How hard is it to hack a self-driving car? What happens when someone tries to phish the CEO of Argo AI? How realistic is that crazy room in the first “Mission Impossible” movie? How can we protect ourselves from a cyber attack? As it turns out, there are more misconceptions about security in self-driving cars than you can count on both hands, and we’re here to filter out the silliness and dish you exactly what you need to know about hacking (and protecting!) an autonomous vehicle. From secret military projects to Carnegie Mellon University to civilian autonomous vehicles, Argo AI Chief Information Officer Summer Craze Fowler has seen it all. In one of our earliest recorded episodes, Summer schools Bryan and Alex on the truth about the biggest secret in information security.

Listen On
Apple
Google
Spotify
iHeart Radio
Share

View Episode Transcript

Episode Transcript

Alex Roy

On this episode of the No Parking podcast, Brian and I are going to talk to one of my favorite people, Summer Fowler, who is the … What is her title?

Bryan Salesky

Chief Security Officer.

Alex Roy

At Argo AI.

Bryan Salesky

That’s right.

Alex Roy

So this is an unbiased podcast because you and I disagree on so much.

Bryan Salesky

That’s why it’s exactly right. That’s a good way to frame it.

Alex Roy

Well, it’s true, because we shouldn’t be in the room together except that I like you.

Bryan Salesky

Right. Well, I like you too.

Alex Roy

All right. This was actually the first episode we recorded when we first thought we were going to do a podcast, and I can’t believe you actually agreed to it.

Bryan Salesky

Me neither, but it went really well.

Alex Roy

It’s gone pretty well. That’s what’s up.

Bryan Salesky

No, it has. I mean, we have a lot of chemistry as you can tell.

Alex Roy

Yeah, sometimes.

Bryan Salesky

But the one with Summer was pretty interesting. I mean, I think she shared some good insight, and you clearly … Boy, you did your research on this. I mean, I’m trying to remember now. What was the-

Alex Roy

Air gapping.

Bryan Salesky

Yeah, right.

Alex Roy

Let’s just-

Bryan Salesky

Crazy.

Alex Roy

Let’s just go right into it. Here’s Summer Fowler.

Alex Roy

I want to talk about security and hacking. Brian, I heard that you were hacked yesterday.

Bryan Salesky

Yeah. Well, it’s two days ago. I was sent a very, very authentic looking E-mail that shockingly was an account that was from a lawyer that was actually owned, “got owned” … Is that the right word, Summer?

Summer Fowler

Yes. Yes.

Bryan Salesky

Owned? Yeah. I wrote, “Is this legit?” The response came back, “Yes, it is legit, and this is confidential and you must look at this.” I went and clicked the link. A few clicks into it, it started getting shadier and shadier, but by that time I had already entered in a password that I had actually used with this law firm in the past. Everything looked legit up until that point. Then I spent the rest of the evening changing every password in my entire online life.

Summer Fowler

Yeah.

Bryan Salesky

Yeah. Right.

Alex Roy

Just to be clear, you are Bryan Salesky who’s considered a leading intellect on AI technology in robotics. Is that correct?

Bryan Salesky

I mean, allegedly.

Alex Roy

Because that happened to my mother, and she’s not—

Bryan Salesky

This was very authentic looking, Alex. It was very authentic. This was not like … It didn’t say, “Don’t click me, this is bait.” It didn’t say, “Hello, I’m Mr. so-and-so from some other country.” This was a law firm we had interacted with in the past, with a person who I knew, with a login and dialogue box that looked exactly like what the authentic thing looked like last year, and it turned out it’d just been owned. I mean, this is the new world we live in.

Alex Roy

So you called Summer?

Summer Fowler

Yes.

Bryan Salesky

I did. I have her … it’s like a bat phone. The lights went on, and I said … Luckily, I use different passwords for different things. So what was not work stuff wasn’t accomplished.

Alex Roy

What’s the old password?

Bryan Salesky

I’m not telling you what the password is.

Alex Roy

Summer, how did you solve this?

Summer Fowler

Well, I was driving, and so I did pull over. When I saw that the message had come from Bryan, and I said, “Oh boy. I have to really spring into the depths of my cybersecurity knowledge and do the most technical thing I could possibly think of,” which was pick up my mobile phone and call the law firm. When I called the receptionist, and I asked for the person, I said, “May I please speak to Jane Doe?” She said, “Is this about the E-mail?”

Summer Fowler

Then I knew, and I said, “It is.” She said, “No, that is not a legitimate E-mail.” She was not happy, and she said, “I am getting another phone call about this right now,” and I hung up and I let Bryan know that I did the most technical thing possible, and went into my bag of cybersecurity checks.

Alex Roy

One of the things that fascinates me about hacking is that people … Since I could read, I remember seeing headlines about hacking this, Digital Pearl Harbor that, and I saw War Games as a kid. When I walk into the office, I see on the board, this looks like NORAD, there are these two big screens with real time data. What’s really going on? I mean, come on.

Summer Fowler

Well, that’s all fake. We want you to think we’re doing important things.

Alex Roy

You justify your role. What is your title?

Summer Fowler

Chief security officer.

Alex Roy

At Argo AI?

Summer Fowler

Correct.

Alex Roy

How’s that been going other than this problem the CEO brought on himself?

Summer Fowler

No, it’s a fascinating environment to be in, and it’s really exciting. Not from a war games kind of standpoint, but what’s great about it is working with really, really smart people every day, who bring incredible challenges, and then you also get to see the side of people that you think, “Huh, what made them think that was a good idea?”

Bryan Salesky

I think this is an important point, because engineers, their whole life is about, “I just need to make the thing work,” right?

Summer Fowler

Yes.

Bryan Salesky

It’s not like you can then come in at the end and say, “All right. Well, that hard jobs done. Now, let’s go figure out how to make it secure.”

Summer Fowler

Yes.

Bryan Salesky

Or how to make it safe, or how to make it reliable, right?

Summer Fowler

Right.

Bryan Salesky

It falls in the category of all of those “-ilities”, as we used to call them. Security is something that has to be baked in from the start, and you need to think about it in a holistic way. That’s an important part to how we approach building these things.

Summer Fowler

Absolutely.

Alex Roy

I have questions. When the guys, a few years ago, those two guys who hacked the FCA Car, that was the thing which made, I guess, hacking in the minds of the public go from theoretical to ‘this is possible’. But how relevant is what they did to that Chrysler … that Jeep…to any risk we might have with actual future self drive vehicles?

Summer Fowler

It was a great exercise in showing the engineering community things that we need to avoid, right? In terms of access into the driving capabilities of the car. How relevant is it to an Argo vehicle? It’s not because we’re taking care of that path, but that doesn’t mean there aren’t many other paths that people will try to …

Bryan Salesky

Let’s be real clear about what happened. Right? I mean, my understanding, I haven’t read all the papers, but I think they loaded code onto a CD-ROM, put that in the infotainment system-

Summer Fowler

Correct.

Bryan Salesky

… then loaded a backdoor into the head unit, which then allowed them to connect to it through a physical connection-

Summer Fowler

Physical connection, yeah.

Bryan Salesky

… inside the car to then try to compromise the-

Summer Fowler

And then later …

Bryan Salesky

… braking steering system.

Summer Fowler

Later, they showed a distant connection.

Bryan Salesky

Right.

Summer Fowler

Right? So that the first hack was very physically oriented. The next time they went around to it, they did it from a distance, so over GPS.

Alex Roy

Let’s just clarify, okay.? The danger that the public fears is a vehicle that they’re riding in that is remotely taken over and something bad happens. But I’ve never heard of that actually happening in the real world without prior access to the vehicle. The hackers being able to touch the car ‘hands on.’

Summer Fowler

Right.

Bryan Salesky

I mean, that’s what I’m saying. I mean, that Jeep, example, is something where fairly heroic measures were necessary in order to expose the right interfaces for them to be able to actually take remote control of the vehicle. Now, it’s not good the fact that it could be compromised in the way that they did it, right? But the point is that there were many layers that needed to be hacked and compromised and reverse engineered for that to occur. Ultimately, you want to have multiple layers. Right, Summer?

Summer Fowler

Yeah, absolutely. We say security is like an onion, right? You want to have all those multiple layers to account for it.

Alex Roy

Basically, what they did is not … I mean, I guess that hacking has always been a moving target. Hacking has existed forever. It’s the equivalent of what they did in the past would’ve been … Well, it’s hard to pick a lock without a lock pick set, but those guys basically had a stamp of the key.

Summer Fowler

Yes. Yeah, they knew what the inside looked like.

Alex Roy

Also Murphy’s law says, “Everything that can go wrong, will go wrong.” There’s a self driving vehicle, in the future. It’s got connectivity. If vehicle has connectivity, there has to be a way in. How does one prevent, if a vehicle has connectivity, what are the steps? What’s the architecture of protection or risk mitigation for a future self driving car?

Summer Fowler

I think the first thing is making sure that it’s a resilient architecture, in the sense- But the bottom line is you have to think about, no matter what could occur, what the instance is going to be of an activity trying to take over that car or stop that car, it needs to handle itself in a graceful manner. Right? Even if you think it’s a hack or you think it’s a piece of software that’s gone bad or a hardware failure, you want the people in and around that vehicle to be safe. A graceful degradation of capability where it pulls over and everyone’s safe. That’s number one. I mean, that’s primary to what we’re looking at, and then you work backwards from that.

Alex Roy

Isn’t that basically saying, “We can’t stop every possible attack but let’s mitigate?”

Summer Fowler

Yeah, you want to be able to keep people safe no matter what occurs. That’s first and foremost. Even if we couldn’t give any attribution to what is happening to the vehicle, make sure that it’s pulled over, it’s safe, it’s in a good spot, and then, like I said, you work backwards from there and you think about what are the various connections, what are the things, the motivations that people would have and the capabilities that they would have in order to get to a piece of the software or a piece of the hardware or the actuation of the vehicle, and then mitigate from there.

Alex Roy

Brain’s looking me like I’m the bad guy here. The attack points-

Bryan Salesky

I’m enjoying this.

Alex Roy

The attack points-

Bryan Salesky

Alex Roy hacking a vehicle, this is entertaining.

Alex Roy

The attack points, the weak point is the vehicle itself connectively direct into an individual vehicle, but one could also in theory attack on the server side, the cloud side, and attack multiple vehicles as another method, which has happened recently in Canada with CAR2GO, right? Wasn’t there an incident where a 100 CAR2GO vehicles were unlocked and stolen and used for ‘The Canadian Job’?

Bryan Salesky

You do read a lot of news.

Alex Roy

It’s my job.

Bryan Salesky

That’s great.

Alex Roy

I imagine the security on that side is …

Summer Fowler

The connectivity side of it, and yeah, you don’t want multiple cars to be taken over, but you even have to think from a physical standpoint, right? If someone puts a laser or throws a glitter bomb at a car, what happens? If someone …

Alex Roy

Are you a laser—

Bryan Salesky

Oh, my goodness. A glitter bomb. We’ve got to add that to the test set. Thank you.

Alex Roy

Are you—

Summer Fowler

That was supposed to be on the test set list.

Alex Roy

A laser meaning…to blind the camera on a self driving vehicle? Would that even work? Because last year, I was thinking to myself that you can purchase, legally in 48 States, a laser jamming device that would block police speed detection laser. I believe it’s….905 nanometers, which is not what … No, I might—

Bryan Salesky

No, you’re right. That’s impressive

Alex Roy

Would such a commercially available device have any effect on a self driving vehicle LIDAR?

Bryan Salesky

Even for the police LIDAR speed detectors, in order for that jamming device to work, it needs to be pointed fairly precisely. That’s one of the … well, not that I’m well researched in these jamming devices, but there’s a pointing problem there. It’s the same thing exists with the Navy LIDAR sensor, and it’s actually confounded by the fact that there’s actually many, many detectors and transmitters spinning typically, whether it’s spinning on the inside or on the outside.

Alex Roy

A single point will not do anything to self driving-

Bryan Salesky

A single point is not going to do anything. That’s right.

Alex Roy

… LIDAR.

Bryan Salesky

That’s right. Because it’s constantly a moving target, so to speak, it’s actually really difficult to jam.

Alex Roy

Summer, how do you know so much about all this? What’s your backstory? You had some military experience?

Summer Fowler

Well, I worked for a defense contractor. Yes.

Alex Roy

Which one?

Summer Fowler

Northrop Grumman in Baltimore.

Alex Roy

But that’s after they built the Tomcat and all the cool stuff?

Summer Fowler

Yeah, it was after a lot of that. I did a lot of work with the Navy and the Marine side of things.

Alex Roy

Can you talk about that?

Summer Fowler

Yeah. We worked on tactical exploitation systems, meaning it was multi intelligence. My favorite job there was working with the Marines on a tactical exploitation group, which is a group of Humvees that you can send in theater during a battle.

Alex Roy

I like what I’m hearing.

Summer Fowler

Yeah, and it will receive multi sources of intelligence, so from a cloud in the sky. Not a real cloud but satellite data. Imagery data. If you’re flying an F-18 that could give you imagery, it would take information on maps and give layers of maps to show what does the terrain look like, and then we could track moving targets from electronic intelligence, human intelligence, and put it all in one map, for situational awareness for the troops.

Alex Roy

For anyone, over the age of 45, who played Battlezone, the vector graphics tank game, I remember there was a display, the bottom center of the screen, which showed in a forward arch, the fake radar sweep-

Summer Fowler

Yes.

Alex Roy

… and then friendly vehicles, and occasionally enemy vehicles-

Summer Fowler

Absolutely.

Alex Roy

… based on fog of war.

Summer Fowler

Yes.

Alex Roy

To my understanding, this basically integrates all of that.

Summer Fowler

It integrated that type of information, and you could see is this friendly electronics, is this enemy electronics? What was really exciting about that word, because we took it over from another defense contractor who couldn’t make the imagery processor work. I was in Charleston, South Carolina, F-18 flying over us, imagery being sent to us, and it’s not processing, and a Gunnery sergeant is literally barking in my ear to make this work. We had engineers there, and it was a very exhilarating, exciting role. It’s probably why I love working at Argo with Bryan barking in our ears. No, I’m just kidding.

Alex Roy

Shameless plug, wow. Shameless. Bryan, when you were on the DARPA challenge, did anyone consider … was there any rule against…say…deploying hacking against opposing teams?

Bryan Salesky

Actually, there was a rule not explicitly about hacking. But there was a rule where there was not supposed to have been any sort of connection from the outside world that could get to the vehicle. The vehicle needed to be self-contained. So there was no cell modem, no ability to contact or interact with the outside world other than through the use of obviously active sensing that’s on the car.

Alex Roy

Because if I’d been there, man, I would’ve absolutely deployed active measures against opposing teams.

Summer Fowler

I was thinking about.

Bryan Salesky

Thankful you were working on Cannonball at the time. Yeah.

Alex Roy

Wasting my life.

Summer Fowler

What about during the original DARPA challenge? Yeah, I always wondered why they couldn’t have one of those vehicles try to take out the other vehicles.

Bryan Salesky

I suppose they could have, but I mean, the idea was that if one had a mechanical failure, obviously you had a second horse in the race.

Summer Fowler

Right.

Bryan Salesky

Or a software, any type of failure really. But I guess I’m curious what Red would say to that? If they talked about it, I don’t know.

Alex Roy

I’m curious about the history of hacking. I mean, set aside that self driving vehicles or vehicles that move. Hacking has always existed, it’s always going to exist in some form.

Summer Fowler

Right.

Alex Roy

What were the most spectacular, I guess, failures of businesses at that scale…due to lack of foresight, or failure to account for an attack after the fact? I mean …

Summer Fowler

Sadly, it’s typically really basic things, right? Like not knowing the assets that you have, and then not keeping a single server upgraded that’s connected, and somebody forgets about it. Most of the really big hacks that you’re hearing about, where 250 million people have their information stolen, it starts with something pretty simple. That’s something that we work on every day here, to make sure that we’re accounting for all of our assets.

Alex Roy

I mean, I’ve met a lot of CEOs, other than Bryan, who say security matters, safety matters, yada, and then they conjure up a new CTO or security officer that…everyone’s got a great looking resume. I mean, and yet these things still happen. What is it? I mean, why? Who and what universe do people think Kaspersky was the right app to deploy in the US government?

Summer Fowler

Well, here’s what I’ve learned. Kaspersky, when you think about … A lot of that has to do with what’s cheap, what’s fast, what’s available. But yeah, companies do a lot of putting someone in charge saying that we shouldn’t have these problems, here’s where I am. I spent 11 years at Carnegie Mellon University developing some capabilities with an awesome team that said, “Hey, this is how organizations should run,” and then I got here and I had to start eating my own dog food, and a lot of that dog food is really hard to eat.

Bryan Salesky

I mean, yeah, the bottom line is there’s humans involved in the equation, right?

Summer Fowler

Yeah.

Bryan Salesky

Humans are building these products. They still are going to make mistakes, and so the key is to put tools and process and things in place that allows them to continue to move fast but not make mistakes that creates security holes, and that means that you need a holistic design, right?

Summer Fowler

Yeah.

Bryan Salesky

You need a holistic architecture that allows them to do their work, that allows us to have a safe, reliable system, but that’s secure at the end of the day.

Summer Fowler

We say all the time here we have to solve for yes. Right? When you don’t want to become that office of no, where, “Hey can we do something?” And you don’t want to be the no, you want to solve for yes.

Bryan Salesky

That’s right.

Summer Fowler

Our job is to move as quickly as they are to make them successful.

Alex Roy

I mean, going back to protecting the vehicle and preventing vulnerabilities and getting rid of attack vectors and that sort of thing, what are some things that we are deploying in order to mitigate that?

Summer Fowler

Some of the basic things that we’re doing is a hybrid threat modeling, working with the engineering teams to say, “What would you do in order to think about how you would attack what you’re designing?”

Alex Roy

Yeah, the engineers know exactly where all the vulnerability are, right?

Summer Fowler

That is exactly right.

Alex Roy

They can tell you a 1000 reasons how-

Summer Fowler

We will sit down with them, and say, “All right, this is the component that we’re addressing today. What are all the ways that you could do bad things to it, physically, logically?” Then we work with them to say, “All right, here’s what we should do, design, moving forward, and how we can work that.” We run physical tests ourselves, like cybersecurity tests that we run against our systems.

Summer Fowler

But I really like the working with the engineers on the modeling, the threat modeling, because it does two things. One, it helps us solve the issues that we have and the issues that we’ll have in the future, but it also trains them to start thinking as they’re designing. So the next design they make, they’ll say, “How would I attack this?”

Alex Roy

This isn’t just a software solution, right?

Summer Fowler

No.

Alex Roy

We’re also talking about things that we can do in hardware to give them additional tools available. Can you talk a little bit about that?

Summer Fowler

Yeah. Thinking about the hardware sets would be, what are the ways that we can stop physical tampering? What are the hardware activities that we need? We also have to think about the supply chain, right? We are getting this equipment from all over the world, from all different types of companies, and so we need to validate and verify that something hasn’t been put into a piece of hardware that would be a potential spot or a vulnerability in the vehicle. Now we’re also training our supply chain managers. What questions should I ask? What should I be looking for? It touches every point of the organization back.

Alex Roy

Yesterday, there was a kids day?

Summer Fowler

Yeah.

Alex Roy

There was some hoopla, something bad happened?

Summer Fowler

h yeah. So this is an example of really smart people.

Bryan Salesky

To be clear, no kids were injured on kid’s day.

Summer Fowler

No kids were injured.

Alex Roy

Well, I-

Summer Fowler

No animals were injured.

Alex Roy

I was attempting to get my personal iPad on the network, and then went down to the security area and there was no one there-

Summer Fowler

Yes.

Alex Roy

… because something had happened.

Summer Fowler

Yeah, they were-

Alex Roy

I’m in the softball this year because the story’s so good.

Summer Fowler

It is really good. We had three groups, and the teenage group was working on robots, and they were going to program robots. There were robots that were purchased from a particular country, and the engineers who were running kid’s day wanted to connect the laptops that the teenagers would be using to control the robots.

Alex Roy

Their own laptops?

Summer Fowler

No, they were corporate laptops, and they wanted to connect them to the corporate network and download software that would be needed to run these robots.

Alex Roy

Where were these children from?

Summer Fowler

All over. All over Pittsburgh. They came to us and said, “Can we do this?” At least they asked, which was great. We said-

Alex Roy

Trained?

Summer Fowler

We said, “No,” and we had to sell for yes, and so the IT and cyber teams were working on … they were tap dancing, the employees who were working with these teens. We’ve got them a MiFi device so that they wouldn’t be on corp network. Once the exercise was done, we wiped those laptops and rebuilt them. But little things like that, they happen.

Alex Roy

You wiped the laptops?

Summer Fowler

Yeah. They downloaded software from Lord knows where.

Alex Roy

Wow. There really is no trusting a piece of hardware once you’ve downloaded something from the intranet, is there?

Bryan Salesky

Not really. To be clear, there was no incident. It was-

Summer Fowler

No.

Bryan Salesky

It was a thing. It was a thing.

Alex Roy

A thing?

Bryan Salesky

It’s things like this-

Alex Roy

Day to day.

Bryan Salesky

The day to day stuff that seems innocuous. Yeah, we’ve got the kids in, we’re going to teach them how to do some robot programming, we just need to download this tool, and it can be as simple as that, and that could have created an incident had we not had a cybersecurity team that’s looking after the best of the company.

Alex Roy

I got some questions for you. Myths and reality.

Bryan Salesky

I thought I was co-hosting. I shouldn’t be … Is this is how this is going to work? Wait a second.

Alex Roy

Myth versus reality. I read somewhere that there was a machine looking at an office in Europe that someone wants to get the data off of, and it was air gapped, which means that I guess there’s no connection to anything physically, right?

Bryan Salesky

Are you on the cybersecurity team? Have you studied for this podcast? This is impressive.

Alex Roy

I like to keep up on things.

Bryan Salesky

I can see that. All right. Air gap, yeah?

Alex Roy

I believe that to pull that off of the machine that there was a camera and with a microphone externally mounted on a tree point at the window, and then the machine that was modulating its fan speed to transmit data at an admittedly low rate, and data was pulled off of the box. Is this even possible?

Summer Fowler

I don’t know about from the fan, and the fan speed.

Alex Roy

The fan speed modulation.

Summer Fowler

But you can use sound to understand what’s happening. Yeah. I mean, and you’ll have modulators put on windows to change vibration. They do that in SCIFs in the government?

Alex Roy

What’s SCIFs?

Summer Fowler

It’s a compartmentalized information facility. Special … It is where classified work is done.

Alex Roy

In the Mission Impossible scene where he drops from the ceiling down the rope with his feet upside down, to pull … They don’t really have rooms like that, right?

Bryan Salesky

They kind of do.

Alex Roy

They don’t seem very good at protecting—

Bryan Salesky

I wouldn’t know.

Alex Roy

Pretty bad, protecting them.

Summer Fowler

I’ve never been in one of those.

Bryan Salesky

Yeah, no.

Alex Roy

Last year, there was a vehicle that approached a toll booth, and the guy put like a bar code in his license plate or something, to scramble … Am I remembering this correct? I’m trying to understand these attack vectors, all the obvious ones, which you described all these redundant protocols to protect. I understand. Has there ever been a spectacular hack of the technologies that we’re working on? Even in theory? Because when I hear the FCA story, but that Chrysler Jeep hack, and-

Bryan Salesky

I mean, to be clear, right? It was a supplier to FCA. It wasn’t even FCA themselves, and this gets to Summer’s point about securing the supply base and understanding what latitude you’ve given a supplier in terms of access to the overall system. There was no need for the infotainment system to have the level of access that it had to the rest of the power train, and they found a way to exploit that. I think everyone learned a lot of lessons from it, but let’s not forget the heroics in the jumping through hoops that were required.

Bryan Salesky

I mean really was experts that was required to do the things that they did. I’ll go back to the defense in depth comment. We can’t necessarily forecast every single eventuality, but what we can do is we can make it so onerous by having so many layers in place before you could actually get to a meaningful compromise that would get to the actuation of the car, that with each gate, with each level of security put in place, your odds of that eventual bad event happening just becomes so minuscule. That’s what we do, is we drive that risk as low as possible.

Alex Roy

Just one more question, which tells the truth about hacking. Bryan, what do you drive?

Bryan Salesky

I have a couple of vehicles.

Alex Roy

Are any of them connected?

Bryan Salesky

They are, both of them.

Alex Roy

Do you use the connectivity?

Bryan Salesky

Yes, of course. Of course, I use the connectivity. Yeah, sure does.

Alex Roy

Is there any risk there?

Bryan Salesky

I mean, probably. Where are you going with this?

Alex Roy

That depends on what you say next.

Bryan Salesky

I mean, I’ve got a car that downloads Google Maps, which is like really cool. Provides satellite imagery, it’s amazing. I love it.

Alex Roy

Did you pick your vehicle based on what you thought the risk factor would be?

Bryan Salesky

No.

Alex Roy

Okay. Summer?

Summer Fowler

Yes.

Alex Roy

What do you drive?

Summer Fowler

I drive an Infiniti QX60, which I have read is called the luxury cow for suburban moms.

Bryan Salesky

Oh my God.

Alex Roy

It’s a lovely vehicle.

Summer Fowler

It is a great vehicle.

Alex Roy

No one would complain. But does that not have a steering by wire system?

Summer Fowler

It does. It does. Although, I don’t use the connectivity other than the bluetooth for sound, and I don’t even download the maps. I use my phone for that. Not from a security standpoint, but just from a convenience factor.

Bryan Salesky

I’m surprised you even have a smartphone. Lot of cyber people carry flip phones.

Summer Fowler

I know.

Bryan Salesky

Do you have a flip phone?

Summer Fowler

I don’t. No, I have a smart phone, and I use it.

Bryan Salesky

Are you a prepper? Do you have a secure room with soup and-

Summer Fowler

My husband-

Bryan Salesky

… and MREs.

Summer Fowler

… is the prepper side of the family. Not me.

Bryan Salesky

Oh, really?

Summer Fowler

Oh, he loves it. Yeah. I mean, we don’t have a whole basement, but he’s the planner. He thinks through those things.

Bryan Salesky

He’s thought about evacuation routes.

Summer Fowler

He’s thought about evacuation routes. We have evacuation points-

Bryan Salesky

Have each-

Summer Fowler

… where we would go as a family. He does have water in the house.

Bryan Salesky

But have you done fire drills with your kids?

Summer Fowler

Yeah, absolutely.

Bryan Salesky

Like jumping out of windows and off the roof and stuff?

Summer Fowler

One scare, I have a middle kid. That just tells you that she’s a little bit trouble, so I have not let her jump out of a window, but we’ve talked about it, and everyone knows that her room is the spot that’s lowest to the ground, so that’s how you would get out.

Bryan Salesky

Oh wow. That’s cool.

Summer Fowler

Yeah, and they know where to go, they know what to do.

Bryan Salesky

Everyone should actually do this. They should have that conversation with their kids. We’re going through a big … We talked about safety, as in safety with the vehicle, but we also want to talk about just employee safety, tripping hazards, and don’t leave power tools plugged in, and basic things like that. That diligence should extend into everyone’s lives. You should have a conversation at family dinner some night, and just say, “Hey, what are the ways in which some things could go wrong, and talk through what to do.”

Summer Fowler

Internet safety.

Bryan Salesky

It’s a simple conversation.

Summer Fowler

Internet safety’s a big one.

Bryan Salesky

It is a huge one.

Summer Fowler

With kids.

Bryan Salesky

Yeah.

Summer Fowler

Yeah. We have that discussion a lot. We do a lot of, what would you do in this situation? We have a lot of fun with that.

Bryan Salesky

I backpatch you too. It’s good.

Summer Fowler

We do.

Bryan Salesky

Your kids are going to be great at doing failure mode analysis.

Summer Fowler

Oh, yeah.

Bryan Salesky

By the time they grow up, I mean, you’ve got them ready made for a position and safety or security.

Summer Fowler

Yeah.

Bryan Salesky

It’s fantastic.

Alex Roy

It’s funny you should say that, because, I live on the third floor of a concrete building because my father lived through World War II, and he said, “Hey look. Before I met your German mother.”

Bryan Salesky

Oh, shit.

Alex Roy

The Germans came … the firetruck ladders are limited to five, so five is high as we live now in America. Five, and also concrete structures, to which I added rope ladder, because you could …

Bryan Salesky

Do you have a rope ladder?

Alex Roy

I do. I do.

Bryan Salesky

It’s good for you, man. That’s great. Just in case.

Alex Roy

Summer, could you share with us, as part of our tradition, the craziest thing you’ve seen on the road?

Summer Fowler

I have a similar commute to Bryan. It’s about 45 minutes to an hour depending on the day. I one time saw, on 279 North in Pittsburgh, a woman with her leg stretched out the driver’s window. She was the driver, and she was shaving her leg.

Bryan Salesky

Oh my goodness. This is impressive. She’s very talented, but that’s also incredibly dangerous.

Summer Fowler

Yes. She was the driver.

Alex Roy

What was she using to shave her legs?

Summer Fowler

It was an electric razor. It might have been one of those new … I must’ve been one of the new kinds that don’t require water. I didn’t see any bottles of water

Bryan Salesky

This is why I’m a believer that there should be mandatory … As part of the driver education, you should be forced to sit through various crash videos-

Summer Fowler

Yes.

Bryan Salesky

… on YouTube.

Alex Roy

All right. Well, we should wrap this up. This was a really fun episode of No Parking with Summer Craze Fowler, head of security for Argo AI, and famed roboticist Brian Salesky. I’m Alex Roy. Summer, if we want to follow your adventures in security, I know you’re pretty active with social media, where should we follow you?

Summer Fowler

I am most active on LinkedIn.

Alex Roy

Yes, you are.

Summer Fowler

I love LinkedIn. I get a lot of information there, and I like to tweet my disdain about the Pittsburgh sports at @SummerFowler.

Alex Roy

Well done. Bryan, you’re not active on social median because, well, the hate mail you get or the love mail?

Bryan Salesky

It’s a security risk.

Alex Roy

Bryan, I’m trying to understand what’s the problem here? I mean, I know you’re a busy guy, so why would you want to spend time with someone and then make fun of them so much? I mean, you gave me so much grief about the air gapping thing.

Bryan Salesky

Well, I mean it’s a very esoteric thing to bring up. I mean, of all the space of possible hacks, it’s interesting that you keyed in on that one.

Alex Roy

All right, give me an example of another very esoteric technical thing you would not expect the layman or myself to know.

Bryan Salesky

No, I don’t know. I mean, the list is long. I mean, we can talk about cosmic rays, we can talk about tin whiskers. I mean, there’s all sorts of failure modes in electronics that can get pretty deep.

Alex Roy

Okay. I don’t know anything about a tin whisker. What is that?

Bryan Salesky

Oh, a tin whisker. This is beautiful. This is like when you learn about a tin whisker, and you have some electronics knowledge, this will make your hair stand on end. The fact that impurities in a printed circuit board kit, over time given the right conditions, it can actually start to grow crystal and structures that will short a circuit board and cause all sorts of failures.

Alex Roy

That sounds-

Bryan Salesky

Suboptimal.

Alex Roy

Suboptimal. All right, Summer’s going to be back because we like her, and I feel like we didn’t really … I didn’t get to ask all the questions I wanted to ask, especially about hacking self driving cars. I guess that topic will never get old, because there’s so many stupid ideas around. All right, if you can’t make it, Summer, maybe joining us as a guest host, is that true?

Bryan Salesky

Yeah, that’s right. She’s going to do great.

Alex Roy

Good. All right, let’s roll this up. If you want to learn more about the No Parking podcast, please check us out online at noparkingpodcast.com. You can also, please, follow us on Twitter @NoParkingPod. If you would like to be a guest on our show or know someone who’d like to be a guest, please E-mail me at alex@noparkingpodcast.com. Have a great week. We’ll see you next week.