Google’s decision to keep its self-driving vehicles off-line most of the time is wise and reflects the major trend in the IT industry called the “Zero Trust” security model.
The issue is that typical cybersecurity controls and how they are deployed are based on a badly outdated trust model. Your trust model determines what things you consider to be safe and not compromised by an attacker. Which users and devices do you trust and consider to be safe? Which networks do you trust and consider to be safe?
But the worldwide wave of data breaches shows that attackers have figured out how to get around these old trust models.
In data breach after data breach, hackers masqueraded as “trusted” users. The old, infrastructure-based cybersecurity controls could not see through the deception. The hackers were given access to corporate systems and could move around at will.
The reality is that no network, user or device should automatically be considered “safe” and “trusted.” The only safe approach is to adopt what is called a Zero Trust model. Forrester Research coined the term some years ago and continues to offer enlightening explanations of how it is being deployed.
Zero Trust means you assume the system or network has been compromised, nothing is to be automatically trusted, and then you plan to mitigate hacking damage when it happens. Google has in fact been an advocate of the zero trust security model for several years.
A successful hack attack on Google’s self-driving cars could literally be a matter of life and death. So it is smart to strictly limit how much potential access an attacker could have to the car’s systems by minimizing how often it connects to the Internet. On top of this, it’s a safe bet that Google is employing other Zero Trust security techniques such as end-to-end encryption of communication with the cars when it does occur.
Google’s cars are similar to the Internet of Things products everyone is talking about in technology circles these days. We have seen major data breaches associated with IoT lately, such as the wave of recent ATM system breaches. For example, a hacker group remotely attacked ATM machines in a dozen countries in Europe last year, forcing the machines to spit out cash.
We have helped a large number of banks and financial institutions to prevent such situations by adopting Zero Trust security. Our ATM network security solution enables banks to segment and isolate ATM traffic to block the types of breaches that have cost other banks millions of dollars.
We have also helped utility companies, healthcare organizations, governments, manufacturers and many others to protect themselves with zero trust security. Zero trust security is a worldwide trend touching all sectors now.