computer and network security today?
Stefan Savage: I think the answer here is relative to who you are, what the real threat is and what resources of value you need to protect. For most small-to-medium businesses, I suspect that the problem with the biggest potential for direct losses is still going to be ACH fraud. [The Automated Clearing House (ACH) network used by financial institutions to handle electronic deposits, checks, bill payments, and cash transfers between businesses and individuals.]
There is a vibrant ecosystem of attackers going after such accounts, and in many cases the small and medium businesses carry full liability for such losses—unlike consumer credit card losses. Still, businesses with valuable IP portfolios may face greater dangers from targeted data exfiltration.
Thankfully, attacks on cyber-physical systems (i.e., computer systems that control “real world” components: electricity, transportation, etc) are still more in the latent risk phase of evolution rather than a true “danger” today. While it’s fairly clear that these systems are vulnerable to attack, it’s not yet clear if there is a capable constituency whose immediate goals would be served by actually mounting such attacks.
X: Who came up with the idea for creating a Center for Automotive Embedded Systems Security?
SS: The genesis of this effort goes back about five years. Yoshi Kohno and I had been observing how automotive systems were both increasingly? computerized and then networked to the outside world. Our experience has been that this evolution inevitably leads to security issues and we figured that it was an ideal time to explore the
