00:10:46,559 --> 00:10:50,960 trying to sort of steal service or steal steal money. 193 00:10:51,600 --> 00:10:54,759 Speaker 3: So can we talk a little bit about who's doing this? 194 00:10:54,879 --> 00:10:57,919 I mean rolling back the odometer. You know, anybody who 195 00:10:57,919 --> 00:11:01,080 wants to cheat someone does this for their vehicle, for 196 00:11:01,240 --> 00:11:04,639 one vehicle. You know, there's little benefit to be had 197 00:11:04,679 --> 00:11:07,799 in rolling back the odometer for a million vehicles. You know, 198 00:11:07,840 --> 00:11:12,320 so people might want tamper with their own vehicle. Who's 199 00:11:12,559 --> 00:11:14,159 tampering with other vehicles? 200 00:11:14,200 --> 00:11:14,559 Speaker 1: Why? 201 00:11:14,720 --> 00:11:17,919 Speaker 3: Why would people do? This's what's in it for them? 202 00:11:18,440 --> 00:11:20,559 Speaker 1: It's a good question. And you know, like a lot 203 00:11:20,559 --> 00:11:21,679 of things, at the end of the day, a lot 204 00:11:21,679 --> 00:11:23,679 of times it just comes down to money. A lot 205 00:11:23,679 --> 00:11:28,279 of these attacks are based around stealing data and that 206 00:11:28,399 --> 00:11:30,960 and stealing data can be done by anybody, a lot 207 00:11:30,960 --> 00:11:34,679 of you know, people all over the world, bad organizations 208 00:11:34,679 --> 00:11:37,919 that are is ransomware. Effectively, it's just a specific variety 209 00:11:37,960 --> 00:11:42,879 of ransomware, people trying to steal data, sell data collected 210 00:11:43,000 --> 00:11:45,960 from a variety of things. There's another aspect which we're 211 00:11:46,000 --> 00:11:47,679 not seeing a whole lot of, but it is definitely 212 00:11:47,720 --> 00:11:52,080 a concern, which would be sort of the brand damage 213 00:11:52,159 --> 00:11:55,720 kind of thing. Imagine if someone were able to take 214 00:11:55,759 --> 00:11:59,120 control over an entire an entire fleet of vehicles, some brand, 215 00:11:59,200 --> 00:12:02,679 some might make in model, the impact of the fear 216 00:12:02,840 --> 00:12:06,000 that they would arise if that certain variety I don't 217 00:12:06,000 --> 00:12:08,639 want to name a specific one obviously, but would just 218 00:12:08,639 --> 00:12:12,559 stop working tomorrow morning, right, That would be tremendously upsetting 219 00:12:12,639 --> 00:12:15,200 to many, many people. So there's a variety of things there, 220 00:12:15,240 --> 00:12:16,759 but at the end of the day, the vast majority 221 00:12:16,799 --> 00:12:18,759 of it is really about stealing data that they can 222 00:12:18,759 --> 00:12:21,399 sell on other variations on ransomware and trying to get 223 00:12:21,440 --> 00:12:23,799 data from these automotive manufacturers. 224 00:12:24,240 --> 00:12:27,120 Speaker 3: You know, we're on the Industrial Security podcast. I worry 225 00:12:27,120 --> 00:12:31,799 about heavy industry. Now, what I don't know is, you know, 226 00:12:31,919 --> 00:12:35,679 how diverse the North American fleet of eighteen wheelers the 227 00:12:35,679 --> 00:12:40,360 big heavy trucks are. But I'm wondering, you know, is 228 00:12:40,399 --> 00:12:43,320 it credible that let's say a nation state, you know, 229 00:12:43,679 --> 00:12:46,399 Russia or China, someone who is involved in a physical 230 00:12:46,399 --> 00:12:50,639 conflict and wants to impair, you know, the delivery of 231 00:12:50,679 --> 00:12:53,279 goods in either the country they're fighting with or an 232 00:12:53,360 --> 00:12:57,200 allies like us of let's say the Ukraine. Is it 233 00:12:57,240 --> 00:12:59,799 credible that the Russians could break into one or two 234 00:12:59,879 --> 00:13:04,080 or three vendors the you know, the people who build 235 00:13:04,080 --> 00:13:06,679 the big eighteen wheelers and I don't know, remotely turn 236 00:13:06,720 --> 00:13:09,879 them all off like cripple a third of the nation's 237 00:13:09,960 --> 00:13:13,240 eighteen wheeler fleet by by GPS coordinate. Is that is 238 00:13:13,240 --> 00:13:14,480 that a credible scenario? 239 00:13:15,440 --> 00:13:17,399 Speaker 1: You know it is? And there's there's sort of two 240 00:13:17,440 --> 00:13:19,759 different dimensions that are worth talking about. There. One is, 241 00:13:19,840 --> 00:13:22,720 as you're describing, you know, trucking is a huge part 242 00:13:22,759 --> 00:13:25,080 of our critical infrastructure. And the you know, the CEASUS 243 00:13:25,159 --> 00:13:31,039 definition of what is critical infrastructure, and it ranges from manufacturing, 244 00:13:31,080 --> 00:13:34,879 emergency services and food and agriculture and healthcare and public safety. 245 00:13:34,960 --> 00:13:38,360 And it's true that if you're able to impact transportation, 246 00:13:38,480 --> 00:13:43,159 you can impact massively important components of the of the 247 00:13:43,200 --> 00:13:46,759 economy and our defense systems. So to your specific question, 248 00:13:46,879 --> 00:13:48,559 you know, can you can you go after trucks and 249 00:13:49,360 --> 00:13:54,559 disable a fleet when we're talking about cybersecurity, the big 250 00:13:54,600 --> 00:13:58,559 trucks are no different than cars, unfrankly heavy machinery for 251 00:13:58,879 --> 00:14:03,279 you know, manufacturing or mining or agriculture, as they're really 252 00:14:03,320 --> 00:14:05,840 all connected in very similar kind of ways, and we 253 00:14:05,919 --> 00:14:09,039 have actually seen real, real attacks like that. You know, 254 00:14:09,120 --> 00:14:11,879 last year there was an attack against something that's called 255 00:14:11,879 --> 00:14:14,960 an electronic logging device. It's not actually the truck itself, 256 00:14:14,960 --> 00:14:17,519 it's actually an IoT device that gets installed in a truck, 257 00:14:18,120 --> 00:14:22,639 and that device is used primarily for logging things like 258 00:14:22,960 --> 00:14:27,039 hours of service, speed and location, and used for expense management, 259 00:14:27,120 --> 00:14:30,360 fuel attax records, and things like that. But they're also 260 00:14:30,399 --> 00:14:33,240 connected directly to the trucks and to the CANbus of 261 00:14:33,279 --> 00:14:36,200 the trucks, so they become an attack factor. And if 262 00:14:36,240 --> 00:14:39,240 you can compromise this device, you know, have access to 263 00:14:39,799 --> 00:14:41,759 the actual operating system of the truck. And this did 264 00:14:41,759 --> 00:14:44,559 happen last year. It was pretty pretty massive. You know, 265 00:14:44,559 --> 00:14:46,600 there's over fourteen million trucks in the United States that 266 00:14:46,840 --> 00:14:48,600 they use these things. I don't know how many of 267 00:14:48,639 --> 00:14:52,720 them were actually impacted, but these devices were out for 268 00:14:52,759 --> 00:14:56,000 a better part of a month. Drivers had to report 269 00:14:56,000 --> 00:14:57,879 to paper and pencil to be able to track and 270 00:14:57,919 --> 00:15:01,639 log their hours, and to my knowledge, didn't actually impact 271 00:15:01,759 --> 00:15:04,639 the safety of those vehicles. Like your worst case scenario 272 00:15:04,720 --> 00:15:08,320 that you describemcginder didn't actually happen, but it gave us 273 00:15:08,320 --> 00:15:10,600 a real sort of eye opener of how close you 274 00:15:10,639 --> 00:15:13,120 could get if you really wanted to. 275 00:15:16,480 --> 00:15:19,120 Speaker 2: I was waiting for Matt to give some real life 276 00:15:19,120 --> 00:15:23,679 examples there, and it sounds interesting, although despite the severity 277 00:15:23,720 --> 00:15:25,279 of the case, I mean, he only mentioned it in 278 00:15:25,320 --> 00:15:28,720 one or two sentences. Andrew, I'm wondering if you have 279 00:15:28,879 --> 00:15:32,559 any more detail about that story he just referenced, or 280 00:15:32,799 --> 00:15:34,600 any other similar ones like it. 281 00:15:34,960 --> 00:15:37,360 Speaker 3: Well, I mean, Waterfall does a threat report, and I 282 00:15:37,440 --> 00:15:42,559 remember considering that incident for the threat report. Our criteria 283 00:15:42,639 --> 00:15:47,600 are different though. We count events that had physical consequences. 284 00:15:47,639 --> 00:15:49,679 And I remember looking at this event and saying, you know, 285 00:15:50,279 --> 00:15:54,360 the logging was impaired, but the physical process the trucks 286 00:15:54,720 --> 00:15:58,039 kept moving. They still delivered goods all over the nation. 287 00:15:58,480 --> 00:16:01,799 They weren't delayed at all. You know, some of the 288 00:16:01,840 --> 00:16:06,519 electronics the logging mechanism was impaired, and the operators, the 289 00:16:06,559 --> 00:16:09,480 drivers of the trucks had to fall back to manual operations, 290 00:16:09,840 --> 00:16:15,480 but the trucks kept going, you know. In in the 291 00:16:15,519 --> 00:16:19,240 report what what I recall, you know, in transportation is 292 00:16:19,279 --> 00:16:23,440 the second biggest industry hit by cyber attacks where there 293 00:16:23,440 --> 00:16:27,639 were physical consequences, and most of those incidents were where 294 00:16:27,840 --> 00:16:31,320 it systems were impaired that were essential to let's say, 295 00:16:31,320 --> 00:16:33,639 dispatching the trucks, so you had to stop the movement 296 00:16:33,639 --> 00:16:35,480 of the trucks because you couldn't figure out where stuff 297 00:16:35,480 --> 00:16:39,039 had to go anymore, shipments were delayed. This is the 298 00:16:39,039 --> 00:16:44,080 most common you know, sort of physical consequence of attacks 299 00:16:44,080 --> 00:16:49,679 where there were physical consequences in transportation. But this, you know, 300 00:16:50,399 --> 00:16:53,240 the scenario here where the where the clouds involved, This 301 00:16:53,320 --> 00:16:57,240 is sort of more reminiscent of a story we talked 302 00:16:57,240 --> 00:16:59,919 about a few episodes ago, you know, in the UK 303 00:17:00,039 --> 00:17:03,200 train the battlefront with the you know, the Russian invasion 304 00:17:03,279 --> 00:17:06,519 moved back and forth, and at one point the Russian 305 00:17:06,599 --> 00:17:10,119 army stole a bunch of John Deere farm equipment, five 306 00:17:10,119 --> 00:17:13,480 million dollars worth of it from a small town that 307 00:17:13,519 --> 00:17:16,759 they'd taken over from a John Deere dealership. John Deere 308 00:17:16,839 --> 00:17:19,799 was unhappy with this, you know, having their stolen equipment 309 00:17:19,839 --> 00:17:24,079 driven seven hundred kilometers into Russia. And so they reached 310 00:17:24,160 --> 00:17:26,359 through the cloud because they have cloud connections to all 311 00:17:26,359 --> 00:17:30,279 these vehicles, and turned off all of the stolen equipment. 312 00:17:30,880 --> 00:17:33,119 So that's an example not of a cyber attack, but 313 00:17:33,160 --> 00:17:36,799 of a capability that you know, a lot of people 314 00:17:36,880 --> 00:17:39,559 looked at that incident and said, you know, yay, stick 315 00:17:39,599 --> 00:17:42,119 it to the to the invaders, and then they said, 316 00:17:42,519 --> 00:17:46,279 just a minute, what just happened here? What if what 317 00:17:46,319 --> 00:17:48,079 if John Deeer gets it into their head to turn 318 00:17:48,119 --> 00:17:50,839 off all of the vehicles, all of the the tractors 319 00:17:50,880 --> 00:17:54,119 in Europe at planting at planting time? What if the 320 00:17:54,160 --> 00:17:56,200 Russians get it into their head to break into the 321 00:17:56,279 --> 00:17:59,880 John Deere cloud and do that. So this is you know, 322 00:18:00,160 --> 00:18:02,519 this is kind of the scenario that we worry about. 323 00:18:02,839 --> 00:18:06,200 But in the the Upstream Threat Report, most of the 324 00:18:06,240 --> 00:18:08,680 incidents I saw had to do with, you know, affecting 325 00:18:08,720 --> 00:18:11,519 thousands or millions of vehicles, had to do with theft 326 00:18:11,559 --> 00:18:14,519 of information from those vehicles and holding it for ransom. 327 00:18:15,920 --> 00:18:18,519 One of the reasons I asked you on as a 328 00:18:18,599 --> 00:18:23,640 guest is because you folks in Upstream have stuff that 329 00:18:23,680 --> 00:18:27,839 I've never heard of to address this problem. So, you know, 330 00:18:27,880 --> 00:18:31,160 having defined the problem, as you know, cloud systems can 331 00:18:31,200 --> 00:18:34,720 reach into cars and you know they're on the internet, 332 00:18:34,759 --> 00:18:38,079 they can be compromised, can you talk about your solution? 333 00:18:38,200 --> 00:18:40,640 What do you guys do and how does that work? 334 00:18:41,880 --> 00:18:43,640 Speaker 1: If I were to make it for those are your 335 00:18:43,880 --> 00:18:47,920 listeners that are at enterprise IT or familiar with enterprise security, 336 00:18:47,960 --> 00:18:49,680 Maybe I'll make analogy and then I can dive into 337 00:18:49,720 --> 00:18:52,960 the details. So the analogy for if you're if you 338 00:18:53,039 --> 00:18:55,400 understand sort of endpoint security or those kind of network 339 00:18:55,440 --> 00:18:57,559 security you're coming, you're familiar with the termin of an 340 00:18:57,599 --> 00:19:00,559 XDR platform, then you also need to or the operation 341 00:19:00,599 --> 00:19:02,319 center to manage that, and you probably want some threat 342 00:19:02,319 --> 00:19:05,799 intelligence to support that. And that's effectively what we've developed 343 00:19:05,799 --> 00:19:09,039 for you know, mobile mobile devices, cars and trucks and 344 00:19:09,079 --> 00:19:13,079 tractors in otherwise, So the three components there really are 345 00:19:13,359 --> 00:19:15,480 that XDR platform and what does that mean? That means 346 00:19:15,799 --> 00:19:19,920 we collect data from the vehicle itself, from the Telemannix cloud, 347 00:19:20,000 --> 00:19:22,039 from the APIs that are calling in and out of it, 348 00:19:22,359 --> 00:19:25,119 and we stitched that all together in the cloud in 349 00:19:25,279 --> 00:19:27,559 what it amounts to a digital twin of a vehicle. 350 00:19:27,759 --> 00:19:30,000 So for every vehicle we're monitoring, we monitor over twenty 351 00:19:30,000 --> 00:19:32,920 five million vehicles today, we've got a digital twin up 352 00:19:32,920 --> 00:19:35,319 exactly what it is, where it's going, what it's doing, 353 00:19:35,359 --> 00:19:40,200 how fast it's going. Everything from oil pressure to geolocation 354 00:19:40,519 --> 00:19:43,960 to you know what was the last remote command that 355 00:19:44,000 --> 00:19:48,799 came to it from from some API in the in 356 00:19:48,839 --> 00:19:52,839 the cloud. That gives us the ability to look for anomalies, 357 00:19:52,880 --> 00:19:56,680 look for patterns of bad behavior, to identify something like, hey, 358 00:19:56,720 --> 00:19:59,559 why did a remote start of that vehicle come from 359 00:20:00,039 --> 00:20:03,720 a country that the vehicle isn't in, or little things 360 00:20:03,759 --> 00:20:06,720 like that that are seem very simple on the surface 361 00:20:06,759 --> 00:20:09,880 but are very complex to see unless you have the 362 00:20:09,880 --> 00:20:12,519 breadth of data that we do. So that's one piece, 363 00:20:12,519 --> 00:20:16,160 that's the technology piece. You then need someone to actually 364 00:20:16,400 --> 00:20:19,039 to actually operate this thing, right, So a security operation 365 00:20:19,160 --> 00:20:21,720 center or we've coined the term the vehicle SoC or 366 00:20:21,759 --> 00:20:24,279 the VSC. You know, a lot of a lot of 367 00:20:24,519 --> 00:20:26,960 operator that don't really have this capability of the skill 368 00:20:26,960 --> 00:20:29,240 set themselves. So we offer that as a service on 369 00:20:29,279 --> 00:20:31,519 top of our platform if you want. Sometimes people would 370 00:20:31,519 --> 00:20:34,359 do it themselves. Sometimes people bring in an MSSP to 371 00:20:34,359 --> 00:20:37,079 do it. The last component of the solution, though, of course, 372 00:20:37,119 --> 00:20:39,920 is threat intelligence, and there's lots of vendors out there, 373 00:20:39,960 --> 00:20:42,960 lots of providers that will do that intelligence for classic 374 00:20:43,039 --> 00:20:45,680 enterprise things and some ot things, but what we do 375 00:20:45,759 --> 00:20:48,599 there is very very specific to the automotive industry. Of 376 00:20:49,119 --> 00:20:54,240 every engine control unit and software version and hardware version, 377 00:20:54,480 --> 00:20:58,240 and you know there are cars are aggregations of many 378 00:20:58,240 --> 00:21:01,119 many components. So we take that whole software building materials, 379 00:21:01,200 --> 00:21:04,000 hardware building materials, and we actually have a team that 380 00:21:04,079 --> 00:21:07,279 goes in does research and on the deep web, the 381 00:21:07,359 --> 00:21:09,799 dark web, interacts with the bad guys and figures out 382 00:21:09,799 --> 00:21:11,799 what they're up to you. And so when you put 383 00:21:11,799 --> 00:21:15,799 that all together, the XDR like monitoring the SoC service 384 00:21:15,839 --> 00:21:18,839 to actually operate the platform, and then the threat intelligence 385 00:21:18,839 --> 00:21:20,440 of what are the what are the bad guys really 386 00:21:20,480 --> 00:21:22,559 doing and what are they working on, you end up 387 00:21:22,559 --> 00:21:25,920 with this really complete end to end solution for being 388 00:21:25,920 --> 00:21:28,720 able to determine and monitor and make sure that vehicles 389 00:21:28,759 --> 00:21:30,839 and these devices are are actually secure. 390 00:21:32,079 --> 00:21:38,039 Speaker 3: So you just described a detective capability, you know, detection, 391 00:21:38,319 --> 00:21:41,519 threat intel, sort of deep knowledge of deep understanding of 392 00:21:41,559 --> 00:21:46,319 stuff when there's an incident. Do you also respond and 393 00:21:46,319 --> 00:21:49,480 recover and you know, to prevent incidents? Do you have 394 00:21:50,000 --> 00:21:53,319 anything that you embed in the vehicles or in the 395 00:21:53,440 --> 00:21:56,960 cloud of your protected customers? 396 00:21:57,680 --> 00:22:00,559 Speaker 1: Yeah, so you're right, our primary focus is on detection 397 00:22:00,920 --> 00:22:03,680 and but all those other sort of respond and recover 398 00:22:03,720 --> 00:22:06,160 and protection are are equally as important. So you're right, 399 00:22:06,200 --> 00:22:08,039 we aren't. We are not in line. We don't have 400 00:22:08,079 --> 00:22:11,079 a way of ourselves to natively block something that's happening, 401 00:22:11,440 --> 00:22:14,240 but we do that via integration and the partner ecosystem 402 00:22:14,279 --> 00:22:18,039 around us. So it may be that there if it 403 00:22:18,119 --> 00:22:20,240 is a sort of more modern vehicle, that is a 404 00:22:20,279 --> 00:22:23,440 software defined vehicle, then there's there are ways that we 405 00:22:23,519 --> 00:22:26,720 can send We can actually send commands or updates back 406 00:22:26,759 --> 00:22:29,319 to a vehicle to tell it to stop a behavior 407 00:22:29,480 --> 00:22:32,759 or to integrate with the network itself. So if a 408 00:22:32,799 --> 00:22:35,680 device is cellular connected, can we talk to the cellular 409 00:22:35,720 --> 00:22:38,039 provider to drop that connection to do that. So we 410 00:22:38,079 --> 00:22:40,240 can't do it directly, but we can integrate to do 411 00:22:40,279 --> 00:22:43,319 it from a from a protection like in the design 412 00:22:43,359 --> 00:22:46,960 time phase. We do work with the automotive manufacturers directly themselves, 413 00:22:47,359 --> 00:22:51,200 the chip makers, as well as the software providers and 414 00:22:51,240 --> 00:22:55,079 everybody from red Hat to Amazon and Google to Qualcom 415 00:22:55,119 --> 00:22:59,279 on others where we're involved and can be influential in 416 00:22:59,319 --> 00:23:02,880 the way that those systems are designed, using our threat intelligence, 417 00:23:02,920 --> 00:23:05,400 using our knowledge of what bad actors are doing to 418 00:23:05,480 --> 00:23:07,960 help make sure that there is a secure development process 419 00:23:08,000 --> 00:23:11,200 and that these devices have the right level on board 420 00:23:11,200 --> 00:23:12,039 protection in place. 421 00:23:13,359 --> 00:23:16,000 Speaker 3: And you folks have been doing this for a while. 422 00:23:16,519 --> 00:23:20,359 You have customers, you know, the big automobile makers all 423 00:23:20,359 --> 00:23:25,680 over the world. Can you talk about your customer's experience 424 00:23:25,920 --> 00:23:29,759 using this technology, you know what, what have you been finding, 425 00:23:29,759 --> 00:23:31,160 what's a value to them. 426 00:23:31,440 --> 00:23:33,920 Speaker 1: It's very interesting to see what people people can use 427 00:23:33,920 --> 00:23:37,240 the platform for. We do see a lot of cyber attacks, 428 00:23:37,279 --> 00:23:38,880 and we talked about the vin Spray and some of 429 00:23:38,920 --> 00:23:42,839 the API examples before, but the platform we have, the 430 00:23:43,440 --> 00:23:46,680 visibility and of ability that we provide definitely lends itself 431 00:23:46,680 --> 00:23:50,559 to a bunch of other things. We're seeing customers use 432 00:23:50,599 --> 00:23:55,160 the platform for identifying theft, stolen vehicles, and seeing vehicles 433 00:23:55,160 --> 00:23:58,480 being in places they shouldn't be. We're seeing fleet fleet 434 00:23:58,519 --> 00:24:01,519 operators use the data that we have to be able 435 00:24:01,559 --> 00:24:05,039 to monitor where fleets are, are the vehicles being used appropriately, 436 00:24:05,839 --> 00:24:09,039 you know, everything from you know, fast accelerations and breaking 437 00:24:09,079 --> 00:24:13,000 hard to other types of usage and mileage for fleet management. 438 00:24:13,480 --> 00:24:15,240 The other one that's emerging, the other use case that's 439 00:24:15,240 --> 00:24:18,799 emerging to be more common is related to electronic vehicles 440 00:24:19,119 --> 00:24:22,039 and the use of their batteries, and there's a lot 441 00:24:22,079 --> 00:24:25,799 of new behaviors people need to learn about properly managing 442 00:24:25,839 --> 00:24:28,039 a battery, how do you charge it, when do you 443 00:24:28,119 --> 00:24:29,839 charge it, things like that, and we can provide some 444 00:24:29,880 --> 00:24:32,920 really interesting insights to those kind of use cases, so 445 00:24:33,839 --> 00:24:35,599 customer satisfaction kind of things as well. 446 00:24:35,599 --> 00:24:35,799 Speaker 3: There. 447 00:24:35,839 --> 00:24:38,000 Speaker 1: So it is, it is one of the sort of 448 00:24:38,039 --> 00:24:40,480 fascinating and fun things about the company and the product 449 00:24:40,519 --> 00:24:44,359 and the technology is the uses of the technology beyond 450 00:24:44,640 --> 00:24:46,319 just traditional cybersecurity. 451 00:24:49,200 --> 00:24:51,160 Speaker 3: Nate, let me jump in here. You know, the reason 452 00:24:51,200 --> 00:24:55,440 I asked that question of Matt is that he's got 453 00:24:56,000 --> 00:25:01,160 basically a detective you know, intrusion detection attack del technology here. 454 00:25:01,599 --> 00:25:06,160 And what I've observed is that whenever almost you know, 455 00:25:06,200 --> 00:25:10,759 whenever we deploy a detective technology into an OT system, 456 00:25:12,000 --> 00:25:17,400 we get operational insights as well as security insights. So, 457 00:25:17,559 --> 00:25:19,680 you know, I remember twenty years ago when I was 458 00:25:19,680 --> 00:25:24,240 deploying intrusion detection systems, the first intrusion detection systems that 459 00:25:24,319 --> 00:25:29,279 went into industrial networks. You know, the engineers at the 460 00:25:29,279 --> 00:25:32,440 site would be looking over you know, our people's shoulders 461 00:25:32,480 --> 00:25:34,839 while we were tuning the system, you know, tuning out 462 00:25:34,880 --> 00:25:38,480 false alarms and you know, figuring out the right way 463 00:25:38,519 --> 00:25:41,799 to report on these systems, and they'd look over our 464 00:25:41,799 --> 00:25:45,519 shoulders and say, what's that. That's you know, a lot 465 00:25:45,559 --> 00:25:50,640 of traffic between you know, a a the engineering workstation 466 00:25:51,240 --> 00:25:54,640 and a particular PLC sucking up you know, eighty percent 467 00:25:54,680 --> 00:25:57,920 of the bandwidth of the network going to that you know, 468 00:25:58,000 --> 00:26:01,640 family of PLCs. What is that? And you know we 469 00:26:01,799 --> 00:26:04,480 dig into it and well, you know, a test had 470 00:26:04,519 --> 00:26:07,160 had been left running on the on the engineering workstation 471 00:26:07,440 --> 00:26:09,559 that should have been turned off. This is why the 472 00:26:09,559 --> 00:26:12,799 whole system was a little bit sluggish, not slow enough 473 00:26:12,799 --> 00:26:15,680 that anyone raised an alarm about it. But you know, 474 00:26:16,359 --> 00:26:19,359 once you lift the lid on these OT systems and 475 00:26:19,400 --> 00:26:22,759 you see what's inside, you know, often there's operational benefits. 476 00:26:22,799 --> 00:26:27,079 I mean, you know, Matt talked about electric vehicles. Batteries 477 00:26:27,240 --> 00:26:31,720 are a huge part of electric vehicles. And these batteries, 478 00:26:31,880 --> 00:26:36,359 you know, they're chemical systems. You know, if you deep 479 00:26:36,440 --> 00:26:41,000 discharge them or don't deep discharge them enough, or you know, 480 00:26:41,200 --> 00:26:47,920 charge them you know suboptimally, battery life is reduced the 481 00:26:48,240 --> 00:26:51,480 lifetime of the battery years of battery life, the you know, 482 00:26:51,519 --> 00:26:55,400 the range you get on the battery. And so you know, 483 00:26:56,039 --> 00:26:59,319 the sense I had is that that before you know, 484 00:26:59,400 --> 00:27:05,319 the upstream security technology went in fleet vehicle owners, and 485 00:27:05,400 --> 00:27:09,200 you know, electric vehicle vendors might not have had the data. 486 00:27:09,640 --> 00:27:12,640 They didn't have the instrumentation to figure out together all 487 00:27:12,640 --> 00:27:15,359 this data. Well, Upstream gathered all the data to figure 488 00:27:15,359 --> 00:27:18,079 out if there was an attacking progress, looked at the 489 00:27:18,160 --> 00:27:20,279 data and said nope, there's no attacking progress, and then 490 00:27:20,319 --> 00:27:22,000 go back to the vendors and say, by the way, 491 00:27:22,039 --> 00:27:24,240 we have all this data, would you like to use 492 00:27:24,279 --> 00:27:27,319 it to change the design or improve the design or 493 00:27:27,359 --> 00:27:30,359 optimize the design of your electric vehicles so your batteries 494 00:27:30,440 --> 00:27:35,079 last longer. Yes, please, so you know the you know, 495 00:27:35,400 --> 00:27:38,559 a lesson here is that there's there's often secondary benefits 496 00:27:38,599 --> 00:27:45,200 to deploying detective security measures. You get insights by looking 497 00:27:45,279 --> 00:27:50,079 at data that you just didn't have before. You know 498 00:27:50,160 --> 00:27:53,839 what I worry about, as you know, someone involved in 499 00:27:53,839 --> 00:27:58,079 industrial cybersecurity, heavy industry minds, you know, high speed passenger trains. 500 00:27:59,400 --> 00:28:03,079 I always worry about safety. We've talked about sort of 501 00:28:03,599 --> 00:28:07,680 credible threats to safety sort of as as future concerns. 502 00:28:09,640 --> 00:28:11,400 Can you talk about what's happening there? 503 00:28:11,440 --> 00:28:11,720 Speaker 2: How? 504 00:28:11,880 --> 00:28:14,759 Speaker 3: How worried should I be about the safety of my 505 00:28:15,039 --> 00:28:16,319 cloud connected vehicle. 506 00:28:16,880 --> 00:28:20,039 Speaker 1: It's a it's a really important topic. I think the 507 00:28:20,079 --> 00:28:23,480 good news is from your as an individual consumer. Should 508 00:28:23,519 --> 00:28:26,359 you be worried about your connected vehicle from a safety perspective, 509 00:28:26,799 --> 00:28:29,559 you know, probably not. I certainly don't worry about, you know, 510 00:28:29,680 --> 00:28:32,279 driving my car every day. But I think on a 511 00:28:32,279 --> 00:28:35,759 grander scale, safety really is important. Right. The fact that 512 00:28:35,799 --> 00:28:43,279 we're talking about these software you know, software software in vehicles, 513 00:28:43,920 --> 00:28:47,000 the connection between software and the physical world. You've got 514 00:28:47,359 --> 00:28:50,799 you know, vehicles, cars, trucks, tractors. These things are thousands 515 00:28:50,839 --> 00:28:54,200 of pounds, They move at very high speeds. The implication 516 00:28:54,480 --> 00:28:58,920 of a of a cyber incident to safety is pretty dramatic. Unfortunately, 517 00:28:58,920 --> 00:29:01,160 we're not seeing that a whole uh but it is 518 00:29:01,319 --> 00:29:05,400 possible and and and certainly could could could happen. And 519 00:29:05,440 --> 00:29:09,559 so the idea that someone might impact a bunch of 520 00:29:09,640 --> 00:29:14,559 vehicles to cause accidents, uh is is real that that 521 00:29:14,599 --> 00:29:19,279 absolutely could happen. We have seen not quite not quite safety, 522 00:29:19,319 --> 00:29:23,519 but we've seen attacks that were designed to cause congestion 523 00:29:23,920 --> 00:29:28,519 and gridlock by uh, you know, sort of car services 524 00:29:28,559 --> 00:29:31,359 all being called into one one location and causing gridlock. 525 00:29:31,400 --> 00:29:33,799 And that causes a lot of you know, people start 526 00:29:33,799 --> 00:29:37,200 to panic and when there's gridlock, and so there's variations 527 00:29:37,200 --> 00:29:39,359 on safety. But but the other related concept that I 528 00:29:39,359 --> 00:29:42,400 think is also really important is actually a sort of 529 00:29:42,400 --> 00:29:44,079 borrow it from the military world, and that is the 530 00:29:44,079 --> 00:29:47,519 concept of readiness, and it applies to almost any industry really, 531 00:29:47,559 --> 00:29:51,079 and that is your vehicle ready. And today today a 532 00:29:51,079 --> 00:29:53,640 lot of people think about vehicles and readiness. They think about, 533 00:29:53,759 --> 00:29:56,359 you know, is their gas in the in the tank? 534 00:29:56,480 --> 00:29:58,960 Is the did you change the oil? And is there 535 00:29:59,000 --> 00:30:01,440 you air and the tires. Well, well, now that these 536 00:30:01,480 --> 00:30:05,400 vehicles are also software defined or have software connectivity, readiness 537 00:30:05,400 --> 00:30:09,880 includes is it CyberSecure? Has someone impacted from a cybersecurity perspective? 538 00:30:09,920 --> 00:30:12,079 And so it's not a concept that I hear a 539 00:30:12,119 --> 00:30:13,680 lot of talk about today, but I do think it's 540 00:30:13,720 --> 00:30:15,599 something we're going to see more and more, especially in 541 00:30:16,000 --> 00:30:20,559 industries like then rely on on on vehicles for their 542 00:30:20,599 --> 00:30:23,039 business like delivery and trucking and things like that. 543 00:30:24,160 --> 00:30:29,599 Speaker 3: You know, you are deep into automotive cybersecurity. You know, 544 00:30:29,640 --> 00:30:32,880 we've we've covered in this podcast. You know a bit 545 00:30:32,920 --> 00:30:35,400 of what's happening in the vehicle, you know, with you folks, 546 00:30:35,440 --> 00:30:37,480 a bit of what's happening in the cloud. What's the 547 00:30:37,519 --> 00:30:40,839 future hold? What what is the future of of you know, 548 00:30:41,079 --> 00:30:43,680 automation in in vehicles large and small. 549 00:30:44,559 --> 00:30:47,599 Speaker 1: Yeah, what we're seeing for sure is what is known 550 00:30:47,640 --> 00:30:50,799 in the industry as the software defined vehicle, where really 551 00:30:50,880 --> 00:30:54,160 the cars and trucks and tractors and all these devices 552 00:30:54,599 --> 00:30:58,720 become you know, first computers first, in vehicle second almost 553 00:30:58,799 --> 00:31:02,799 and so that increases the attack surface. I mean, the 554 00:31:02,839 --> 00:31:04,839 power of these vehicles is pretty amazing and what they 555 00:31:04,880 --> 00:31:07,359 can do, and we've all been watching, you know, the 556 00:31:07,359 --> 00:31:10,160 future of autonomous driving, but that also applies to connecting 557 00:31:10,200 --> 00:31:13,920 agriculture and autonomous agriculture, robotics in all sorts of ways. Right, 558 00:31:14,000 --> 00:31:17,519 So we're seeing more and more of these vehicles or 559 00:31:17,960 --> 00:31:21,839 mobile devices become connected and become software defined, and that 560 00:31:22,359 --> 00:31:26,319 has amazing business benefits and productivity benefits that we're all 561 00:31:26,319 --> 00:31:28,400 going to see you all going to benefit from. But 562 00:31:28,519 --> 00:31:32,160 it does increase the attack surface and just make these 563 00:31:32,200 --> 00:31:35,920 things much much more complicated and much more harder insecure. 564 00:31:36,000 --> 00:31:39,200 So it is an area that is rapidly evolving. You know, 565 00:31:39,559 --> 00:31:42,160 we'd be remiss to talk about this without throwing in 566 00:31:42,200 --> 00:31:44,359 the implications of gen AI and how that's how then 567 00:31:44,359 --> 00:31:45,960 the data that these things are going to generate, and 568 00:31:45,960 --> 00:31:48,960 how that's going to both make the bad guys better 569 00:31:49,000 --> 00:31:52,319 and make the and make us better at protecting. But yeah, 570 00:31:52,359 --> 00:31:55,799 the software defined vehicle, the increase of increased volume of 571 00:31:55,880 --> 00:31:59,960 software in vehicles is really the future of the industry. 572 00:32:00,079 --> 00:32:02,519 But then, you know, the impacts of cybersecurity are. 573 00:32:02,400 --> 00:32:07,400 Speaker 3: Clear software defined vehicles. That's that's a scary thought for 574 00:32:07,480 --> 00:32:10,680 someone like me who's focused on you know, the worst 575 00:32:10,720 --> 00:32:13,119 that can possibly happen. But you know, if we have 576 00:32:13,720 --> 00:32:16,920 people working on the problem, I'm confident we can we 577 00:32:16,920 --> 00:32:18,920 can work something out. That's that's going to keep us 578 00:32:18,920 --> 00:32:23,599 all safe. Thank you for bringing these insights and you know, 579 00:32:23,640 --> 00:32:26,519 these worries to the podcast. Before I let you go, 580 00:32:26,680 --> 00:32:28,720 can I ask you, can you sum up for our listeners? 581 00:32:28,759 --> 00:32:30,359 What are what are the key takeaways here? 582 00:32:31,400 --> 00:32:34,519 Speaker 1: Yeah? Thanks Andrew, I actually come. I would start by 583 00:32:34,559 --> 00:32:36,920 reiterating just what you just said, which is, you know, 584 00:32:36,920 --> 00:32:39,440 the good news is for the average consumer, the average driver, 585 00:32:39,640 --> 00:32:41,359 it's just not something you have to spend that much 586 00:32:41,359 --> 00:32:45,880 time worried about. The manufacturers are taking it seriously. There's 587 00:32:46,119 --> 00:32:48,920 you know, you know, software vendors like Upstream that are 588 00:32:49,119 --> 00:32:52,200 taking it seriously. We're working on it. It does happen, 589 00:32:52,440 --> 00:32:55,839 but it's not something everybody needs to like don't self driving. 590 00:32:57,039 --> 00:32:59,319 The next thing though, is also be aware that this 591 00:32:59,359 --> 00:33:03,039 isn't just about cars right there are it's cars as trucks. 592 00:33:03,039 --> 00:33:06,799 I've alluded to agriculture and tractors. But this is continuing 593 00:33:06,839 --> 00:33:11,279 to get bigger and bigger. The notion of software defined 594 00:33:11,400 --> 00:33:15,359 anything and software defined vehicles of all varieties is growing, 595 00:33:15,480 --> 00:33:18,839 not slowing down. As we get into autonomous vehicles, that's 596 00:33:18,880 --> 00:33:20,720 going to make it even more and more complex. So 597 00:33:21,079 --> 00:33:22,720 don't worry about it too much, but it is. It 598 00:33:22,759 --> 00:33:24,920 is getting bigger at the same time. And the last 599 00:33:24,920 --> 00:33:26,480 thing is just you know, this is what we do 600 00:33:26,519 --> 00:33:29,240 it upstream. The company was formed for this, it's what 601 00:33:29,279 --> 00:33:31,759 we do. We take it seriously. We also care very 602 00:33:31,839 --> 00:33:33,839 much about sort of giving back and contributing, and that's 603 00:33:33,839 --> 00:33:36,240 why we do the annual report and the research that 604 00:33:36,279 --> 00:33:39,400 we do that we publish, host webinars, most of which 605 00:33:39,440 --> 00:33:42,960 is information, information sharing and thought leadership and not trying 606 00:33:42,960 --> 00:33:46,279 to not trying to sell stuff. So please please check 607 00:33:46,319 --> 00:33:48,240 us out and take a look at that report. It 608 00:33:48,319 --> 00:33:50,319 is free and anybody can anybody can take a look 609 00:33:50,359 --> 00:33:52,039 at it, and we'll have we're already starting to work 610 00:33:52,079 --> 00:33:53,039 on next year. Is now. 611 00:33:56,279 --> 00:34:02,000 Speaker 2: So and true cars are a microcosm or cybersecurity at large. 612 00:34:03,000 --> 00:34:07,039 Speaker 3: Indeed, and you know the cloud is coming. The cloud 613 00:34:07,200 --> 00:34:10,360 is coming, and you know it's coming to many industries. 614 00:34:11,199 --> 00:34:15,000 You know, in my experience, manufacturing, all kinds of manufacturing 615 00:34:15,079 --> 00:34:20,679 is using cloud systems quite intensively. You know, more sort 616 00:34:20,679 --> 00:34:25,440 of conventional critical infrastructure, water systems, power plants are using 617 00:34:25,519 --> 00:34:30,880 cloud systems somewhat and increasingly, you know, and it looks like, 618 00:34:31,239 --> 00:34:34,159 you know, the cloud has arrived for automobiles and other 619 00:34:34,239 --> 00:34:37,719 kinds of moving equipment and is being used fairly intensively, 620 00:34:37,760 --> 00:34:41,039 and all of those uses I think are going to increase. 621 00:34:41,119 --> 00:34:44,840 This is this is the future. And of course what 622 00:34:44,880 --> 00:34:47,559 we have then is you know, lots more software involved, 623 00:34:47,559 --> 00:34:52,079 lots of opportunity to attack that software. You know, attacks 624 00:34:52,119 --> 00:34:56,760 are targeting cloud systems and there you know, can be 625 00:34:56,880 --> 00:35:00,199 physical consequences. So this is you know, it's a I think 626 00:35:00,159 --> 00:35:02,559 it's a big new field. It's just going to become 627 00:35:02,599 --> 00:35:06,480 more important as the years go by. And is I 628 00:35:06,480 --> 00:35:09,840 guess something more, something new to worry about in the 629 00:35:09,840 --> 00:35:11,719 field of industrial cybersecurity. 630 00:35:13,119 --> 00:35:16,039 Speaker 2: Well, with that, thank you to Matt McKinnon for his 631 00:35:16,159 --> 00:35:18,400 interview with you and Andrew. As always, thank you for 632 00:35:18,480 --> 00:35:19,079 speaking with me. 633 00:35:19,519 --> 00:35:20,840 Speaker 3: It's always a pleasure tonight. Thank you. 634 00:35:21,440 --> 00:35:25,159 Speaker 2: This has been the Industrial Security Podcast from Waterfall. Thanks 635 00:35:25,159 --> 00:35:26,920 to everyone out there listening