Smart Industry 1/2016
Smart Industry 1/2016 - The IoT Business Magazine - powered by Avnet Silica
Smart Industry 1/2016 - The IoT Business Magazine - powered by Avnet Silica
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
COLUMN BERND SCHÖNE<br />
GERMAN ANGST<br />
The German computer security authority BSI recently<br />
released a 592-page report on the proceedings<br />
of its latest biannual Cybersecurity Congress<br />
in Bad Godesberg, and it makes fascinating reading.<br />
This time IoT was the hot topic. In fact most of the experts<br />
talked about nothing else. And what they had to say<br />
sounded very, very German, especially to people<br />
of the Anglo-Saxon persuasion. They were very,<br />
very worried. In fact they scared stiff.<br />
Of course, Germans always have a tendency<br />
to view the future with a mixture of skepticism<br />
and good old German Angst – a<br />
vague sense of impending doom. Where<br />
others see opportunities, they tend to see<br />
risks, which often makes it difficult to communicate<br />
across cultural borders. Brits and<br />
Americans seem to be talking about a completely<br />
different subject than their German<br />
counterparts.<br />
In this case, the big issue was the worry that, in terms<br />
of automation and smart factory applications, the world<br />
is about where office IT was back in the 90ies, or so the<br />
German participants tended to believe, many of them hailing<br />
from very prestigious institutions and official agencies.<br />
The consensus was sort of like this: stop everything! First,<br />
we need to devote lots of serious research to solving the<br />
problems before we can take a cautious step forward.<br />
As if to confirm their greatest fears, news circulated around<br />
the conference rooms that two American hackers, Charlie<br />
Miller and Chris Valasek, had just demonstrated on public<br />
television how they were able to take control of a passing<br />
automobile from a distance of more than half a mile, switching<br />
the lights on and off and applying the brakes while<br />
the drivers were reduced to helpless passengers, paralyzed<br />
with fright. They then proceeded to take over the wheel<br />
and drive the car into a ditch. Okay, all this was done under<br />
controlled circumstances on a test circuit, and nobody got<br />
hurt. But everybody could readily imagine what it would<br />
be like if you were careening down a German autobahn at<br />
130 miles an hour. Germans love their cars, and they trust<br />
in German automotive engineering. For them, it was as if<br />
the world had just started rotating in the wrong direction.<br />
As a result of the televised live hack, Fiat, an Italo-American<br />
manufacturer, was forced to recall 1.4 million vehicles<br />
which had been proven vulnerable, including Dodge, Ram<br />
and Jeep models. All were found to need an immediate<br />
software update in order to close the hole through which<br />
Miller and Valasek had been able to gain access.<br />
At the conference, the German IT expert Stephan Gerhager<br />
publically asked if the same thing could happen to German<br />
76<br />
Germans<br />
always have<br />
a tendency to<br />
view the future<br />
with a mixture<br />
of skepticism<br />
and good<br />
old German<br />
Angst.<br />
Bernd Schöne<br />
is a veteran<br />
German Internet journalist<br />
and an expert on<br />
cybersecurity.<br />
automobiles. When he got home he hired an automotive<br />
engineer and a graduate student who were given two<br />
months to attempt to similarly penetrate the biggest and<br />
most expensive German cars. It turned out it was a cinch:<br />
using off-the-shelf computer systems available in any<br />
backstreet garage they were able to listen in on<br />
the in-car data communications and insert malware<br />
that was able to take complete control<br />
through the so-called CAN Bus, a communications<br />
interface that is standard in most<br />
German cars of more recent vintage.<br />
The good news was that they had to be<br />
sitting in the car to do it. Any attempt to<br />
duplicate the stunt by the American hackers<br />
and steer the car remotely via wireless<br />
control failed dismally.<br />
It turned out that the German engineers<br />
had done their homework. The vital systems<br />
over which entertainment and engine communications<br />
flow were hermetically sealed off from<br />
the outside and from each other, like the systems of<br />
compartments that can keep a ship from sinking if it suddenly<br />
develops a leak, thus making them impossible to<br />
tamper with, at least remotely.<br />
It appears that German Angst actually paid off in this<br />
case: the car makers had been worried about the kind of<br />
stunt Miller and Valasek had pulled, even though there<br />
had been no proof up to that point that the deed could<br />
actually be done.<br />
As it turns out, virtually every German car manufacturer<br />
has gone an extra step by now and added encryption and<br />
strong authentication to their vehicle systems. The CAN<br />
Bus is now virtually impregnable.<br />
Stephan Gerhager conducted his research independantly,<br />
but he received funded from Allianz, the largest German<br />
car insurance company. But Alliance also insures large<br />
factories, and it seems that many industrial robots also<br />
use CAN Bus technology. They, too, are potentially subject<br />
to outside attack by remote control systems used by hackers<br />
to bring production to stop or, more worryingly, to<br />
cause the factory to produce faulty products, a fact that<br />
would probably only turn up after they have already been<br />
delivered to customers.<br />
Conceivably, this realization will cause even non-German<br />
engineers and managers to wake up to the fact that they<br />
need to do something, and do it fast! Working on the principle<br />
that worrying too much about security is bad for business,<br />
and that if something is broke we can fix it later, may<br />
be typically American. But sometimes a dose of German<br />
Angst can be quite helpful.