You do at George Mason University . Prof. Wijesekera i do research mostly related to cybersecurity and its consequences on the Transportation Systems. I have a large group of students who work on radio communications. Some on uavs, meaning unmanned areas. Torything that is related industrial automation. What is that word you are using . Wakers . Yes, like inera buses and trains and so on. Any classes as well . Prof. Wijesekera yes, i usually teach cybersecurity classes. This fall, i am going to teach a class on automatic wakers. Good selectiony facultyate students and that lift us update by day. We are encouraged to do whatever out and look at the new areas that are emerging and participate to the best extent we can. Peter you also have worked at the National Institute of standards and technology. What is that, and what are you doing . The nationalera institute of standards and fornology has a division cybersecurity. As a visiting researcher, and most of my work there has been forensics. I have worked with a couple of researchers there. From theve Students University that sometimes participate in that research. It has been going on for a long time. I really enjoy working with the government. Prof. Wijesekera peter professor wijesekera, we invited you here because you are a presenter at black hat this year. First of all, what is black hat . Prof. Wijesekera that is essentially people who work on creation side. They are not really hackers, but they are people who like to expose certain vulnerabilities that exist in different systems and tried to bring into Society People who should know about that, and make them aware so that the vulnerabilities should , and people who find the loopholes encourage people to look at similar loopholes in , and for thems manufacturers to close the vulnerabilities. Peter it is held in las vegas, and thousands attend, dont they . Prof. Wijesekera thats correct. Peter when you go into black hat, because of the expertise of some of the people there, do you leave your cell phone in your hotel room . Prof. Wijesekera i have heard that before, but i dont think thats true anymore, though some people have said that has happened to them. I do not have an experience like that. My students spend more time there than me. Peter black hat has become pretty mainstream, hasnt it . Prof. Wijesekera absolutely true. I think there were about 8000 people there, and there were lots of i think there were about a thousand people there, lots ofe were scientists, government labs, and universities like ours. Peter what was your presentation about . Attackinged electric motors for fun and product. Prof. Wijesekera what it was is we realized that, looking at the way motors are designed and constructed, it might be possible for somebody to attack it makeshe sense that them do things the original user did not intend them to do. Like, when the motor gives more horsepower, we would like to reduce it. When it wants to turn clockwise, we would like to turn it counterclockwise. Those would be unsafe situations. Quite benign. If you turn them backwards, they can be a big problem. But if you use them in a different way, it can have a bad consequence. Back instead of forward or turn left instead of right. We thought we would experiment motors, and weic found there was more than one way to attack them. Presentation was based on a year and a half worth of that students did under my direction. Young man whoever is able to reproduce all the attacks we thought we could reproduce. In the meantime, there were a lot of things that did not go well. But we were able to produce a lot of attacks that we thought we could produce. Is in so, professor, what an electric motor that would make it susceptible to an attack . Prof. Wijesekera an electric motor has a central system, the and the use of electromagnetism in one way or another. Thats how we generate the moving an essentially electric wire across a magnetic field. Components of these are subject to some kind of that istion disruption not expected to be there. A seven step method of using electricity, disturbing the electromagnetic field, going , and thecontrol system motor control itself. And change them annoyingly so the controller itself would ignore that something has changed. Or, on the other hand, do some with thedisruption Magnetic Fields and so on that would alter the electric motor. Peter so not necessarily an attack on software. Prof. Wijesekera thats correct. It could be physical as well as cyber. Peter were you successful . Prof. Wijesekera yes. Peter does that worry you . Prof. Wijesekera to a large extent, yes. If you look at the consumption of electric motors, about 40 to 45 of electricity use are used by electric motors. You may not realize that you are using electric motors, but they are always there. When you get onto any train or bus or car, there are so many electric motors in them, they do consume electricity, and there is a whole division in the department of energy that devotes their entire time into making them efficient, making them better, making them not waste too much electricity or produce energy that is unnecessary for the application. But what we are showing is that it is possible to interference all of those [indiscernible] if you intended to make some harm. Peter what about software attacks . Did you experiment with those . Prof. Wijesekera yes. Peter when did you find . Prof. Wijesekera it is not that difficult to install a controller and replace the controller that can do the opposite of the specific performance of the motor. Peter a couple years ago, a jeep was hacked on purpose by wired magazine and it was controlled remotely. Is that a countrywide danger that this could happen . Think letera i me answer that question directly if something was created by , others should be able to find loopholes to either misuse it, abuse it, or use it in a way that it was not intended to be used. Engineer in the workforce, for honeywell. I know that despite our best mistakes. E could make there are so Many Software systems, tools that will show you what you should not do and prevent you from doing certain things. Despite all of that, we are imans, so at some point, if am paid to, or if i am sufficiently motivated for whatever reason, i will devote my time to making it not work the way it is supposed to work. Peter one of the things you write about and talk about our cyber physical systems. What are those . Prof. Wijesekera those are physical equipment that, based on some phenomenon of physics such as chemistry, for that matter, such as batteries, electric bands, automobiles, anything that moves or rotates or provides a that is usually controlled by some form of it could be through an application, that could still be and can degrade the performance because of this interference. Example, if you have a car with a spit on her, it can show you you drive at 30 Miles Per Hour with a speedometer, it can show you that you drive at 30 Miles Per Hour when you are actually driving at 50 Miles Per Hour. That is a problem. It is not necessarily a problem with the braking system, but if that interfered with i know the manufacturer goes through great extents make this impossible. I am not saying this as a real example. I just made up one to show you what this system would do. They interact with socalled Intelligent Transportation systems . Prof. Wijesekera if you look at Intelligent Transportation systems, most of the Transportation Systems today are migrating to be controlled by software. Our traffic lights are controlled by software. Wakers have intelligence builtin. There are cameras that show you different things. Such as they make you keep your lane so that if you deviate from the lane, it will make a sound or somehow make you come back. It is becoming very much to make sure that we as human beings dont make intentional mistakes, and if we do, try to correct our mistakes. Bs systemsample is a that are a very highfrequency, per second, so that it balances the friction, that is even beyond novel human capability. This came about in the 1970s, detailed by the on mobile manufacturers by the automobile manufacturers. That has been a great task now. Most cars come with it. At the beginning, it was limited to expensive luxury cars. Now tractortrailers and so on built in to make it safer for their vehicles and also the vehicles around you. It makes sure you dont hit other vehicles because one of your tires went over a patch of ice. These things are great inventions. System like abs hackable, or can it be attacked remotely . Prof. Wijesekera remotely is a much more difficult thing, because you have to get into the vehicle and into the system that connect the brakes. Well, we are moving into an age of autonomous vehicles. Does that increase the danger of remote tech . Look atjesekera if you it as a purely software system, you bring in more software, more vulnerabilities. One would think that yes, it does, but if you look at the engineering that goes into the autonomous vehicles, they are supposed to come tomorrow. Of funds are being paid to ensure there are no mistakes. They look at all the cases where we unintentionally did not a particular issue and bring the engineering and human factor stuff to ensure that that did do not happen not go unnoticed. There are testing efforts devoted to making sure they. Ehave properly the accident is unintentional, it predicts the peasant it protects the passengers in and around the vehicle. Been a teslahas crash, a couple of those around the country, some lossoflife. What is your take on that . And they have been in the drivers assist mode at the time. Prof. Wijesekera that is correct, yes. It could happen to any software, but i think most of the manufacturers go through great efforts. The government takes a great effort as a thirdparty party to show whats happening and give advice to both the consumers and producers of the vehicles, such andhe Automobile Industry all the equipment manufacturers, and the Research Community that is like a third party, looking it to ensure every case is even if we did not address them, it is testing loops trying to make everything better. Hopefully we close those loops one by one. Peter professor wijesekera, the 737 max, does this fit into the category of now functioning software or Software Taking over of malfunctioning software or Software Taking over for humans . Prof. Wijesekera eventually some of the software should take over some of our functions, such as abs, because it is not humanly possible to control at that frequency. So once the control systems would have these types of issues , but i think the engineering disciplines are such that we find ourselves responsible if we find something, and usually we would try to address those revelationhe next while we are trying to find an immediate remedy. That, just like when people find that some of the mistakes or accidents happen , we would go back and ensure it never happens again, but there haveo guarantee that we gone through all the potential possibilities and all the environments in which this and gives aerates license of absolute guarantee of total safety. In fact, we have to look at in fact, we have to look at every operation and make equipment that can withstand most of the initial can withstad most of the initial cases. But the problem is, if you go through such can withstand most of the initial cases. But the problem is, if you go through such an engineering process, it will take a lifetime to produce equipment and an incredible amount of effort and energy that will result in whats called over engineering. Usually we tried to be on the safe side and give ample warning , so when it should be operated, how it should be operated, and cases in which we cannot ensure that complete autonomous toavior can be guaranteed provide absolute safety, we say in these cases we would ask the human being to interfere and take over and make some decisions that would take you through those cases and bring you back to a safe space so that the control system can go for the rest of the journey. Peter so much of our communication today is wireless, so do you fear an electromagnetic attack more than you do a software attack . Prof. Wijesekera yes. That is a very pertinent question. One of the things that really whereed electric motors radio frequencies. This naturally happens at the very low rate. For example, due to sunspots, some communications are it could happen to any wireless media. Peter including airplanes . Prof. Wijesekera yes, it could. It is the rays of the sun that we actually cannot control. Sometimes they penetrate through all kinds of adverse conditions. But what about a malicious attack . Prof. Wijesekera a malicious attack, you have to be able to produce an electromagnetic field , just like the radiation attacks at the time. This was faced even then and it could be faced even now, because a lot of things are possible, but at the enormous cost of producing the attack, especially when it involves physical equipment. It is very difficult to make them in absolute secrecy and bring them out just for the attack. Peter thats talk about something that you talk about in your black hat presentation attacking electric motors for fun and profit. You spend quite a bit of time on drones. Those are out there in the world today. Is there a help me here. Prof. Wijesekera it is conceivable. One of the attacks we had was attacking a drone, a full motor drone. A fourrotor drone. It is possible to attack the four rotors using different techniques. The solution for one, may be on the other it does not work. You can go through engineering and tried to do that. Others interfering in the radio are taking it over and issuing commands that the actual driver never intended. Peter knowing what you know, how much time you spend worrying about these things . Say itijesekera i would concerns me, but it does not worry me. One of the things somebody asked me about three months ago, this was again related to newer equipment on cars, would you drive a car with all these new features . My answer was absolutely, yes. If i dont drive my own car, how do i find out . I have things i have experimented with, but they dont drive my car. Had thehink about, if i opportunity, how would i use it . Peter are we on the right path in this country when it comes to cybersecurity . Prof. Wijesekera we are. That is my opinion, again, but people who are dedicated to the cause, both in industry and government, they give their life to it, and they have great appreciation for what they do. Peter because of what we have been discussing, is that one of the reasons that huawei phones are under suspicion . Know wijesekera i dont too much about the phone, but it when you find vulnerabilities, one wonders if they are intentional or not. But going back into intention is a much more difficult thing, because most of these systems are made out of commodity components. With honeywells socalled supply chain security, how do you know every product was tested for security and there is no way of introducing unintentional things . People try to go through this think it is just i consider them to be social political issues sociopolitical issues. There are lots of people in the u. S. Like Lockheed Martin that invented these concepts and spent a great amount of time on the opening internet and darknet, trying to find out if there is something that is is evolving but not publicly disclosed. And bring that into the develop metlife cycle, so we could take some precautionary actions develop metlife cycle so we can take cautionary actions that may otherwisecidents that would happen. Peter this communicators and all others are available as podcasts. Wijesekera. P announcer for 40 years, cspan has provided america with unfiltered coverage of congress, the white house, the supreme court, and Public Policy events in washington, d. C. , and around the country. Created by cable in 1979, cspan is brought to you by your local cable or satellite provider. Cspan, your unfiltered view of government. Announcer watch book tv for National Coverage of the National Book festival, saturday starting at 10 a clock a. M. Eastern. Our coverage includes author interviews with Ruth Bader Ginsburg on her book my own words. David troyer his book the heartbeat of wounded knee. Sharon robertson talks about her book child of the dream p Rick Atkinson author of the british are coming. And thomas malone, founding director of the m. I. T. Center for collective intelligence discusses his book, super minds. The National Book festival, live saturday, at 10 00 a. M. Eastern. On book tv. On cspan2. Now a discussion on the social impact of technology and innovation with mark dean who worked at ibm for more than 30 years, and helped create the album personal computer. At the American Museum of science and energy in oak ridge, tennessee. This is one hour and 10 minutes. Science at the university of good afternoon everyone