By: Jennifer Tisdale
Public-Private Partnerships (P3) are often thought of in terms of large-scale, long-term relationships between a government agency and a private business, in which the private business provides a service or an asset to the government while also carrying the burden of financial risk.
This commonly occurs in terms of real estate when a certain location is desired for use for a government building or hospital; however, the needed facility space is not available or does not exist. In these situations, an agency and a real estate developer may reach an agreement where the developer constructs the building, and the agency agrees to a long-term lease agreement. But P3s which place the burdensome risk with a promise of financial gain, over time, on the industry partner, are not the only desirable way to leverage a Public-Private Partnership. These partnerships may also be desirable when there is a shared mission, an opportunity to advance the mission, and the interest and ability to share knowledge and resources for the greater good.
Throughout the last year, GRIMM Cyber has been engaging in discussions with Michigan State Police (MSP) about the possibilities surrounding the cybersecurity of the vehicles driven by their State Troopers. As theories developed, interest grew, and a shared vision of conducting a live demonstration of "hacking" police cars was born. If GRIMM chose to accept it, the mission was to disrupt a vehicle's operation in motion.
The original purpose was to advance MSP's understanding of automotive cybersecurity issues within their vehicles and how disrupting the functionality of one of their police cruisers might endanger the safety of their officers and that of the citizens they are sworn to protect.
Anyone who has attempted a live hacking exercise knows they rarely go smoothly or as planned. So MSP upped the ante by attacking not one car but two different makes and models; get this… at the same time. Though undeterred by the challenge, Team GRIMM knew we would need another team to support the demonstration on the second vehicle and that it would need to be completed in short order. Enter the U.S. Army Cyber Engineering Red Team from the Ground Vehicle Systems Center (GVSC) in Warren, Michigan. Together GRIMM and the GVSC team devised a plan of attack, developed, tested (and retested), and synchronized our findings for the demonstration.
The audience for the demonstration included cybersecurity stakeholders from the State of Michigan, other law enforcement agencies, and a short list of VIPs. They wanted to learn more about our work and how modern vehicles' inherent security vulnerabilities, both in-vehicle and within the Intelligent Transportation Systems (ITS) or connected (i.e., smart) road infrastructure, will operate.
The guest of honor attending the demonstration was Chris Inglis, the Director of the Office of National Cybersecurity (ONCD), newly appointed by the White House. He has been touring places of interest with unique cybersecurity research, work, and education programs. To the teams' pleasure, Director Inglis didn't watch the car-hacking demonstration; he participated.
Pictured above (l to r), Director Chris Inglis, ONCD, receives an explanation of the vehicle cybersecurity attack from GRIMM's Director, Cyber-Physical Research, Tim Brom.
While it may have been Director Inglis' first time driving a car while being hacked, he was impressed by the collaboration of the U.S. military, State government agencies, and a small business joining forces to advocate for increased cyber research concerning Automotive IoT. Director Inglis advocates for increased Public-Private Partnerships for research, training, education, and workforce development initiatives which are expected to be a large part of his soon-to-be-released national cybersecurity strategy.