Car hacker sought by Canadian military

The Canadian military is looking for a car hacker to hack into its vehicles to test how vulnerable they are to cyberattacks.

A tender notice posted Tuesday on the Canadian government's procurement site says the Department of National Defence is looking for bidders who can assess a vehicle, find vulnerabilities and develop and demonstrate attacks on the vehicle.

Earlier this year, security hackers showed that they could kill the engine of a moving Jeep on the highway over the internet via the car's Fiat Chrysler telematics system. That prompted Fiat Chrysler to recall 1.4 million cars and trucks in the U.S. A month later, Tesla delivered a software patch to its customers after cybersecurity researchers said they had taken control of a Tesla Model S and turned it off at low speed.

The Department of National Defence said while other kinds of cyberattacks can lead to the theft of money or information or the disruption of operations, those involving vehicles are "a more important concern since the safety of their users or the other users on the road might be at stake."

It noted that a car built in 2014 may include up to 100 computers exchanging up to 25 gigabytes of data every hour via the vehicle's internal communications system as they run 60 million lines of code managing 145 actuators and 75 sensors. That internal communications system called a Controller Area Network (CAN) bus is the target of cybersecurity hackers' attacks. Besides being used for internal communications, it may interact with entertainment, GPS and communications systems that are connected to the outside world, allowing for remote attacks.

2015 pickup truck

The vehicle that the military wants to test is a 2015 light-duty pickup truck, but it says the exact specifications are considered sensitive and will only be supplied after the contract is awarded.

The notice says the work would have to be conducted at the Defence Research and Development Canada Valcartier Research Centre. The contractor would have to use the department's own software and extend the software's capabilities as part of the work. The government is offering $205,000 for the main tasks.

The department says it may also ask for optional work, such as identifying and testing potential defensive measures that could stop a vehicle from being attacked and developing standard cybersecurity testing procedures. It would pay up to $620,000 more for that work, which would need to be complete by March 31, 2019.

Interested hackers have until 2 p.m. on Oct. 27 to apply. As of noon Wednesday, no one had added themselves yet to the list of interested suppliers.

Chris Valasek, one of the U.S. cybersecurity researchers who conducted the Jeep hacking this past July, said in an email that the work that the Canadian military is asking for could be used for both offensive and defensive purposes. He added that the price looks reasonable, although $200,000 is on the low end of that kind of work.