Beloved founder and president of London Center for Policy Research, Herbert London passed away on November 10th.
Please click here for details.

Convertibles and cyber war

By Peter O’Brien

Senior Fellow, London Center for Policy Research

Published October 29, 2018 in The Washington Times

ANALYSIS/OPINION:

Years ago, I bought a two-seat convertible — it was a great car, and a ton of fun to drive. But after I’d had it about a year it started turning off — just out of the blue. After making certain it was mechanically as close to perfect as it could be, I focused on the electronics and managed to identify a faulty fuel-pump relay, a small electronic circuit. I replaced it and the car ran beautifully.

That was my first practical introduction to electronic circuitry — not the actual mechanism — as the culprit.

The idea that mechanical action — turn the wheel, step on the gas, pull on the stick, adjust the throttle — doesn’t actually do anything physical but instead constitutes an input to an electronic system which then interprets that input and in turn initiates mechanical action, is known as “fly-by-wire,” as it was first introduced in aircraft.

I once worked with a retired submariner who had gone back to school and picked up a PhD in electrical engineering — and then started a firm that wrote software for the U.S. Navy. He provided a tutorial on what the digital revolution meant, the benefits of “fly-by-wire” across society; there are many, and the risks, there are fewer — but they’re scary.

In 2015 two men demonstrated the ability to take over a vehicle remotely — that is, while they were miles away they turned on and off wipers, disconnected the transmission, actuated the breaks. Because of that demonstration cars probably have become more cyber-secure, but the rest of our society is becoming ever more digital, and the rest of society hasn’t followed the automaker’s cyber security efforts.

The digital revolution has a host of improvements: Everything is more reliable, easier to maintain. And there’s the Internet — you can order anything on line, pay for it, do all your banking — you barely need to leave home.

But that means that virtually all the information that powers the world is on line: Health records, bank records, school records, etc. And probably exploited. Recent reporting suggests it has been.

There has obviously been concern that several countries were trying to influence U.S. elections. But influencing is one thing, changing them is another. The issue at hand now is whether it’s possible to actually manipulate vote counts through cyber intrusion.

It turns out there are known vulnerabilities in the software used to tabulate votes in more than 20 states, a vulnerability first identified more than a decade ago.

Should the federal government have done something about it? Sure. Though it’s important to remember the U.S. Constitution and the law put the responsibility on the state governments. But the Federal Election Commission and Congress could certainly provide support to make voting more secure. The previous administration had intelligence reports that there might be active meddling prior to the 2016 election and chose to do nothing; the current administration appears to be working with the states to tighten-up the process. Is it enough? If in doubt, perhaps the states should take a look at a rapid fix: Use paper ballots and hand count the vote — slow, but we know how to do that.

But there is more to the cyber risk than this.

A recent story in Bloomberg revealed that some of the scarier possibilities have already come to pass: China surreptitiously installed microchips into a host of systems across the U.S. allowing them to extract data from these systems. Apparently, it’s been going on for years. Further, there are Chinese-made parts in a number of U.S. weapon systems. President Trump has rightly called for these parts to be replaced by U.S.-manufactured parts, but that is going to be a lengthy process.

At a minimum, an ocean of data has been taken from U.S. systems — across the board. It’s reasonable to assume that virtually any information on line — private or public — has been compromised. Some may not, but proving it will be difficult.

Of greater concern is what else may have happened. Have these systems also been manipulated? Might Beijing be able to turn off the lights across the country? Shut off the water or sewage in a major city? Manipulate health records selectively or en masse?

What is clear is that Beijing is already engaged in a cyber war with the United States. In practical terms, the United States hasn’t even stepped into the ring yet.

Original Post