How serious is the cyber breach in transportation in Israel?

Cyber ​​protection in a smart vehicle may be considered an integral part of vehicle safety, this is one of the conclusions of a comprehensive study conducted by researchers at the Hebrew University.

The danger is already here, but in the meantime the Ministry of Transport is running slowly

Keenan Cohen

21/12/2021

Tuesday, 21 December 2021, 18:06 Updated: 18:53

• Share on Facebook

• Share on WhatsApp

• Share on Twitter

• Share on Email

• Share on general

• Comments

  Comments

The series of recent hacks into databases of insurance companies, websites such as Atref, medical institutes, e-commerce and more have raised the level of protection of the personal data of hundreds of thousands of Israelis. However, with all the inconvenience of personal details circulating on the Internet, intrusion into the heart of Israel's transportation infrastructure and even into the vehicles themselves, can lead to personal injury.

Those who speculate about this effect include the various insurance companies who see this type of attack as a real risk in the near term and even more so in the longer term, not to mention the future where autonomous cars at these and other levels will be a "coveted" target for hostile elements. The same companies joined a group of researchers from the Hebrew University of Jerusalem for a project that assessed the level of risk posed. And what, if any, are the steps to be taken at the policy level in order to reduce exposure to them.

The product of the research is a report signed by research colleagues at the Federman Center for the Study of Law and Cyber ​​Policy of the Hebrew University, Dr. Chaim Wismonski and Gadi Perl.

When the concluding report for the project was written by the research fellow at the center, Adv. Vered Zelicha.

More on Walla!

Kremba will integrate cyber solutions into Alpine's popular multimedia systems

To the full article

The more connected and transmitted the car, the greater its security should be (Photo: Keinan Cohen)

When the state turns a blind eye

The report breaks down the risk posed by cyber hacking into transportation into a number of components, in the automotive and infrastructure sectors, and in particular calls on the state to take an active approach to tackling the "last line of defense" of the vehicle itself, but a broader approach that includes impacting global cyber protection standards. In the more local aspect, the recommendations relate to the treatment of cyber holes in new cars throughout their life cycle. Others this can be done with the connection of the user's "infected" mobile phone to the vehicle via the charging socket which is also used for data streaming.

Therefore, the study recommends testing not only the vehicle's "immunity" upon arrival, but also throughout its years of use with the installation of multimedia systems or other communication components through the annual licensing test as well as after large-scale cyber incidents.

Will the licensing institutes also check cyber systems? (Photo: Keinan Cohen)

The interest that insurance companies have in these cases is clear, since in their view, such a risk may affect the way they calculate the level of protection of the vehicle. There is currently no reference in insurance policies to cases of damage or theft as a result of a cyber incident.

Another possibility cited by Adv. Zelicha, who also serves as head of cyber and artificial intelligence at the law firm of Lipa Meir & Co., is that in the absence of the state's desire or ability to be a factor in this defense system, it could be possible to insure their clients. Their composition for such events through variable pricing of the insurance policy accordingly and will actually act as a "regulator" in the matter, similar to what is done today with safety accessories or GPS components that monitor the nature of driving in order to assess the risk of drivers in the policy. The insurance companies reflect in the price the level of protection and readiness of the insured body for cyber incidents.

Fear of damage and disruption of traffic infrastructure in Israel (Photo: Reuven Castro)

Department of Transportation?

Takes care of public companies

The Ministry of Transportation does not ignore the risk posed by the cyber field to transportation, but for him, the task is to protect the industry and less in the resolution of private cars. January 2021, sending security department, emergency transport and cyber office as CEO of the Public Transport List cyber security requirements, are intended to reduce the gaps in preparedness of the industry to deal with cyber threats.

Whoever is responsible for national monitoring center in transportation cyber threats This body will be operated by the Airports Authority, which already has experience in dealing with cyber defense in its area through the Cyber ​​Air Force at Ben Gurion Airport.

When does all this happen in practice? The Ministry of Transportation does not say. The ministry has a constructive solution in order to formulate an industry picture, which will help reduce the gaps in the level of cyber protection, "we will be very surprised if this happens in the near future.

An innocent connection to a charging station can also be a tool for penetrating vehicle systems (Photo: Nir Ben Tovim, Keinan Cohen)

Mrs. Cohen, breathe a sigh of relief

Despite the spirit of the report, it is possible to calm down. Currently, the threat in cases of cyber hacking, hijacking or intentional damage to a vehicle as far as the private end user is concerned, this perception is also held by cyber defense companies in the automotive field. A "reward" in the case of a private user is simply unprofitable. Those who can be intimidated and fear these are companies that own large vehicle fleets, such as rental companies that will discover one morning that thousands or tens of thousands of users have access to cars until you pay ransom to hackers. In the case of breaches to state transport infrastructure, from disruptions to public transport activities, to damage to infrastructure such as traffic lights, signaling, disruption of emergency and rescue vehicles, etc. However, the state is trying to defend itself through the same cyber protection center in transportation.

But ultimately the concern is not a cyber hack into our private car, but the problematic choices of adding another new state requirement for testing in the annual licensing test (and no one will be surprised if a fee is attached to that requirement as well), or the consumer side, from the day insurance companies decide That they are "voluntarily" replacing the country.

• vehicle

• Car News

Tags

• Cyber

• vehicle

• Department of Transportation

• The Hebrew University