Close this search box.
Cyber risks of autonomous vehicles

EP 22: Cyber risks of autonomous vehicles

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

March 19, 2019

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about the cyber risks of autonomous vehicles.


Episode Transcript

Kip Boyle: Welcome to the Cyber Risk Management Podcast. Our mission is to help executives become better cyber risk managers. We are your hosts, I'm Kip Boyle, CEO of Cyber Risk Opportunities.

Jake Bernstein: And I'm Jake Bernstein, cyber security council at the law firm of Newman Du Wors.

Kip Boyle: And this is the show where we help you become a better cyber risk manager.

Jake Bernstein: The show is sponsored by Cyber Risk Opportunities and Newman Du Wors LLP. If you have questions about your cyber security related legal responsibilities-

Kip Boyle: And if you want to manage your cyber risks just as thoughtfully as you manage risks in other areas of your business, such as sales, accounts receivable, and order fulfillment, then you should become a member of our cyber risk managed program, which you can do for a fraction of the cost of hiring a single cybersecurity expert. You can find out more by visiting us at and

Jake Bernstein: So Kip, what are we going to talk about today?

Kip Boyle: Jake, today we're going to talk about the future because I think all cyber risk managers should think about what's next, right? What's coming at us from the future?

Jake Bernstein: Okay. What part of the future? That's rather broad.

Kip Boyle: Yeah, isn't it? So I'm opening up an entire vista of all possibilities, but today let's focus on the future of transportation. And specifically let's talk about autonomous vehicles because, there's a lot of cyber risk going on there and people may not realize just how much.

Jake Bernstein: Well, that sounds very exciting. So how far away do we think that this future is?

Kip Boyle: Actually it's here in part already. So Tesla, for example, this has been in the news for a long time because it has an autonomous mode or a semi-autonomous mode, which unfortunately, some people have been using to their detriment, but they just rolled out another update to their software so that autopilot equipped vehicles can take on ramps and off ramps to and from highways with complete autonomy. And so we're seeing this incremental improvement in the Tesla's ability to be autonomous, but in terms of broad deployment, I mean, we're really talking about five plus years maybe 10, maybe 30, I've seen different forecasts, but it's definitely creeping into our lives. And I think it's going to be one of those things where all of a sudden we're going to wake up and we're going to see autonomous vehicles on the road, kind of like rolling living rooms. There's going to be cushy seating and people are going to be not paying attention to the road at all, and we're just going to think, "This is the weirdest thing ever."

Jake Bernstein: Yeah, I think so. And one of the things I like about this topic is that, it really kind of drives home the point to our listeners and everybody that cyber risk management is relevant to everyone, whether or not you are in business or whether or not you are a CIO or a CSO, it doesn't matter. If you're driving on the road in the future, you care about cyber risk management, whether you realize it or not.

Kip Boyle: Oh yeah. And you're really going to care about autonomous vehicles and cyber risk. Because as listeners are going to realize, as we get through this, autonomous vehicles inevitably are going to have ongoing communications with other autonomous vehicles. That really isn't happening right now for the most part. And not only they're going to want to talk to other autonomous vehicles, they're going to want to talk to infrastructure and a lot of the cyber risk is going to come into play when the cars are talking to each other and talking to, for example, the freeway that it's on and the freeway is going to try to issue commands and ideas, give autonomous vehicles instructions to help deal with traffic on the road. And that's where it's going to really start getting interesting.

Jake Bernstein: Yeah. I think I've actually seen a number of companies pop up recently that focus on creating smart infrastructure to allow that to happen.

Kip Boyle: Yeah. So smart cities, we're starting to see that already. Wireless or even wired sensors, that feed information to central command centers so that they can know what is the vehicular traffic for any given road at any given time of the day and all that data is being stockpiled. So it's kind of in a read only mode right now, but it's actually going to start going read, write, where infrastructure is going to be able to be manipulated based on the amount of traffic that's rolling through a city, again for traffic control, centralized traffic control. So they might change the frequency of the red light, green light changes. They might dynamically, if you live in a major city or near a major city, you've probably seen these smart speed limit signs where they can adjust the legal speed limit of the road based on the volume of traffic. And so it's a lash up, right? I mean, these cars and this infrastructure, it's inevitable, they're going to talk to each other.

Jake Bernstein: Very much so, and it's something that people have said, and that you and I have talked about is that, today's cars are kind of rolling data centers. What does that mean to you?

Kip Boyle: Yeah. Rolling data centers, exactly. So, I mean, computers have been put inside cars for years now, and it all started with very, very basic micro controllers to do things like adjust the fuel air ratios in engines depending on what the needs of the engines are. And also thinking very much about emissions controls, right? So it's kind of started there and it's gone beyond that. So now, and Jake, you can talk to this, right? The newest cars receive over the air updates because they have built in LTE modems, and they're offering passengers hotspots, sometimes more than one hotspot, depending on front seat, back seat, I guess. And then other things too, like computers that will sense your foot on your accelerator, the brake pedal, steering wheel, and the cars are being controlled by electrical signals, not by hydraulics, not by mechanical linkages. And so everything's becoming electric, just like jet fighters became what they call fly-by-wire in the 1980s and the 1990s. Cars are going to drive by wire. If the latest models crosstalk trickle down.

Jake Bernstein: I think a lot of them already do.

Kip Boyle: Yeah, and then it's going to trickle down into entry level models, just like automobile innovations typically do.

Jake Bernstein: Right, right. And yeah, one thing we haven't talked about yet is the proliferation of cameras and sensors on these cars, even in relatively lower end or entry level vehicles.

Kip Boyle: Right.

Jake Bernstein: And when you combine that with the smart infrastructure, it's clear that our vehicles are becoming increasingly aware of the surroundings, but all of that is driven by computers and software, right?

Kip Boyle: Exactly, exactly. And so that means we're relying on the integrity of code and the integrity of microprocessors to do all that correctly. And if anybody's ever seen a blue screen of death on a desktop computer, you should know immediately what I'm thinking as far as, I do not need a blue screen of death on my car as I'm going 60 miles an hour down the road.

Jake Bernstein: No, that would be a suboptimal for the driving experience as they say. So, if we're moving, if we zoom out a second here and we look at where we're moving, we're moving from an era where cyber risks were largely a financial reputational risk to one where cyber risks are be becoming actual, physical risks to life and limb. I mean, isn't that what we're saying here? When cars are autonomous and are hackable, then you have a huge escalation in the way cyber risk affects people. Do you think that we're ready for that kind of reality?

Kip Boyle: Oh, no/ no, we're not. And before we dive into a very specific case that I want to explore, let me just say that in general, I think people's tolerances for bad behavior in the cyber realm is much, much higher than it would be in the physical realm and the best example of that is some of the things we're seeing now where, take Sony pictures for example, the Hollywood studio, which a few years ago was absolutely mauled digitally, right? I mean, their entire computing infrastructure was destroyed. They were knocked back into an age of typewriters, fax machines, and handwritten paychecks. And nobody really freaked out. I mean, people in the industry were freaked out, but we never scrambled F16 fighter jets. I mean, armed forces did not go on high alert, but in the real world, without launching a cyber attack, you would've had to have dropped a bomb or you would've had to have smuggled a bomb in and set it off to cause that kind of disruption to Sony pictures, and that surely would've been considered an act of war.

It would've been tantamount to a 9/11 esque type of an attack, but because it was all done with computers, people just didn't seem to be as affected. It just didn't really cause people to have the same emotional response. And so I paint that picture because I think what we're going to talk about here in a moment about, are people really ready for these life and limb physical consequences to these cyber risks. And I would say in the big picture, they're not, and in the smaller picture, they're not.

Jake Bernstein: No, I totally agree. And I think that looking at a specific example to kind of give people a look at what it would feel like to be a victim of a cyber attack on a vehicle, that's a much more visceral type of experience than I think kind of the Sony hack would be. That's a corporate inconvenience, and it was probably aggravating for those employees, particularly those who had to scribble out checks by hand, but we're talking about a whole different level here. So, let's take a look at this. I believe that the story we want to talk about comes from Wired magazine in 2015. So why don't you tell us about that?

Kip Boyle: Yeah. So there was a 2014 model year Jeep Cherokee that was driving down interstate 64 in the Midwest of the United States. And it was being driven actually by that reporter for Wired magazine. And part of what was going on there is there were some cyber attackers, which we euphemistically call them hackers, but I like cyber attacker better because these are people with ill intent, but it was a setup to demonstrate that this Jeep Cherokee could be hacked from over 10 miles away.

Jake Bernstein: Wow, 10 miles away. And I'm going to guess that if this involved the internet, there is no reason they couldn't have hacked it from 5,000 miles away.

Kip Boyle: Yeah, at that point, physical distance is immaterial.

Jake Bernstein: Yeah. So that right there, of course is a change if you don't have to be physically present. And that's very typical of the cyber risk, but people don't think of your car as being a cyber risk. And one thing that's really interesting is, we've been talking about the future and fully autonomous vehicles, but this is a model year 2014 vehicle, and it was not autonomous. So, what happened? How bad could this really be if the person was already in control?

Kip Boyle: Right, so it's a good point that you make that this was not an autonomous vehicle. This was a typical driver required type vehicle, but it's instructive because we don't really have autonomous vehicles on the road yet. And still, we had a situation where this computer intensive vehicle was being manipulated remotely driving 70 miles an hour down the freeway. I mean, this was genuinely dangerous.

Jake Bernstein: So what were they able to... So given that this vehicle was not autonomous, what could they do? Like, so what? You hacked my car, good for you? What does that mean?

Kip Boyle: Right. Well, they sort of started the attack with a low level of intensity and then escalated it. So, the driver, and this is a wonderful Wired article and I recommend it to anybody who's really interested in this, but at first the driver just starts losing control over basic things like the air conditioning system turns itself on and sets itself at maximum, right? So blasting cold air into the passenger cabin and then followed quickly by the radio being turned on to a hip hop station and being set to the maximum and volume, then the windshield wipers start to turn on, wiper fluid begins spraying onto the windshield uncontrollably. I mean-

Jake Bernstein: Okay, okay. Okay. So, at this point I'm already highly distressed. I'm probably convinced that my car is possessed. I think we've seen movies where... I think Ghostbusters has a car that gets possessed and goes off on a rampage by itself, but this is actually happening. And I think that the level of surprise and potential catastrophic reaction that that type of thing would cause is... And that's horrible to think about, and that's not even an autonomous vehicle, that's just a basic thing.

Kip Boyle: Right. Yeah, so this is a vehicle where you have a steering wheel, you've got pedals, you ostensibly have control. But I mean, I think with this case illustrates is that control is really an illusion. And so it might just as well have been an autonomous vehicle at that point because the driver had absolutely no control over what was happening. And then it escalated even further from there. So, the reporter is driving on the edge of downtown St. Louis. And so he's starting to enter into a highly congested space. And all of a sudden, he has no idea what's going on outside of his car, because he's so distracted by what's going on inside of his car.

Jake Bernstein: Absolutely.

Kip Boyle: And he couldn't make- He turned the knobs, pressed the buttons and all control was removed from him.

Jake Bernstein: So, this is damage that can be done without even affecting the steering, or the accelerator, or the brakes. But I assume that at some point, those things are all controlled by wire as well.

Kip Boyle: That's right. This was a very, a high end Jeep, and it had all kinds of really cutting edge capabilities. And so, yeah, I mean, it's all being electronically controlled by these computers. And the guys that were performing these remote cyber attacks, actually at one point, hijacked the navigation screen and put up an image of themselves just to kind of make the point that, "Yeah, you Mr. Driver are not in control anymore. We are in control. And yeah, we're looking at you right now." So, I mean, again, this was all part of a pre-planned experience for this reporter, but you read the article and it's clear that he still found it very disturbing.

Jake Bernstein: Yeah, very disturbing. I think... I mean, gosh, so how was this done? What was the deal with this? Is this a... Was there anything different about how they did this hack compared to any other type of hack or was it really the same basic set of concerns?

Kip Boyle: Yeah, it's really... I mean, from a concepts and principles perspective, this is not a great big leap for a cyber attacker. Remember we mentioned at the beginning of the episode that, cars these days are really rolling data centers, right? So I'm not positive about the Jeep, but you think about a Tesla. Typical Tesla has five Linux servers running on board as the car is sitting on the road. And so if I'm a cyber attacker, all I have to do is conceive that I'm attacking a data center.

The fact that it has four wheels, and tires, and an internal combustion engine or an electrical power plant makes no difference. All I have to do is find a way to talk with those computers and I can use all the same basic techniques and tooling in order to attempt a remote compromise. And that's really what happened here. The specifically what happened is that there is a system, it's actually an entertainment system that is connected to the internet, right? So the, idea here is that you're going to get satellite radio, you're going to get navigational assistance. You're going to get maps, and it's all going to be brought to you because your car is actually connected to the internet. And through the system called Uconnect. Now because they're crosstalk.

Jake Bernstein: And let's not pick on... Yeah, yeah. And not to pick on one manufacturer, but as far as I know, virtually all of them have some kind of system like this.

Kip Boyle: Yeah, that's right. Yep. Yeah. And this goes back really to OnStar. If you remember the OnStar introduction several years ago. It's this idea that if you got into an accident and your airbags deployed, a signal could be sent to a command center somewhere, the OnStar command center, and you might be incapacitated because of the severity of your injuries. But somebody knows that you are in a bad situation and they can call 911. And how do they know where to send the 911 emergency responders? Well, your car has a GPS tracker in it. And so they know exactly where you are and they can relay that information. So, these kind of began as life safety systems and convenience systems. OnStar could remotely unlock your car. If you locked your keys in the car, you could actually get the OnStar people to unlock your car for you remotely.

So it kind of started there and then it turned into entertainment. And the idea here, the specific hack in this case with the Jeep was, the cyber attackers were able to figure out the IP address of this one particular Jeep. And they were able to interact with it and gain access to the Jeep's entertainment system. The issue though, is that the system that takes steering wheel input, turns it into electrical impulses and sends it to the wheels, that system could be accessed through the entertainment system. It wasn't supposed to be, but these guys were able to do that.

Jake Bernstein: So really, all of the techniques and the strategies that we talk about on this podcast can be applied to these types of problems. Separation of duties in an organization means that you you don't concentrate too much authority in one person. Separation of duties in a vehicle would mean don't connect the steering wheel to the entertainment system. And ideas like that. So, given that these vehicles, and clearly this is not the future that we ended up having to talk about. It's just going to only get... It will mean more as more and more vehicles become more and more autonomous. But ultimately I think it's just as scary to know that right now, vehicles can be hacked and that hackers could disable key functions of your car as you drive it.

Kip Boyle: As you drive it, yeah, that's the thing. So when this hack was first demonstrated, there were some real limitations on what could be done, but as they continued to evolve their techniques, they were actually able to figure out new ways to do more to the vehicle. In the beginning, when they first started working on this, they were unable to affect certain systems like brakes, but as they continued to learn more about these obscure automobile systems, they were able to figure out more ways to work around the safety controls, to the point where they were able to take breaking control away from the drivers. And so-

Jake Bernstein: Well, that's not crosstalk.

Kip Boyle: So that's what happened. So let's go back to the wired article for a moment. So the reporter is entering downtown St. Louis, he's on the interstate, it's getting more congested, there's more and more traffic. And then the cyber attackers decided, well, I'm going to... We're going to disengage the transmission. So without any input from the driver at all, the transmission disengages from the engine, and that means the accelerator isn't going to do anything for you. So the RPMs are climbing as the reporter is trying to gain speed, but the Jeep doesn't have a transmission to send any power to the wheels. So it starts losing speed and it slows into a crawl. And if you've ever been in a lineup on an interstate with a slow person in the right lane, you can imagine what's going on. Cars are honking their horns, people are passing him at high speeds. And it's getting really, really bad. I mean, he's getting paralyzed on the freeway. At this point, he freaks out and he's in contact with the cyber attackers.

And he says, "Okay, knock it off. This is becoming a very dangerous, real world, dangerous situation." So the reporter pulls off to the side of the road, turns the car off, turns it back on. And so the systems kind of reset themselves. And it, this point, he said, "I'm not doing any more of this testing on the interstates, let's go to a safe place." And so they went to a parking lot and at low speed, remotely, when the vehicle was at a lower speed, they could actually stop the engine. They could abruptly engage the brakes, right? To have the Jeep skid to a halt. They could disable the brakes completely. Again, these are at lower speeds. At higher speeds, there are other there's other safety functionality in the Jeep that keeps breaks from being disabled at very high speeds. But you can imagine what this would be like, if all of a sudden you didn't have brakes, even at a low speed, you can still get into a lot of trouble.

Jake Bernstein: You really could. And if you think about the security of these vehicles and kind of the nature of them, any potential hacker has an unlimited time to buy a car and start poking at it and figuring out exploits if they want to do that. And you talk about ransomware affecting businesses, now. You can imagine a group saying, "Hey Ford, we're going to shut off all cars made in the year 2021 if you don't pay us 50 million dollars." And that's a cyber risk that is relevant to the business, but also everyone who is driving those cars.

Kip Boyle: Right, right. What if you're in business and you have a fleet of delivery vans, and all of a sudden you get a message one day that says, "I have disabled all your delivery vans." Because by the way, you've bought all the same make and model, and they're all within a couple years of each other, and they're not going to give you control of your delivery fleet back until you pay that ransom.

Jake Bernstein: Yeah no, I mean, so the interesting thing about that of course, is that on a conceptual level, there's nothing at all different about that. On a practical level, it's a fundamental shift in the type of effects that cyber attacks can have on businesses. Sony, pardon me, Sony was able to kind of trundle along on a primitive kind of basis for a while when they were hacked, but you think about a small business that does deliveries with no vans. I mean, you're going to have to go get backup vehicles or walk. Neither of which are going to be particularly practical, so.

Kip Boyle: No, I mean, there's not a whole bunch of delivery vans just sitting around waiting for you to say, "Mine don't work anymore."

Jake Bernstein: No there aren't. And you know what this is is the escalation of the cyber into the physical. And I think that you look at the amount of code in vehicles, the amount of potential exploits, there's always going to be zero days. So even when we go autonomous, and even when all of these... When every car is a rolling data center, as opposed to just maybe half, if not three quarters already by now. There's no avoiding this. So, what kinds of cyber risk management steps should we take as... Obviously, we're going to, we're going to demand that our vehicle manufacturers take cyber risk steps, but what about car owners? Is there anything that they can do to keep on top of this or do anything to keep their own cars safe?

Kip Boyle: Boy, I've done a lot of research into this space and the truth is, and I would love for our audience to chime in here and send us some feedback. But I don't really see a lot of opportunity for car buyers to manage the risks in the vehicle themselves. I mean, these cars are not like general purpose computers where you can buy a general purpose computer and say, "Well, I'm not going to run Windows. I'm going to run Linux and that's how I'm going to manage my risk." Or, "I'm going to buy a Mac." Or whatever. And even if you stick with Windows, you have a lot of configuration control over the Windows platform. You can implement application white lists, you can strictly limit the amount of administrative privileges that you give to the users of your computers.

But the vehicles are very, very different. You really are kind of depending on the factory to have all this stuff correct. And if they don't have it correct, then what's going to really going to happen is that you're going to be subject to a recall. And that's exactly what happened to these Jeeps. Shortly after these remote attacking capabilities were shared with Chrysler, with Fiat Chrysler and they agreed that this was an issue for these model year Jeeps. They actually issued a recall. And so that's how owners of these Jeeps were able to get their systems replaced. And we're talking about a million and a half vehicles. And I don't know about you, Jake, but when I get recall notices in the mail, I look at them and I don't always act on them. And it kind of depends on what it is.

And so even if you issue a recall, that's voluntary, right? People are going to bring their vehicles in. They're going to make time in their day, and they're going to bring the vehicle in, and they're going to say, "Yeah, fix it." But I would bet the vast majority of the vehicles are never brought in for the recall.

Jake Bernstein: It's kind of the IoT update problem, right? Except now we're talking about your car that you drive, as opposed to a video camera, that's watching-

Kip Boyle: You can think of your car as a participant in the internet of things. It's a very expensive thing with a lot of destructive capacity if it runs into something, but really that's what's going on here is, it's just like buying a USB web camera. I mean, you really have very little con control over it. You're depending on the manufacturer to deal with it. Now Chrysler, one of the things that they did in order to manage the cyber risk here is they launched a bug bounty program. Which, what that means is that they're saying to the world, "If you find a bug in any of our automobiles or support systems, report them to us, and we'll pay you for responsibly reporting that bug." And that's considered to be a best practice these days.

But we recently have seen some people being convicted in court because they participated in bug bounty programs. And while they were reporting bugs to the manufacturers and collecting bounties, they were also selling these bugs in advance in the black market for attackers and giving them more information than they were giving the bug bounty offers. So by no means is this a certain way to deal with it. The Department of Transportation is publishing policy and guidance to automobile manufacturers about how they should be dealing with these cyber risks, but they're a typical regulator. They're kind of behind the curve. They're really not in a position to be able to provide a tremendous amount of preventative oversight. They're kind of watching what the manufacturers do and they're trying to... Kind of put up some guardrails, but I think there's some real limited value there.

Jake Bernstein: So it's going to be fascinating, right? Because your next car purchase might be driven just as much by that manufacturer's cyber- The quality of their cyber risk management as it would be the way their car looks and drives.

Kip Boyle: Absolutely, absolutely. And even your insurance company, if you called your insurance company today and said, "Hey, what kind of coverage do I have if my fleet of delivery vehicles gets bricked? Are you going to cover me for loss of revenue? Are you going to provide me with replacement vehicles?" And I would be amazed if you had coverage for any of that.

Jake Bernstein: Well, that's a- And I mean, you just raised a very good question, and this goes well beyond the scope of our podcast, but part of cyber risk is always insurance. Cyber risk management is always insurance and there's going to be a great number of questions. If your autonomous vehicle glitches out and hits something, who pays for the insurance claim? Is that your insurance? Or maybe it's... I mean that boggles the mind. Honestly, when you think about that.

Kip Boyle: And the insurance industry, I've talked with several carriers and they're trying to figure out how they're going to adjust, because one of the benefits of autonomous vehicles is supposed to be a decrease in the amount of collisions. Well, if people aren't colliding as much anymore, then the claims rate is going to go down, which is good. But then that means people are probably going to expect to get cheaper rates on insurance. And so we're going to actually have to deal with a shrinking, a potentially shrinking insurance industry, but then you've got all these other risks that are going to emerge, which we've talked about, for which there's no coverage today. And for which insurance companies have no idea how much to charge for that kind of coverage.

And then in the beginning of the podcast, we were talking too about let's talk about autonomous vehicles and you're going to see vehicle to vehicle communications, you're going to see vehicle to infrastructure communications, right? We're going to see a case where autonomous vehicles are going to be told by a metropolitan area, "Hey, you guys are approaching a congested zone. I want you five cars, you two Jeeps and I want you the Tesla, and these other two cars, I want you guys to get into a platoon. I want you to actually line up in a single lane. I want you to maintain the 20 foot minimum safe distance between you. I want you to synchronize your speed to 45 miles an hour. And I want you to maintain this pace and distance for the next 20 miles. And I'm going to get you through this." Oh, that sounds like heaven to me as a car driver.

Jake Bernstein: I like that. That sounds good.

Kip Boyle: But how do you know that was a legitimate command?

Jake Bernstein: I don't know. I mean, that's a good question. There's all... And that's just one example. I mean, you think about... I don't think it's at all that far away where you have... I mean, imagine basically citywide nets of AI type software that is trying to maximum and optimized traffic flow. There's going to be billions of commands flying around every moment of every day. You're going to have to figure out how to make sure those are authentic and real.

Kip Boyle: That's right. So all the problems we have today with knowing... If we received a message from somebody on our computer, is that a legitimate message or is it a business email compromise? How do we know? How do we know that when one computer talks attacks another? Well, it turns out that the attacking computer was just being used by somebody who was attacking through that computer. So who actually attacked me? Where did it come from? We don't know. Attribution is very, very difficult. So all of these current problems that we're having here with computers that we use today, there's no reason to think that those problems are going to go away in a world of autonomous vehicles where cars are talking to each other, and they're talking to infrastructure, we need the same kinds of protections there that we need in our webcams, and baby monitors, and smart refrigerators, and all that stuff. All of that has to go into autonomous vehicles.

Jake Bernstein: Wow. Well, that is a... I mean that, I think that's a really... This whole episode has been a very instructive look into how cyber risk management is spreading to, I'd say most, if not eventually all industries. I have a lot of clients these days who I'm starting to reclassify them, at least in my own head, as data companies. And I think that what we're going to see is that many, many companies are going to be effectively reclassified as data companies, whether they're doing it-

Kip Boyle: Deliberately or not.

Jake Bernstein: Deliberately or not is... You're going to need data to run the next revolution, which as we know, is artificial intelligence, which is based off training computers, using data, which means that you need that data.

Kip Boyle: There's a whole other episode for us then too, to talk about what are the cyber risk implications of artificial intelligence and machine language? But we'll talk about that another time.

Jake Bernstein: We will, that will go up on our list. So I think that should wrap up today's episode of the Cyber Risk Management Podcast. And today we talked about autonomous vehicles and the absolute importance of cyber risk management in the whole transportation industry. We hope you enjoyed that and we'll see you next time.

Kip Boyle: All right, bye. Thanks everybody for joining us today on the Cyber Risk Management Podcast.

Jake Bernstein: Remember that cyber risk management is a team sport and needs to incorporate management, your legal department, HR, and IT for full effectiveness.

Kip Boyle: And management's goals should be to create an environment where practicing good cyber hygiene is supported and encouraged by every employee. So if you want to manage your cyber risks and ensure that your company enjoys the benefits of good cyber hygiene, then please contact us and consider becoming a member of our cyber risk managed program.

Jake Bernstein: You can find out more by visiting us at and Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).


Jake Bernstein
K&L Gates LLC

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.