Recent Posts

Blogroll

Blog powered by TypePad

« Federated Guanxi | Main | Trying out Twitter »

Driving Safely on Snow

Probably the biggest problem in information security is that the people who work in information security are over focused on threats that they can do little about. So much money and resources are wasted by chasing a threat's tailights (usually aided and abetted by a vendor whose product supposedly helps you catch said taillights), a major portion of this energy and resources are better channeled into building more secure system in the first place - finding and fixing vulnerabilities. Rather than building systems that break when you look at them funny and then complaining about threats, build better stuff in the first place.


Because they have a first class threat model, the automakers have figured this out for decades, outside of Microsoft we have not seen any large scale market forces in information security that has improved security in systems, but we sure have in cars.

VOLVO’S new XC60 sport-utility vehicle comes, as you might expect of the safety-conscious Swedish carmaker, with a number of features designed to look after its occupants in the event of a collision. It has airbags, rollover and side-impact protection and so forth. But it is also fitted with mechanisms to help avoid a crash in the first place, including an automated braking system. As more cars acquire features that can assist a driver in a dangerous situation, or even take control, the rules of the road may need rethinking.


The Volvo system, called City Safety, operates at up to 30kph (19mph). This speed range was chosen because it is when most collisions take place, especially rear-end shunts in slow-moving traffic. City Safety uses a laser sensor fitted behind the windscreen to scan the road ahead, calculating relative speeds and distances. It applies the brakes if a collision cannot be avoided. (The system switches off at very low speeds, so that drivers can park close to other vehicles.)

A number of carmakers already have or are introducing automated-braking systems. Germany’s Daimler uses a radar-based one in some of its Mercedes-Benz vehicles. Called Distronic, it also operates at high speed and adjusts both braking and acceleration to maintain a constant distance from other cars. If a collision seems likely a warning is given. When the driver puts his foot on the brake pedal the system automatically applies the optimum pressure required to avoid hitting the car in front. If the driver fails to respond, the brakes come on automatically.

There are a number of great concepts in here for infosec to learn from. Managing risks begins and ends with protecting assets, i.e. passengers. Sure threats are important, but they are not the main focus. You can easily imagine if infosec people were in charge of designing safer cars they would say things like "its snowing in Minnesota!" "people drive too fast in NYC!", instead of focusing on building better brakes, air bags, and safety systems, infosec gets wound around the threat axel far too often.

Eventually these safety systems will make their way from expensive cars to most models, just as anti-lock brakes have. This will make cars much more “aware” of their surroundings. Even smarter stuff is coming. Jan Ivarsson, head of safety at Volvo, believes it should be possible to build a car in which people will not be killed or injured. The company is experimenting with devices that would automatically steer away from an oncoming vehicle. Such a car would also spot a pedestrian stepping into the road and brake.


Walking the unbelievably large vendor floor at RSA this year I experienced fear and loathing at the lame solutions being offered. The excuse used to be that no one spent money on infosec, well the infosec budgets have been growing for years now, but you know what the problem is? Its being invested in the wrong places, instead of protecting assets, the vendors throw out some vague threat model show how their half baked product supposedly deals with it and then people actually buy this stuff. Amazing. 

Whats exciting to me, is stuff that comprised less than 1% of the floor, actual security innovation like SAML, Cardspace, and static analysis. If we are ever going to get to something closer to safer cars these are tools that are going to get us there, not obsessing about threats of snow in Minneapolis.

December 17, 2008 in Security |

Comments

Hi Gunnar,

This approach makes sense because it's an engineering problem. You can't deter or jail snow or bad weather.

As far as other drivers do, the police *do* stop people who are speeding, driving drunk, etc., at least some of the time.

Posted by: Richard Bejtlich | December 18, 2008 at 06:45 AM

Hi Richard

Good examples. Security has an operational component for sure, but the industry is already pretty skewed in this direction. We also need security focus at design time not just run time.

Posted by: Gunnar Peterson | December 18, 2008 at 07:05 AM

Very good analogy. Reading it I couldn't help but think of a 2005 paper by Brian Snow, and wonder if that had a role in your choice of titles. http://www.acsa-admin.org/2005/papers/Snow.pdf See section 3 of Brian's paper where he equates today's security software industry with the auto industry in 1930; "provides performance but offers little safety.

Posted by: Frank | December 18, 2008 at 11:47 AM

Frank - This is an important paper. I blogged about it here

http://1raindrop.typepad.com/1_raindrop/2005/12/the_road_to_ass.html

http://1raindrop.typepad.com/1_raindrop/2005/12/assurance_techn.html

...and yes I thought about the same thing with Snow in the title

Posted by: Gunnar Peterson | December 18, 2008 at 04:59 PM

Gunnar is dead-on in this post! I am convinced that focusing on finding and fixing vulnerabilities DURING INITIAL DESIGN would solve the vast majority of current problems.

It is the path we followed in the government when building classified gear in the 70's and 80's; IT WORKED.

Posted by: Brian Snow | December 18, 2008 at 08:31 PM

I am reminded of something written by Guy Kawasaki about the "art of innovation". He said that while the mainstream struggled to gain 10-15% improvements on the first curve, someone would jump to the next curve and get 10-15 TIMES the improvement. As memory recalls, I think he used the example of going from dot matrix printers to laser.

To me, software assurance and finding better ways to patch are inching along the curve. If a method could be found to prevent software bugs from being enacted on, that would be a jump to the second curve.

Posted by: Rob Lewis | December 24, 2008 at 01:02 PM

Good article with which I agree. But we have to bear in mind some of the complexities of infosec vs automobiles.

Generally, automobiles are used and operate for all intents and purposes as they are designed. Therefore it is a lot easier to predict user behaviour and build in appropriate security.

Infosec Systems are designed with one thing in mind, but generally are hijacked for multiple diverse and wide ranging activities further on, e.g. marketing want a cut of your statistics, the government wants a list of people to compare against terrorist lists etc and on top of that malicious users virtually rip apart systems and use them in ways the designers and developers just didn't think was possible.

The second aspect is psychology. Road users are well aware of the dangers and buy into security a lot more. Most sensible parents would ensure their child is strapped in securely in a child seat, yet don't take similar precautions whilst using pc's or generally dealing with sensitive information.

Sorry for the long rant....

Posted by: Cynic | January 06, 2009 at 12:19 PM

The comments to this entry are closed.