On The Security Of Things And Cyber Trust

By Stan Paul

The Internet is where technology, policy, law, banking and business meet, not to mention the innumerable interconnected electronics and gadgets that we rely on each day — the so-called “Internet of Things.”

Also at this intersection is John Villasenor, professor of engineering and public policy at UCLA. While keeping up with the growth and proliferation of technology, Villasenor is more concerned with the security, safeguards and trust that must accompany our interdependence on this progress — what Villasenor refers to as “the Security of Things.”

At the Luskin School, he brings this expertise to the classroom. He co-teaches, among other things, a course titled Science, Technology and Public Policy, a class for graduate and undergraduate students, with Prof. Albert Carnesale, UCLA Chancellor Emeritus, SALT Treaty negotiator, professor emeritus of public policy and professor of mechanical and aerospace engineering.

Villasenor, formerly with the NASA Jet Propulsion Laboratory (where he developed methods of imaging the Earth from space), also serves as an adviser for Luskin’s Master of Public Policy (MPP) students’ Applied Public Policy projects.

Villasenor also is a prolific writer, researcher and public commenter on technology issues such as digital privacy, intellectual property, trade secrets and corporate cybersecurity, drones and autonomous cars. This year, Villasenor testified at a U.S. Senate hearing in Washington, D.C., on unmanned aircraft, examining the safety and privacy issues that are emerging as unmanned aircraft fill the skies over areas of peace and conflict. His wide interest and expertise is evidenced by the array of publications that have included his writing: Atlantic, Billboard, Chronicle of Higher Education, Fast Company, The Huffington Post, Scientific American, Slate, and the Los Angeles Times and Washington Post, to name a few.

While the actual application of autonomous cars to the streets is heading toward reality — although a work in progress — some of the legal issues involved are long established, according to Villasenor. In a recent Forbes article, he addresses the headline question: “If a Cyberattack Causes a Car Crash, Who Is Liable?” While the concept, in actual practice, still appears futuristic, unintended consequences may easily be seen through the legal lens of product liability and negligence, which could bring accountability to hackers (often unlikely, according to Villasenor), manufacturers (more likely) and, under some circumstances, even end purchasers, he says.

Villasenor outlines the issues coming to the fore with autonomous vehicles in a Brookings Institution report titled “Products Liability and Driverless Cars: Issues and Guiding Principles for Legislation.”

And, writing in Forbes (July 2015) on the recent wireless hack of a Jeep Cherokee that disabled control over the vehicle, Villasenor comments, “In the rush to increase connectivity, manufacturers — not just vehicle manufacturers — are often giving insufficient attention to the additional security exposures created when complex systems become increasingly linked.” He adds, “More connections mean more pathways and back doors that could be exploited by a hacker — especially when a system’s own designers may not be aware that those pathways and back doors even exist.”

On the recent VW emissions scandal, Villasenor wrote in Forbes Magazine (Sept. 21), “More broadly, the Volkswagen emissions scandal provides an important reminder that cyber trust involves more than cyber security. What we want, at the end of the day, is confidence that the software that runs everything from cars to medical devices to the critical infrastructure can be trusted.”

John Villasenor is a professor of electrical engineering, public policy and management at UCLA. He also teaches at the UCLA Anderson School of Management and the UCLA School of Law and is an APP (Applied Policy Project) adviser for the Department of Public Policy. He is a nonresident senior fellow at the Brookings Institution and a National Fellow at the Hoover Institution at Stanford University. He serves on the World Economic Forum’s Global Agenda Council on Cybersecurity and is a member of the Council on Foreign Relations.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.