Eight months ago I published my concerns about how autonomous vehicles could be weaponized at scale via cyber-attack. (For those who missed it, here’s the gist: Due to the all-or-nothing nature of certain classes of cyber-attack, self-driving cars and other autonomous systems can be utilized by hostile actors to create a coordinated mass attack.) It’s time for an update.

At a closed-door Q&A session at the software hacking conference DEF CON, Elon Musk said that a fleetwide attack was Tesla’s “nightmare scenario” and announced that they were going to open-source their security modules so that automakers could work together to secure a safe self-driving future. (He later announced the security open source initiative on Twitter .) Musk’s announcement is a great start, and I’m encouraged, since an open source initiative is the single most important step to securing autonomous vehicles. But there have been other developments as well.

At an offensive cybersecurity conference earlier this year, former GCHQ information security specialist, Matt Tait, presented the keynote. (Lawyers know Tait as a Lawfare contributor and hackers know him as @pwnallthethings. It’s fun and strange when worlds collide.) One of Tait’s concluding remarks was that there are now numerous strategic threats to the world from a mass cyber-attack. Military planners call nuclear weapons and other weapons of mass destruction strategic threats because they impact military planning at the level that concern the national defence strategy. Tait used the specific example of a hijacked Windows update since it could wipe out complex logistics chains, or the power grid. The same type of strategic threat exists for autonomous devices as well. Tait then implored his fellow cybersecurity researchers to be careful with the consequences of their actions. To illustrate this, he displayed a mushroom cloud as the slide’s background image.

Which brings us to the present. Bruce Schneier is the most well-known cybersecurity professional in the world, and for decades, he’s been regarded as an even-keeled, sober, and nuanced thinker. This September, he released a new book titled Click Here to Kill Everybody. In it Schneier covers the all-or-nothing danger of certain classes of cyber-attack and specifically mentions the risk of mass cyber-attack on computerized automotives.

So the bad news is that the hazard from a successful, single-system cyber-attack is now catastrophic. But the good news is that people are now starting to pay attention.

In 2018 the Canadian government announced spending increases for cyber-defense, increased funding for the Royal Canadian Mounted Police’s cyber-crime division, and stressed greater interaction with members from the private sector in the creation of the cyber-reserves and associated cyber-special forces.

All of these are encouraging developments. But regulating autonomous devices is too complicated for Canadians to tackle on our own. Either America or the European Union must spearhead an international effort at regulations for cyber-physical devices. Senator Ben Sasse, Congressman James Langevin, and a few other American leaders understand that this is a real and urgent problem, and we need their fellow partisans to join them. Legislators and staffers, should read Schneier’s book to better understand this growing threat and to work with private sector partners, while we still have time.