Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road

Eric Fleming Photography/Shutterstock.com

How you view the world impacts your decision-making.

The #CyberAvengers are a group of salty and experienced professionals who have decided to work together to help keep this nation and its data safe and secure. They are Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma and Christophe Veltsos.

We are pointing out the obvious, but the obvious needs to be pointed out these days: How you view the world impacts your decision-making. And equally as important is how you view yourself. Therefore, if you see the world as a relatively benign place and feel for the most part you are well prepared for whatever challenge you will face, it is quite likely you will do little to change your behavior.  

But if you view the world as a more hostile place and think of yourself and us as unprepared, chances are you will either wither away into a corner, frightening yourself into hysterical paranoia, or you will do something rational to prepare yourself for whatever challenge comes your way.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Let us start with this basic premise: The internet is inherently vulnerable. It was designed that way because the debate—about 40 plus years ago—focused on open access and free flow of information versus security. The former won, but we are paying the price today. So, if the information highway (the internet) is all banged up and falling apart, it does not matter how safe your car is because the road is still a mess.

Taking the Car for a Spin

Let’s go for a ride and see what is waiting out there for you. First question: Is everybody driving a 2017 model with no mileage? Nope. That means your car (network and information system) has some wear on it, as do other cars on the road.  

But even if you are one of the lucky ones driving a 2017 with no mileage, are you fully read up on how to use all the fancy features of your new car? Probably not. You may find some cool new safety features on this new car, like lane departure warnings (anti-virus), but the warnings do little good if you do not check your blind spot while changing lanes or if you find them to be a nuisance and shut them off (misconfigured firewalls).  

New conveniences, like automatic parallel parking (free Wi-Fi) and automatic breaking (artificial intelligence) are neat and helpful. The #CyberAvengers are even ardent supporters of some, but we do not suggest forgetting the basics of driving or driving into a wall to see how well these technologies work!

OK, we see some of you out there with your head down saying, but I don’t have a 2017 with no mileage…I have a 15-year-old with 200,000 miles on it and that’s all I can afford right now.” Don’t worry, that is nothing to be ashamed of, we get it (after all, the average age of a car on the road these days are almost 12 years old). We understand you have limited resources and you do the best you can. But even with limited resources, you cannot sacrifice necessary maintenance without letting your car turn into a death trap.  

So, if you are not regularly changing your oil (patching your system on a timely basis) or tires (creating segmented backups) you are knowingly allowing yourself to be more unsafe on roads already deemed unsafe. And please do not forget the tune ups (replacing legacy software and hardware) because a misfiring piston (using WEP instead of WPA2 encryption) can make your car leave you at the side of the road without warning. Just like in football, we cannot express how important the “basic blocking and tackling” associated with regular maintenance is for your car (and your network).

Basically, what we are trying to say is if you do not take care of your car, you are increasing your vulnerabilities in a time where threats are also increasing and consequences are much more costly (Risk = Threat * Vulnerability * Consequence). Worn brake pads (poor bandwidth) are bad enough. Worn brake pads with uninspected brake lines (unencrypted communications) could result in your death (massive data breach) and that of your passengers (your company).

Here is another issue you must deal with. Cars have become more complex. There was a time where if you owned a car, there was also a good chance you could do a lot of maintenance yourself (we call those days the Age of MS-DOS and XTree). Today, it’s not so easy. Why? Because today, you get an idiot light (error message) flash on your dash and you do not know if you need to restart your car (reboot) or you have an imminent overheat that will crack the engine block (your device is bricked). Ultimately you are going to have to take your car to somebody, like a dealership (vendor) or mechanic (IT professional), to get checked out (vulnerability assessment).  

Alright, here is where it gets tricky and it is hard to get past stereotypes when discussing this issue: Do you trust your dealership and mechanic? If you don’t, you are going to be worried about unnecessary repairs (capital expenditures) and high labor costs (consulting) that may not necessarily make your car run any better or safer.  

And if you have a dealership or mechanic a bit on the shady side, do you think they are going to tell you to fix that small problem right away or wait until it is a really big one? They may say, “Don’t woooorry! All you need to do is check your car once a year, you’ll be fine!” when in actuality you should be checking your tire pressure and oil levels every few weeks, especially if you are driving an older car.

And here is something not to forget: Even after all of your fixes, none of them will make you a better driver (education). They only reduce certain vulnerabilities (more on that in a moment). You still have to know how to avoid pesky daily hazards like aggressive drivers trying to crowd you out of your lane (DDoS attacks) and muddy fields in the dark that make your car stick (ransomware).

So now imagine you are driving an unsafe car, not serviced for a while, on dangerous roads, and let’s be honest, you are not exactly the best driver because you have bad habits (you like to click on links you shouldn’t). What exactly do you think is going to happen eventually?

BOOM!

Did you consider this scenario? If you did not, you have some work to do, and if we may: Welcome to cyberspace. This is how things go today. One moment everything is hunky dory and the next, you have an out of control train on fire, controlled by a hysterical and psychopathic conductor who is ready to take the train down the unfinished track that leads right off 500-foot cliff into a pit of bricked devices.  

A little car maintenance goes a long way. Kind of like patching would have saved a lot of grief for hospitals and emergency rooms last month. Remember, even a 2017 model car can only go so long before the oil needs to be changed.

Car Basics 101 Go a Long Way

This article is a necessary foundational piece for our next piece, where we focus on the value of timely and regular vulnerability assessments and why a systems-based (versus goals-based) approach to cybersecurity is a great idea. More importantly, this article is to show many of the basics are not being adhered to. But that is hard to see when you are not immersed in IT, which is why we illustrated the issue using cars, something most people understand.  

The #CyberAvengers want to make cybersecurity unintimidating. Isn’t it a liberating feeling to know when your mechanic is running a fast one on you? It is. And you do that because you build up your knowledge and are unafraid to say, why are you trying to get me replace my entire axle when all I need is a control arm?”  

As we promised you in "Take Back Control of Your Cybersecurity Now," the #CyberAvengers are here to help and one thing we certainly do not want is for you to be in an unsafe car. Ask us if you feel you may be in one.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.