Expert warns 'major event' will need to happen for cybersecurity to be taken seriously


In mid December, Uber put its first fleet of self-driving cars on the road in its hometown of San Francisco. The online transportation network company did so in the face of state regulators who say the company needs a permit to keep the vehicles on the road. By noon that first day, a video surfaced online showing one of Uber's Volvo XC90s, equipped with their "state-of-the-art self-driving technology," running a red light.

Just a year prior, Chrysler issued recalls for 1.4 million hackable cars after a vulnerability in several models was discovered which gave hackers the ability to control vehicles remotely.

Cybersecurity is now at the forefront of the national consciousness, due large in part to 2016 being a year filled with hacks, leaks, and email dumps. This year alone saw multiple major corporations get hit by cyber attacks; internet giants like Amazon, Twitter, and Netflix were compromised through a webcam hack, Russia allegedly targeted the 2016 election by hacking the emails of Clinton campaign chair John Podesta in an attempt to sway the presidential race in Donald Trump's favor, and even the FBI joined in on the hacking fun when they broke into the San Bernardino terrorist's iPhone without Apple's cooperation.

It's fair to say 2016 was a big year for hacking.

As society moves toward more and more automation, with now daily tasks like banking and transportation being computerized, the reality of a serious and even deadly cyberattack is beginning to feel less like the plot of a science fiction film and more like an inevitability.

"It will take some kind of major event to push this type of industry," Marshall Heilman, VP of Mandiant Consulting at cybersecurity firm FireEye, told

"There are certain medical devices that are implanted in human beings that can possibly be hacked."

"If you look at the automation of cars, obviously the government has to have some type of legislation and mandate to secure that environment. Otherwise, could you imagine if hackers were able to take over a bunch of cars and drive them around; that would be extremely bad," said Heilman.

"Some type of event I think is going to have to occur before the government actually gets involved and sets those particular standards."

Heilman sees the trajectory of safety in the automation industry as analogous to the oil and gas industry. "Safety is the biggest thing that they worry about now," said Heilman of oil and gas companies. "And that's because since they've had a number of accidents over the years, the government has stepped in, and there are now all types of mandatory safety requirements and legislation around that particular problem. "

"I expect to see a same thing in the automation industry," said Heilman.

For many in the cybersecurity field, they see a constant struggle between innovation and security that can often lead to major companies being on the receiving end of attacks. As the public demands new and innovative smartphones, tablets, and cars at an annual rate, Heilman sees this cycle as a potential problem.

"It is hard to innovate when you are constantly having to worry about security, and right now our society as a whole favors innovation. We want that new smartphone to come out every year with new functionality, but it's not possible to have a new phone come out every year and be 100% secure," said Heilman.

One field where security has seemingly yet to catch up to its innovation is the medical industry. While there have been considerable breakthroughs in defibrillator and other implantable technologies, research suggests these advancements may come with a price. "There are certain medical devices that are implanted in human beings that can possibly be hacked," said Heilman.

In October of this year, cybersecurity firm Bishop Fox backed an original report from short-selling firm Muddy Waters which claimed to find a critical and life-threatening vulnerability in Jude Medical Inc cardiac implants. If compromised, the report states that hackers could convert the company's Merlin@home patient monitoring devices into "weapons" with the ability to cause cardiac implants to stop providing care, and even deliver shocks to patients.

St. Jude has strongly disputed these claims, which are currently under investigation by the U.S. Food and Drug Administration.

But speaking about the possibility of medical implants being hacked, Heilman called it "concerning," saying it's "something we as a society don't really spend that much time thinking about."

"It will take some kind of major event to push this type of industry."

However, it's not all dire for the future of cybersecurity. While there is always a perpetual race to get ahead of hackers, the industry as a whole has experienced some wins as of late, and there is reason to believe the industry as a whole is trending in the right direction.

"We've seen the cybersecurity industry get better at detecting the fact that there are hackers in environments and actually doing something about it," Heilman continued. "About five or six years ago the average number of days that an organization was compromised was 600 plus. And now we are down to about 146.

"Which is great, but the problem is attackers still only need a handful of days to completely own an environment. So while I see hope and that we are getting a lot better as an industry we still have some work to do."