[01:26] Introducing Our Guest, Stacy Janes

Rachael: We have the head of cybersecurity of Waymo, Stacy Janes. I feel like we have the most amazing guests and I love autonomous vehicles. 

Stacy: No, thank you for having me. If I tend to ramble, you may have to cut me off. But it's a super exciting topic and it's a super new space, and I'm excited. I'm excited to be here and chat about it.

Rachael: Well, you've been in the industry a while, Stacy. I mean, do you want to give folks a little bit of scope of your background, and then we'll catch up to today?

Stacy: Sure. So I actually got into security in the '90s, so I've been kicking around the security space for a while. I was originally a developer for PKIs, when PKIs were just emerging. So back when the PKCS stuff was being written and S/MIME was being drafted and that kind of thing, so I've been around for a while. 

Then I did some consulting, if you were going to team it now, it'd be like more of a blue team thing. A lot of on the defensive engineering side, but I always took a, "How would someone attack this?" kind of mentality. And doing that was great.

Eric: So you were on the blue side. You were on the blue team effectively, but you took almost a red team approach to it.

Stacy: I did. I can tell you, if you don't mind me going back a little bit further. So cars are central to almost how I made most of my life decisions, except for probably getting married. This is weird, because it wasn't on purpose, but I'm a huge car guy. 

How Stacy’s Fascination With Alarm Systems Started

Stacy: So what ended up happening is I graduated university. I have a degree in computer science, so I go to work for this telecommunications company at the time. I buy my first car, and I spend a fair bit of money on it. My wife and I buy our first car, and I spend a fair bit of money on it at the time. This is the early '90s. So, cars didn't have key fobs, they didn't have immobilizers, so all the alarm systems were all aftermarket. I lived downtown. We lived in an apartment building, so I wanted to buy an alarm for this car that I bought. 

So I go out, I figured you'd just buy alarms. Of course, you start looking at it, there's all kinds of options, depending on what you want. And you can turn an alarm into a pretty expensive thing. So I decided to look at it, "Okay. How do cars get stolen? And specifically, how does a car like mine get stolen?" 

So I started talking to alarm installers a lot on the side and trying to figure out. There was no Google at the time. I mean, we're talking like '93. So, in '94. I started looking at, "How would you steal this thing? And then what is the result of it being stolen? It's insured, but my insurance would go up. The insurance would only pay for so much," and all this kind of stuff. So I started valuing the asset, figuring how much this asset is worth. I'm not even realizing that I'm doing this, I'm just going through this process.

Stacy Learned How to Steal a Car

Stacy: So then I figure out, "Okay, how does this asset most likely get compromised or stolen? What things do I want?" And then I go through and weigh off, "These are the features I'm going to buy in an alarm system, and these are the features that I'm not." 

When I finally get through that whole thing, which took probably too long. I ended up being fascinated by the idea of learning how to steal a car so you can protect the car. Also, I learned a lot about stealing cars, probably more than I should have known. 

So the project that I was working on at work had a security component that nobody had taken on yet, and I signed up to do it. I mean, we're talking 56-bit days, right? But everything was new, and that got me into the idea. So when I started getting more into cryptography and the idea, I quit my job and went to a security startup. So if it wasn't for trying to buy the alarm system, I probably never would've ended up here, right?

Because when I talked to a lot of people at security, they were video game hackers and stuff like that. But for me, it was car theft, is what got me into it. 

Eric: So, Stacy, I have a couple of questions. What kind of car are we talking about here? 1993, you said?

Stacy: It was '93. So the car was a Mazda MX-6, fully decked-out, CD player in the trunk. I mean, this is the '90s, right. Leather interior. So I didn't buy a Beetle as my first car. 

The Usefulness of a Club

Stacy: It had custom wheels and all this kind of stuff, so I spent way too much money on my first car. So it wasn't a Ferrari or a BMW, but I was fresh out of school. And that was a big car. 

Eric: It wasn't a Ford Fiesta, either.

Stacy: It wasn't a Ford Fiesta, no. I absolutely loved this car. But yes, like I said, this decision around how to steal it got me into, "How is someone going to steal this thing whenever I'm working?" whenever I worked on anything. It always stuck with me.

Eric: I got one more question for you, then. Did you buy a club in the process? Remember the club back in the day?

Stacy: No. So here's the thing about the club. The usefulness of the club is really to chase the person who you caught trying to steal your car. So I just come to people, and I don't want to pick on the club before these guys come after me, "How do you circumvent, not only what things do you put into the car to protect it, but how can people circumvent it?" 

So if you put a club on a steering wheel, but somebody cuts your steering wheel and just pulls the club off and throws it at your window, then they get the entire car, less a good steering wheel, right? And there were other things.

Eric: And maybe a window that won't roll.

Stacy: And maybe you won't be able to roll it down. But I went through this whole process of, like, "How would you defeat an alarm system?" right? You smashed a bulb, you ground it. The bulb was hooked to the alarm system.

From Car Theft to Red Teaming

Stacy: It pops a hole because you'd end up grounding it, a power source that the alarm system is hooked up to. I went through all these iterations, and so that whole process always stuck with me. I guess it's blue team work. But when I was doing security engineering work, when I was creating security-related products, it was always, "How is someone going to try to circumvent this? Are they going to use what I'm creating against me, right? The alarm system caused the lights to flash when the alarm was going off. Well, can you use that, the fact that light goes off, to attack the alarm system itself?" Anyway, that's how my story got created. 

Like I said, I was in security for a fairly long time, and a friend of mine worked for this company that did media and he said, "You know what? Our red team is looking for an opening. Do you want it? Instead of thinking about attacking things to defend them, just go attack stuff." 

That seemed more my style anyway, so I ended up red teaming for a while. And so that was completely fascinating because I was doing it in the media space, which is a very active security space, obviously. So what ended up happening was, you go to DEF CON every year, and because of my interest in cars. As cars started getting connected to the internet, I started going to Car Talks. Not as a professional interest, because I was doing media stuff, but as a personal interest. This whole idea of a car becoming connected to the internet, and then people trying to attack cars. 

How Stacy Got to Waymo

Stacy: As that went on, you could see that they were getting closer and closer, they were discussing new things and it looked like it was going to be more and more likely that this was going to happen.

I contacted someone in the product team of the organization I worked for and I said, "I want to pitch to our executive staff that we should get into this industry." And we put it together because. And I went to this person just mostly because I had to create a business case and I had no idea. I had no idea what a TAM was or anything about markets. I'm looking at this sheet that you had to fill out, I'm like, "This is not even English to me." 

So I go through all of this, we put it together, the executives give us a little bit of money to try to get into it. In the end, we end up getting involved in the automotive industry through security. So again, it was my interest in cars that changed my career direction. And through all that that went on, as that grew, I ended up getting contacted by Waymo. So I ended up at Waymo because of a love of cars that I had in the '90s. It’s how you can trace it back.

I always said, "Hey, my career would wander, then a car thing would happen and it would bring me right back on." So, yes, it was a bit meandering, but that's how I ended up where I am.

Eric: And now you're in one of the most innovative automotive companies in the world.

Stacy: Innovative, absolutely. I can't even describe it. So we're not an automotive company, we're a technology company. 

[11:24] Waymo Autonomous Vehicles

Stacy: So, people, when they think of Waymo think of a self-driving car, and that is actually not what we do. We build a robotic driver, an autonomous, robotic driver. So if you look at our fleet, we have these trucks, our driver can drive a truck. We have a Jaguar I-PACE, our driver gets to drive a Jag. It's not bad. We have the Pacifica minivan. So the Waymo driver is separate than the car, but it's a robotic driver for the car. So we're a technology company in the autonomous space.

Eric: And we're not putting physical robots in the driver's seat, you're using the technology to automate the driving experience of autonomous vehicles.

Stacy: Correct. Yes. So it's not like a biped robot or something like that that chauffeurs you around. The robot is broken up across the car for best placement of its ability to sense its environment and that kind of thing.

Eric: So what are your biggest security concerns or risks there?

Stacy: Well, I mean, the big thing that everybody talks about. It's even in the connected car space, but especially in the autonomous space is that you end up having these connected fleets of autonomous vehicles. So anything that's a fleet-wide. This is the thing that movies are made out of, books get written about. Somebody can pick up some tablet and hack, as it were, a whole bunch of cars. So that is obviously the major thing that everybody has their eye on. Now, we spend a lot of energy protecting against that, but there's a whole bunch of other things. Anything that's safety-related.

Waymo’s Risk-Based Process in Building Autonomous Vehicles

Stacy: The safety team, based on our safety framework, ensures that what we're putting out there is a safe product. And the security team's job is to ensure that what the safety and engineering teams did sticks. So we have a whole way of prioritizing things. 

Our whole process is a risk-based process for evaluating what are the risks, being able to prioritize what we focus on so we don't try to boil the ocean. We work our way down through the stack. So we look at what things are just general, across the fact that it's a connected automobile, but then we look at what things are specific to it being a robot. 

A robot for our use cases, because we have Waymo Via which is our trucking side. We have Waymo One, which is our fleet side. The threats there are actually different. So we have to think about these types of threats. Think of it as three layers of networks. So you have the car or the truck, or the minivan, whatever, and that has basically a few computer networks inside of it. They're connected for different types of networks. There's 20, 30, 50 modules inside little computers, embedded systems. That's how that vehicle operates. Then on top of that we have the Waymo driver that has sensors. 

It interfaces with the vehicle that it's driving. It talks to Waymo's cloud service, so Waymo's offboard service, and all these things also talk to each other. Then we have our cloud service. So we have a network on top of a network, on top of a network, and these things then communicate with each other. 

How Humans Communicate to Their Car

Stacy: Like you're asking Eric about a robot driving the car, a biped using the steering wheel, when humans interact with a vehicle, they're designed the way humans work. That you have a steering wheel, you have pedals. That is how humans put things into the car. Some cars have touchscreens, buttons, switches, all this kind of stuff.

The car then communicates with the human through gauges, through warning lights, through steering feel, through road field. So that is how that conversation goes on. When a human is operating a vehicle, it is this constant conversation back and forth. The car basically says, "Here's a little bit of embedded information about what I'm doing." Then the human will basically say, "Okay, now here's some inputs, go do this." But the Waymo driver, we don't use the physical control services, pedals, stuff like that. 

Our network talks to their network, which means that the amount of data that you can exchange is incredibly high compared to a human. If a human tried to process what our robot can process, they would never move. They would just sit there and their brain would turn red hot. So because of that, you have these advantages.

So you have to look at it from that point of view, "How could that network influence our robot? How can our robot network influence the vehicle?" Then we do the same thing with offboard things, and then sensors. So there's lots of data moving around inside of the system. We spend a lot of time looking at how this data moves, what effects it can have, what paths are appropriate. 

Waymo’s First Principle

Stacy: How can you detect things that aren't correct, how can you stop things that aren't correct, how can you ensure that if something incorrect shows up, that it can't have a negative effect. So it's a network to talking to a network talking to a network, and that's just where we are right now.

Eric: I'm just trying to envision this and I'm with you on the speed. But I feel like the speed of risk is increased, too. You and your team have to be on your game, because there's so many points where a bad actor could say, "Hey, I want to mess something up. I want to create harm here." I know the safety requirements from the industry are super high on you. I'm thinking through the problem on the fly here, how would I red-team that? Where do you start?

Stacy: So it's not just red team here. It's not going in and say, "Hey, what did you build? Let's see if there's any bugs in it." We go to our first principles. Security by design, getting involved in the beginning. So I'm now having conversations with teams about the end of the decade. We have a way of measuring our risk that we use to prioritize it, and we use that to look forward. 

So not only do we have the Pacifica, but leading up to the I-PACE with Waymo's fifth-generation driver. We look at, "How is that going to be different? What new things do we need? What else do we have to put in there?" Like I said, Waymo Via again is different, "What things in Waymo Via do we have to add versus Waymo One, or do we have to prioritize some things differently?"

How Different Types of Threats Are Ranked

Stacy: Because like I said, it's all based on what someone's going to try to achieve. Obviously, we rank different types of threats differently. So anything that affects the customer directly is obviously highest. So safety is the highest, and then after that is data, integrity of their data. Then the things that can affect the company. You got your ransomwares and that kind of thing. 

We rank those, but we can look forward about, "This is how we think things are going to be. This is what we're playing planning for, these are how we think the threats are going to change. Then what do we need to build into the very architecture of the system to ensure that when you're planning for success, that thing is going to be secure?"

You're going to have parts of your system that are safety-related and parts of your system that you don't want to be safety-related. So you have to ensure they're separated properly. If you think about how web services are done, you got a web front end. Someone hack your webpage, you move some text around. Behind that you have an application server. That's where all the work gets done, and that's probably behind a firewall. Then you have another set of firewalls, and you have databases and all this kind of stuff. 

So there's a big difference between someone hacking your website and someone stealing stuff out of your database. The similar concepts of separation can work on safety systems, on the non-safety systems. There's things like, "Okay, if you're going do this kind of thing, you do it on the non-safety part, and that is properly separated from the safety part." 

Red-Teaming Is the Last Step

Stacy: So we're dealing with a complex machine just in the automobile. We're dealing with a very complex architecture when it comes to the Waymo driver, and then we have our offboard systems. So our red-teaming is the last step, but we get involved when everything is an idea. Even before it's a design. It's like, "This is my idea," it's like, "Okay, these are the things you're going to have to think about. These are going to be your requirements. This is the path we want you to go down. These are the things that you're not going to do."

Certain rules that, even if done property, presented an unknown risk in the future, so we're going to stay away from it.

Eric: I've heard you say two things that we don't hear a lot. One is secure by design, and I know, Rachael, Sudhakar from SolarWinds was really big on that after the breach. The team brought that to SolarWinds. Build it in from the ground up, from the beginning, which is something I don't hear a lot with customers, with clients, with partners in the business. Then the risk-based approach. I feel, in the industry, and Rachael, tell me you disagree here, we don't talk about risk enough. We don't analyze the risk and take appropriate decisions or make appropriate decisions based on risk-based calculations. I just don't see it.

Rachael: No, but we're also moving very quickly. I think what's really interesting in the automotive industry is, how long does it take to bring a car to market? I mean, you're already looking at the end of the decade, because it takes, what, six, seven years to even get the idea of a car, maybe longer. 

[22:32] You Can’t Scruple Security in Building Autonomous Vehicles

Rachael: To be working with automotive manufacturers and planning this, I don't know. It's just staggering to be having to plan that far ahead. But it's also amazing because you are starting with the right principles, which is so critical.

Stacy: Yes. 
If you look at it, when it comes to security by design, security is a thing you can't scruple on in the end. It needs to be ingrained, especially with something as complicated, as complex as we're making. It needs to be ingrained into the architecture itself, right? 

At the end, when you're dealing with such a complex [inaudible 00:23:08] with a physical system, you can come down to, like, "This wire can't exist," or, "This thing cannot talk to this thing." Or you need to understand, "What are your trust boundaries." "Can you move towards Zero Trust model with all of this? When things cross your trust boundaries, do you understand where they are? And what kind of data are you going to allow to cross these trust boundaries? How're you going to isolate things?" 

You'll never achieve what you want to achieve. You have to start in the beginning. If you're not taking with a risk-based approach, you're going to try to boil the ocean. This thing is not a small device. When you talk about the attack surface, it can be really broad. So you want narrow it down. You want to ensure that things just aren't coming in from everywhere, you want to control your data paths. It's going to get bigger. We've seen a lot of conversations, even in the connected car space, about things starting to talk to each other. So people are already talking about significantly expanding the attack surface. You need to be able to plan for that. 

Don’t Take Data From Strangers

Stacy: You can't just go, "Oh, that's neat. Yes, sure. Let's have all that stuff. I'll chat, and then we'll go in and we'll find dogs." I mean, I completely believe in red-teaming. It's an absolute necessity. We have a red team, but that's part of the equation. 

Even when I did the alarm system for my original car, I figured out, "How is someone going to steal it? What do I need to buy? How can I apply this?" I designed my security system for this asset before I bought a thing. Because otherwise, like I said, you buy it all, like, "Okay, that wasn't right." Or, "This didn't do what I thought it did." Then you're just going to go in and spend a lot of time wasting time. So things are too hard to change when you get really far down that road.

Rachael: The connectivity part is really fascinating, too, Eric. We were talking to the fellow with the connected infrastructure, with traffic data that was happening and how it was interacting with that app that I don't use. But it's adding this next layer of complexity, which is wonderful for us. I think, once they all start talking to each other and they work. But again, it's exponentially growing your vulnerability surface area. So are you guys having to then also work with these infrastructure companies? Or, I mean, am I making it more complicated?

Stacy: It is complicated. So, like I tell my kids, don't take data from strangers. So I understand that people are looking at this V2V, V2X, smart city, all this data to flying around, things getting other things. From a security point of view, from my point of view, you're dramatically increasing the threat surface. 

Waymo’s Tight Control on Data Paths

Stacy: So, let's say you create these massive PKIs or there's one big PKI, or a whole bunch of cross-certified PKIs. Everything has an identity and they all have keys. Just because the widget you created or the thing you created has an identity doesn't necessarily mean it's good. Just because you have a passport doesn't make you a good person, it just means you have an identity.

Basically, that's what a certificate is. It's a passport for a computer. Just because you can send me data and say, "Yes, I'm a roadside thing made by company X, and this is signed." I have no idea whether or not your company's been compromised or your widget's been compromised, or what type of thing this is. Whether your entire trust system's been compromised, whether or not you stole the certificates and keys off another device. 

The idea, like I said, right now, we have really tight control over our data paths. So Waymo cloud, the Waymo driver, a vehicle that we work with EOM on. We have very tight control over our data paths. That lets us design things, it lets us spend an awful lot of energy looking at this data, how it flows. We know exactly what's coming in, we know exactly where it's going. To expand that to something that's bolted to a post on the side of the road that's going to talk to the car, and have the car make a decision on that.

The Waymo driver is autonomous, it makes its own decisions. So I don't want to burst anybody's bubble, that they think there's going to be all this data flying around that's going to tell cars how to drive. The car tells the car, the Waymo driver tells the car how to drive. 

Expanding Trust Boundaries

Stacy: Even when we take our own data from our own servers, the Waymo driver is autonomous in what it does. So even we can tell one of our cars, "Do X," and the Waymo driver will go, "You know what? I have a tremendous amount of situational awareness because of all of our sensors. I'm looking at what you're saying, I don't think..." No, the car makes its own decision. When those conversations start in earnest, you will hear my name a lot because I will definitely be part of them.

Eric: I see it as expanding the trust circle. Is that a fair way of looking at it? I mean, the more you integrate, the more capability, the more trust that has to exist. Is that fair, or that's not the way you think about it?

Stacy: I would almost say you'd have to be able to achieve a large-scale Zero Trust network. To push the trust boundary out so it envelopes another organization, that can work if you work really closely with that organization. You understand your security practices, their security practices match your security practice. And you have faith in what they do. You understand their incident response, you understand their attack detection. 

So if you want your trust envelope, your trust boundary to surround somebody else's thing, you have to understand a lot of it there, that thing. If you want to build this huge infrastructure with all these things, I don't think that idea scales. Because what if you expand your trust boundaries so it envelops this other thing, but then their thing talks to another thing, right? Well, does that inherently mean that I'm more going towards a Zero Trust model? 

Understanding Data Security Practices

Stacy: The only way I think this works is to achieve this, where, "I understand you have data and I understand you have an identity, and I hear what you're widget is saying. But in the end the Waymo driver is autonomous. It makes its own decisions." There's some things that are more benign. If you have part of the car or part of the Waymo driver that's non-safety related. It's isolated from the safety-critical components and it talks to parking garage doors to get the door open. But if this thing was completely owned, it wouldn't have an effect on the Waymo driver's ability to operate safely. 

There's been more benign things like that. But anything that's driving-related, I'll want to see a lot of maturity in the conversation itself. Because if you say you don't hear a lot of security by design, you don't hear a lot of risk-based approach, it's absolutely mandatory that this concept of V2X, smart city, whatever it is, is based on those types of principles. You don't want what the current IoT world is for security. I mean, this is a security podcast, you probably have a lot of security people listening and they all should be nodding their head and goes, "Yes, we don't want to redo that," right?

If my internet-connected toaster burns my toast, that's one thing. If it steals all my Bitcoin, now I'm starting to get upset. 

Rachael: Right. Yes. That makes sense.

Eric: Yes, that's a good way of looking at it.

Rachael: And how could you trust the data anyway? Because you think about the infrastructure data, Eric. And for the life of me, I can't remember the name of that app. 

How to Be Safe Online

Rachael: I could never figure out how to use it, but I don't trust its traffic data, so why would you want a car reacting to something that may or may not be true? I'm just saying.

Eric: Stacy, I think we're referring to Waze, but don't look at me.

Rachael: That's the one. 

Stacy: I mean, I think we've all used a GPS at some point in time and your GPS says, "Turn right in 20 meters," and you're like, "That's a river." Because I've literally had that. Where I grew up it wasn't well-mapped, and it's like, "Turn right in 20 meters," I'm like, "No," right? 

So, that concept. When I was saying I tell my kids, "Don't take data from strangers," I actually mean that. My kids are probably sick of hearing about security and all of the threats of the internet, and stuff like that. But one of the things we do is teach our kids how to be safe online. We teach each employees how to not get phished. We spend a lot of time teaching humans how to not take data from things that they don't know, even if that thing has some identity, right? When you come to a navigation system, sometimes the navigation system makes a mistake.

It's something that's incorrectly mapped. So if the navigation system says, "Turn into this river," you don't automatically go, "Yes, let's go for a swim." You're like, "Eh, that's a river. I'm driving a car, doesn't match. I'll go find a road." We base some of the things that we do, we do a lot of work to get humans to the point where they can make good decisions related to cybersecurity, about being connected. 

We Need to Keep Training Humans on How to Protect Their Data

Stacy: We're not going to go backwards just because we're dealing with a robot driver. The same concepts we're going to double down on. Because a robot driver, basically, you train it, "Don't do this," and it goes, "Okay, I'm not going to do that." Humans, you keep training them, they keep getting phished, you train them, you fuzz them with phishing, they keep getting phished. You train them more, right? You try to get a better success rate. 

Eric: Yes, we're human.

Stacy: This is it, right? We're human. But we spend a lot of time teaching humans this. So from a robot point of view, like I said, all these things, the way that we approach things, you're going to want to ensure that that is a widespread approach or some equivalent approach. But you can't just say, "Yes, I got my cert and my private key, and here's some data." You're like, "Yes." It's like receiving a text message with a, "You just won lottery, click this link," right? It's like, "Delete."

Eric: Yes. Stacy, if you know, how much more capable are robotic drivers, autonomous vehicle systems, than a human? Have there been any studies on that?

Stacy: I don't keep track of things like that, so I wouldn't be able to give you a study or data on it.

Rachael: It had to be. Long-haul driving, for example, I think, right?

Stacy: One way to think about this. So, I moved to California from Canada when I started working at Waymo. And when I was in Canada, I used to as a hobby teach high-performance driving. So I would teach sport car owners how to drive safely at a high speed on a closed circuit, a race track.

[35:54] Going Through the Basics in Using Autonomous Vehicles

Stacy: So one of the things that we teach, because someone will show up and they're like, "Oh, I've been driving for decades." It's like, "Okay. So, the first thing we're going to teach you is how to adjust your mirrors, because most people adjust their car mirrors wrong." And it's like, "We're going to give you a better ability to see. What we're going to do is give you better situational awareness. We're going to seat you better and stuff like that." 

So you go through the basics, and then we teach them to look farther down the road. Most people don't realize how close they look to the front of their car. They're going around a turn and they're making small corrections because they're looking right in front. We try to get people to look really, really far, because their speeds are higher. Situational awareness is incredibly important. Especially in these closed circuits, cars can be operating really close together. Understanding where everybody else is and being able to predict what everybody else is doing. Super important.

So if you think of something like the Waymo driver with all of our sensors, the situational awareness that the Waymo driver has is extraordinary. Imagine that you had six or eight well-trained people sitting on the roof of your car back-to-back, and they're all looking outwards and they're all telling you at the same time. They're monitoring every moving thing around you, and they're predicting what that thing is going to do based on what that thing is. Because a scooter is going to operate differently than a cyclist, it's going to operate differently than an adult running. 

Using Your Peripheral Vision

Stacy: If you're driving down the road and you see an adult running on the sidewalk, you're like, "Okay, somebody's out for a run." If you're driving down the road and you see a child that's five years old, that's 100-something feet ahead of their parents, and they're running down the sidewalk, you're like, "Okay, this kid can dart it in front of me at any time," right?

But imagine being able to do that to every object that's around you for hundreds of meters at the same time. Just the situational awareness. No matter how much we train sports car drivers in what we do, we can't get them to look in both mirrors at the same time. You can with your peripheral vision, but you can only see so much. So, being able to see 360 degrees. The things that we try to teach people, like looking really far, looking hundreds and hundreds of meters. 

Or I guess here you'd measure it in football fields, but in hundreds and hundreds of meters in every single direction and picking up every single thing and going, "I know what that thing is. I can predict that with that thing. I understand those types of movements. So I'm going to predict what it's going to do and I'm going to react accordingly." The measuring it directly to a human, like I said, I'll leave that to people who do studies because it's going to be very situational. Because there's going to be certain things that it will do better. But there's certain things that it just simply can do better. 

Driving Autonomous Vehicles Is Safer

Stacy: When you're growing up, your mother understands when you open the fridge and drink right out of the milk carton although she's at the different end of the house. I have no idea how that happens, but that kind of sense, right? That kind of ability to find all this stuff. Yes, it's incredible to be able to watch. 

How much detail it can see at such a distance in every direction and make decisions on it. It's making decisions based on all these objects moving. It's not like you're looking at this kid running down the sidewalk and now you're focus-targeting this one person. Because you want to make sure that they don't run in front of the car. Meanwhile, you're not focusing on something that is directly to your left coming at you, like a bicyclist or something like that. 

So I know that doesn't directly answer your question, but it's how I think of it and it's how I see it. From the inside, we get to see just the situational awareness that the Waymo driver can achieve versus what I've seen well- trained sports car drivers, race car drivers be able to achieve.

Eric: Okay. So we're going to assume autonomous driving then is safer, faster than human driving, right? Just because it simply doesn't make the same mistakes humans make. 

Rachael: Plus, you take out driver fatigue, right? I don't know if the Waymo driver's dealing with the eight kids in the back who are all screaming, trying to get to the soccer match.

Stacy: Distracted drivers, drunk drivers, any kind of drivers, to texting drivers, angry drivers, tired drivers.

Rachael: Book-reading drivers.

Waymo Autonomous Vehicles’ Simulation

Stacy: If you go to waymo.com/safety, we have a few reports in there. One of them is taking accidents that have happened in an area that we operate in and then restimulating these. Because we have a tremendous simulation ability. We do billions of miles in simulation. 

So, putting that accident scenario into the simulation as the Waymo vehicle, as what they call the actor, the one who caused the accident, and as the responder, the one who became involved in the accident, and what the outcome was. Except for the scenarios where the car was just directly rear-ended in the real accident. The Waymo driver was able to detect that this thing was going to happen before the actual human that was involved in the real accident, and make adjustments to avoid it. It's a fascinating report. If you're interested in this space, you should check waymo.com/safety, and there's a reporting in there about the simulation. 

A car is coming across traffic, you have a green light. You're going through the green light, you're focusing straight. This thing is coming at high speed so it's still far away, and you don't see it coming close.

Well, whereas the Waymo driver, it's looking left and right at the same time, right? Well, that may be the answer. Take a little speed, give a little speed, whatever it is, but make an adjustment so you can avoid it.

Eric: So the real question everybody wants to know is, when will Rachael be able to sit in her car have a glass of wine on the way home from work, without having to do any work whatsoever?

Stacy: Well, I mean, except for the wine part, you'd have to talk to state regulators about that.

Autonomous Vehicles Are Now in California and Phoenix

Eric: There are certain things in this world, Stacy, I don't think we're going to cut out of this question.

Stacy: I hear you. So right now Waymo runs Waymo One service in Phoenix suburb of Chandler. If you live and work in that area you can basically have a commercial, no-human driver, fully autonomous vehicle show up, pick you up, take you out to a restaurant, take you out to a bar, take you home from work. Depending on where you live, that already exists. 

Now we're expanding, and we've recently announced San Francisco. We have now fully autonomous vehicles, not to paying public yet but that's coming, but operating in San Francisco. We've also talked about Downtown Phoenix and expanding there, so we're moving out from where we were. So, it depends on where you live. But yes, it does feel surreal, where the idea that right now some people who want go home from work or go to a restaurant can have a fully autonomous vehicle, no other human in the vehicle, show up. You get in, and you go to your destination, less the wine.

Eric: When you have clients that do this in Phoenix, what's the biggest concern they have? I'm assuming it's not cybersecurity, making sure their data's protected or anything like that, or is it? Or do they just pop in and go, because after you do one or two trips, you're like, "This is the way of the future, I'm just doing this"?

Genius Autonomous Driver on Autonomous Vehicles

Stacy: I mean, Waymo itself obviously talks to our customers, and I think they just pop in and go. We've served tens of thousands of rides in that area. There's always little things that you want to work out because you're teaching a robot. It's like raising a child, right? You're teaching a robot to interact in society, and there's always going to be little things. 

Eric: Except the children don't listen. They don't learn very quickly.

Stacy: Yes. The Waymo driver doesn't scream back at you and stuff like that. There's that.

Eric: What do you think, Rachael? Would you rather have a child in the car or just the autonomous driver on your way home or to dinner?

Rachael: I'd like to keep it quiet. Just the autonomous driver, the Waymo driver, please. Yes. It'd be pretty amazing. You guys had a blog from one of your beta testers on your website in San Francisco, and I loved how he was describing it. He gets in, he goes to work. I love that you can also schedule, I think, stops or something along the way, if you need to run errands.

I mean, how genius is that? And you don't have to worry about parking. I mean, I wish I'd had this when I lived in New York City. I had a Fiat, the smallest car you could possibly have, and I still had trouble finding parking.
Stacy: Yes. I mean, well, if you look at something especially in cities like San Francisco and stuff like that, parking is impossible. One of the people who works for me, he lives in San Francisco and he's like, "Yes, I found an awesome spot to park my car, it's like six blocks away." 

[45:58] People Are Enamored by Autonomous Vehicles

Stacy: And I'm like, "Okay." So parking is hard, navigating the city is hard, just because there's all those things you have to worry about. So, being able to hail a vehicle, it shows up, there's no other human in it. You can sit in the back, you can put on your music, you can sing along to the song. You don't have that, "Do I need to start a conversation with the person driving the car? Do I not? So I don't want to."

Rachael: Exactly. Yes.

Stacy: So, yes. It's fascinating. One of the fascinating things about it is that, at the beginning people are just enamored by the fact that it's a self-driving car, but that quickly goes away. And you can sit, you have that peaceful moment, or your music blasting and you singing Roxanne, however you work and roll, right? I mean, I can't sing in a car with another human, because anybody's ever heard me sing, I pity them. 

Eric: Is the Waymo robotic driver programmed to tune your voice out, though? I mean, that's a legitimate question, right? I think a lot of people will get in the car and they'll be on the phone for work or something personal, boyfriend, girlfriend, you name it. I'm assuming there's some consideration for recording internal conversations and protecting that information. Or it's never even recorded.

Stacy: Waymo has a privacy team to interact with Waymo services voice-wise. You can call out of the car, right? There's a button that you press and you can talk to someone offboard. But yes, we take privacy very seriously. I mean, like I said, we have a privacy team and they mandate all of that. 
 

How Can We Get More Diverse Talent to Help Build Autonomous Vehicles?

Stacy: From my point of view, the security team is to ensure that the rules that the privacy team set up to protect privacy data actually hold, right? It's like safety. Our job is to ensure what the other teams decide sticks, whether it's privacy or safety, or whatever. The thing that they wanted to have happen has to continue to happen, regardless if some malicious outside actor decides that they want to alter it. So from a security point of view, that's how we address that.

Eric: Okay. So, Rachael, I know we're near the end of the time. I want to save the last question for you, and it cannot be, "When does Waymo come to Houston?" Stacy, that's where Rachael lives.
Rachael: There's some terrible drivers here, Stacy. Well, I would like to come and end the conversation on security talent. I think as we look at more and more industries like automotive and schools putting together curriculum and things like that, to get more the next generation up into the industry. I mean, what are you guys doing or how do we get some better talent or more diverse talent into the security industry so we can do these things bigger, better, faster, and all the things?

Stacy: It's definitely a struggle finding talented people, in many of the technical fields. There's so many unfilled positions out there. Especially, the more things become connected, the more cybersecurity talent they're going to need, the more people need to adopt sophisticated frameworks to ensure what they're doing is right. So, in fact, my oldest son has now started university and he went into computer science, and he was offered two specialties. 

The Amount of Talent We Need Is Growing Faster Than the Talent We’re Producing

Stacy: So, he took machine learning over cybersecurity. Maybe it's because I talked about it too much at dinner. But they're both areas that need a lot of attention. And groups are coming up, like Women in Cybersecurity groups, and even going to DEF CON and just networking and finding people. It can't just be a, "Hey, apply here." 

We have to put a lot of energy into it to ensure that we're getting exposed to the talent that we need. Because, yes, the amount of talent that we need is growing faster than the talent that we're producing.
Eric: We almost need the Waymo robotics security professional. Someone's got to drive that angle.

Stacy: Oh, I mean, we talk about it, but we have really high bars for entry, obviously. My team is incredibly, incredibly talented. I'm just happy that they let me share a room with them sometimes. So it's being able to find and tap into that talent because lots of other industries are trying to tap into that talent as well, right. Yes, it's a challenge, and it's going to be a challenge. We want the schools to get people involved in the industry, and always look at the latest and greatest technologies and the, "Don't just teach them that DES is shorter than AES." And not that they do that. But yes, it's a challenge.

Eric: Yes. Yes. Unfortunately, it's our challenge and it's been getting worse. You've been doing this since the '90s, it's been getting worse and worse, and worse.

Stacy: And the more you connect things, the more those things enter inside of that attack surface, right? So everybody is going to need cybersecurity talent. 

The Positive Part

Stacy: Elevators, everything from large-scale IoT things that could have safety applications, like ranges and anything that produces heat and stuff like that. So, all of these people are going to be looking for this talent, these are the people you're competing against.

Eric: Well, the positive part, if we have a robotic driver, we could theoretically work from the car more and we can get more productivity out of some people, potentially.

Stacy: Well, I mean, since COVID, things have changed so much with work modalities. But yes, their commute is still their commute, and how they want to spend it. I mean, for years, my commute was always I would take my first call in the morning in the car, right? And it's super distracting because you can't see stuff and you can't really interact with the phone. There's lots of distracting background noise and all this kind of stuff. So, yes, there'll be different ways. Some people will be singing Roxanne the whole way to work, and some people will probably want to sit down with a laptop and get on with their email or whatever, but it gives those choices.

Eric: I cannot wait to see the future.

There’s Hope in the Next Generation

Rachael: Yes. I'm hopeful, though. Cybersecurity, I mean, it's prime time. You can't go a day without hearing more about the cyber challenges, the global cyber challenges. So I'm hopeful with that kind of visibility, that maybe that's sparking some excitement for this next generation that's coming up. And they're starting to hack their connected toys. I'm reading about these kids, six years old, hacking their toys, it gives me a lot of hope. A lot of hope for the future.

Stacy: Yes. Like I said, a lot of people that I interview got into security, I always go at them with, like, "What's the story? What got you here?" I mean, and it's never, "Oh, I thought, 'Security. I could make a lot of money, so I got into security.'" It was, "I started hacking video games since I was a kid because my parents wouldn't buy me this thing," or, "I started doing this," right? And it's the same thing. They start tinkering, there's something that gets them interested in that mindset. For me, it was stealing cars. Well, the prevention of car theft.

That's going to be a weird quote. Then you start manipulating that thing, and all of a sudden you're hacking things. And that becomes fascinating, and then that takes you down that road.

Rachael: Thank you so much, Stacy Janes, for joining us today. This has been awesome. Awesome. I learned a lot. Well, to all our awesome listeners out there, thanks again for joining us this weekend. Don't forget to subscribe. You get a fresh, fresh episode every Tuesday, directed right to your email inbox. So, from all of us here, next time, we'll see ya. Hope you stay safe until then.

About Our Guest

Stacy Janes is a self-starter with a passion for cyber security. Co-Founder of Connected Transport Business Unit at Irdeto. Evangelist and active speaker on cyber security for the connected transportation space. Strong and demonstrated technical history in cyber security areas such as PKI, authentication/authorization, end-point security, and ethical hacking. Proven history of building teams to solve difficult industry problems.