#Tech16: Not All Hackers Are Bad Guys
ASAE’s Technology Conference & Expo closed on Wednesday with keynoters Charlie Miller and Chris Valasek, two well-known hackers who are exposing technology flaws to protect the public.
If you’ve ever seen an episode of CSI or NCIS, you can pretty much picture what hacking looks like. In the Hollywood version, you can see data files vanishing before your eyes, alarm bells ringing, and of course, a computer nerd typing furiously to defend against the attack.
The Hollywood version is a lot more interesting than the real-life version. It took Charlie Miller and Chris Valasek, two security engineers at Uber, years of research to find a way to hack inside the Jeep Cherokee, taking control of the vehicle’s steering and brake systems.
These self-described “good guy” hackers delivered the closing keynote Wednesday at ASAE’s 2016 Technology Conference & Expo at National Harbor, Maryland. Their key message to associations and businesses alike: Focus in on your software and technology vulnerabilities if you want to protect against cybersecurity threats.
Good Guys vs. Bad Guys
Miller and Valasek didn’t try to hack into a Jeep Cherokee for dubious reasons. In fact, they worked with Chrysler Fiat Automobiles months in advance before going public with their hack. It’s important to note that there are good actors and bad actors in the hacking world.
“We are the good guys,” Miller said. “We try to make technology better by breaking things apart. It’s the idea that once something is broken, you can begin to understand it and fix it.”
With their Jeep hack, Miller and Valasek broke into software found on the dashboard’s entertainment system, and they used it to control other features including the vehicle’s steering, brakes, transmission, and heating and cooling systems. The hack resulted in the recall of 1.4 million vehicles, estimated to cost billions.
While that sounds bad, the bad guys can do worse. They hack with the intent to harm, whether that’s for personal, financial, or national security reasons. These actors can get to you in a number of ways, including ransomware, data breaches, and denial of service attacks.
The good guys, often known as “white hat” hackers, are different. “This is a way to have an impact and help people,” Valasek said. “We’re the frontline making sure that technology and connected devices, things like automobiles, actually are secure.”
Defending Against an Attack
Cybersecurity is an expensive and resource-intensive issue, something that associations may overlook. But there are simple steps that organizations can take, Miller said.
The first is two-factor authentication. Adding an extra layer of security to the entry point makes it much harder for bad actors to get in and for a data breach to occur.
“The more you can do to protect your data, the better,” Miller said. “Also, organizations should put some thought toward their data archive process and how much they want to retain and keep.”
Another important lesson for associations is that technology and software are everywhere. It’s not just your computer or phone that poses a security risk, but maybe the building’s HVAC system.
“We’re putting software on all kinds of things quickly,” Valasek said. “Essentially, what this means is that computers are controlling a lot more. Hackers like to think about what could be and what businesses don’t expect to result in something catastrophic.”
And with the onslaught of smart devices quickly flooding the market, security risks continue to pile up for associations.
“We’re moving toward a more smart and connected society,” Miller said. “Now we’re connecting things that interact with our everyday life from a software standpoint, but also from a physical standpoint. And that’s a big risk.”
Chris Valasek, left, and Charlie Miller. (Sabrina A. Kidwai, APR, CAE)