Fallout from the Uber data breach scandal is being felt across the industry. In an effort to beef up cybersecurity, researchers are exploring AI solutions. This was a hot topic for the Future of Automated Transportation Panel at Toronto’s recent AI World Forum.
Uber came under scrutiny this November for delaying disclosure of a data breach involving 57 million passengers and drivers. The company’s Chief Security Officer Joe Sullivan, attempted to appease the hackers with a US$100,000 payout and was fired as a result.
In the AI World Forum discussion, Fengmin Gong stressed the danger of scale involved in such a breach: “With platforms there’s an amplifying effect, and anything you do will affect many people.” Gong is VP of Research and Info Security at China’s ride-hailing giant Didi Chuxing.
In 2016, Didi Chuxing bought Uber’s China operation for US$7 billion, consolidating its domestic monopoly. Uber’s recklessness in the recent hacking scandal has served as a warning and a lesson for its Asian counterpart.
Gong’s department deals with 25 million rides and processes 4,500 terabytes of data per day from its 440 million users. His role is to protect the data from cyber attacks. Gong has worked with Charlie Miller, the hacker-turned-vehicle-security-architect who proved his prowess by remotely hacking and immobilizing a Jeep Cherokee on a St. Louis highway.
As vehicles increasingly automate, cybersecurity is emerging as a priority for the auto industry. “In today’s transportation, from autonomous driving to connected and smart transportation, every layer is introducing more technical complexities,” explained Gong. As a white-hat professional, he foresees myriad system loopholes opening as self-driving cars link to centralized cloud platforms, augment with human-machine interaction applications, and connect to other transportation networks.
Didi Chuxing categorizes the threats into four areas: data security, program security, network security, and most importantly traveler and pedestrian security.
At an event in China last year, Gong laid out his white-hat philosophy in more detail: “Core business must be unified and practiced in a closed loop. Security defenses are shifting into uninterrupted, large-scale monitoring and are using big data and AI to detect threats and anomalies. In short, this means deploying distributed security detection systems for centralized data analysis.”
Businesses can use machine learning and cloud data collected through end-devices to analyze and learn from malware patterns. As the model learns it will become more robust in its future preventive measures.
Gong proposes an “ecosystem approach” to cybersecurity in the age of AI. “It’s key to build protective layers around key businesses, and streamline transactions, data, user information, and operation procedures to protect them as a whole unit.”
Journalist: Meghan Han | Editor: Michael Sarazen