Cybersecurity

Your refrigerator is safe from cyberattack ... for now

cars

As more and more cars become network-connected, they will also become vulnerable to hackers who could take enough control to do everything but steer. (Stock image)

Think about this next time you're commuting to work or putting those left-overs away in the refrigerator: In the very near future, Internet-connected vehicles and kitchen appliances could become targets for malicious cyber-terrorists.

The Center for Automotive Embedded Systems Security (CAESS) has already shown it's possible for a remote user to take near-complete control of a vehicle through vulnerabilities in its telemetric systems, via a device connected to its onboard diagnostic systems, or even through malware embedded in MP3s.

It's scary stuff, according to Randy Garrett, a program manager for the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), and more evidence that cyber-security challenges in the future will dwarf those of the past.

"Up until five to 10 years ago, there was no danger of someone remotely taking over your car – now somebody can take it over" and do everything but steer it, said Garrett, speaking at the Federal Cloud Computing Summit in Washington, D.C., on May 30. In separate CAESS studies, remote attackers proved they could gain access to a vehicle's integral systems, including its brakes.

The danger doesn't end in the driveway. Microwave ovens, dishwashers and other kitchen appliances are increasingly connected to the Internet. A hacker could feasibly remotely adjust a microwave's heat settings, Garrett said, though he is unsure what these new threats – some clearly greater than others – will mean going forward.

He referenced the growing importance of the "Internet of Things," a concept coined in the late 1990s that describes a world in which physical objects have virtual identities and the ability to rapidly capture and disseminate data without human interaction.

The heart of the Internet of Things is exponentially increased data production by machines, sensors, computer systems and people. DARPA, for example, studies data from sensors on aircraft. In the near future, Garrett said, that data will be meshed together with other datasets – perhaps social media or geospatial data – to produce high-value insights. It is already clear that such data sets would have significant importance in national security.

The tradeoff to these increased capabilities, though, is a new set of dangers – many of which have not yet been conceptualized, at least not publicly.

"There are many things we can do with this increased data," Garrett said. "From DARPA's standpoint, there are dangers we never had before. It makes you wonder what kind of world we'll have."

About the Author

Frank Konkel is a former staff writer for FCW.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Wed, Jun 5, 2013

Can someone explain to me the value of having my appliances connected to the internet?

Wed, Jun 5, 2013 John Schrader DC Metro Area

The potential for harm in the "internet of things" is real. However, it is a choice. Unlike the rules and laws of physics which govern air, land, sea and space, the cyber arena is defined by rules we CHOOSE to implement. So we are hung by our own petard if we complain that the gains from interconnecting things is balanced by the vulnerability we introduce to our systems. There are real and tangible effects that can be perpertrated through cyber means far beyond the investment needed to make them. So what are we choosing to connect and why? The headlong rush to connect everything seems devoid of the questioning and deliberateness of the most important work...WHY.

Wed, Jun 5, 2013 EricE

I look forward to explaining to my family how to set up a second, secure network for all their appliances :p Or Symantec Antivirus for Kitchens. Lovely.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above