FASTR℠ in May announced the appointment of Uber’s Hudson Thrift as chair of the consortium’s Technical Steering Committee. He leads the infrastructure security team for Uber’s Advanced Technologies Group, and, in his role with FASTR, Hudson guides the consortium’s dedicated initiative to deliver the actionable research that the automotive ecosystem needs to inform their future design decisions with security in mind.
In the press release announcing Hudson’s appointment with FASTR, he talked about how automotive security tends to follow “behind technical trends and innovations in the broader security space” and FASTR’s promise “to turn that relationship on its head.” Let’s learn more about Hudson’s views on FASTR’s opportunities to help drive automotive security and move cybersecurity to the foundation of tomorrow’s connected and autonomous vehicles.
Why did you decide to engage with FASTR?
One of the biggest and most interesting things for me about the connected-and-autonomous-vehicles space is that it is so complex and so multi-faceted that very, very few people have the visibility to understand how things are and will be coming together. It’s an amazing set of technologies. And we have governments under growing pressure to step up and create regulations for the space. The burden is on organizations like FASTR to help educate and provide actionable research around automotive security FASTR’s platform provides the opportunity to help ensure that regulators are well informed from all sides of the automotive ecosystem, which aids in their ability to set regulations appropriately and by priority.
Part of the challenge here is that thinking is mostly rooted in what we’ve known and how things have been done in the past in our industry. FASTR is different—FASTR is about the future, not just about what we’re seeing right now. The mindset is not, here’s an attack; let’s fix that, and everything’s better. FASTR is having meaningful conversations about the whole space—about what’s happening now and what’s coming and about the actual risks and rewards that are in play. Where are the real risks likely to arise that we must address? FASTR is an awesome vehicle by which we can have these conversations and share some best practices. The whole industry is going to be better because of this.
What can FASTR do to actually make good on that vision?
In what ways do the conversations convert into deliverables and how does the impact scale to be beneficial to the entire industry?
This strikes to the heart of how the FASTR working groups have been formed and started progressing. I think there are three key places where the organization should focus.
The first is exploration. There are obviously areas of the automotive-security space that aren’t being explored; there are areas where no one has gone and turned over the rocks on. For example, everyone in the industry is super focused on embedded security, and we tend to overlook that we have this whole set of services reaching back into the cloud. Shining a light on these areas is one very important way FASTR can make an impact.
Second, FASTR can bring value by identifying where there are well-known or reasonably established best practices and, for some reason, we as an industry can’t seem to agree. Secure communications channels are a perfect example. We understand the concept of relatively private networks—VPNs (virtual private networks) and whatnot–that are accessible to only some. Even before doing complicated things like adding encryption, we know how to make communications channels relatively inaccessible. FASTR can help advance innovation, for example, by explaining best practices to talk to an IoT (Internet of Things) device on a car. We’re not saying it’s perfect security, but it’s better than what you’ve got now.
The third category where FASTR can focus are those places where there are not existing best practices or at least well-understood best practices. In these areas, we’re inviting awesome member companies and individuals to join FASTR who have creative ideas on how to solve problems. FASTR brings awareness about how to solve pieces of the puzzle—for example, this isn’t your silver bullet, but it does do X really well. In addition, FASTR member companies can collaborate to publish the research that says, Here’s what could happen, here’s how it could happen, and here’s how concerned you should be.
Until FASTR, we really haven’t had a way to talk about the whole, evolving automotive-security space in these ways. With a better understanding of how this all maps together, then we can deliver the credible, useful information to the industry that’s needed to accelerate innovation.