Innovation in the automotive industry has led to a scenario where a car being manual may simply mean it has a steering wheel. Once composed of only mechanical and electrical parts, cars have now turned into complex systems that comprise sensors, microprocessors, software, and much more.
The proliferation of autonomous vehicles means that microprocessors and sensors will soon take a much more active role in driving cars. However, even before self-driving cars become commonplace, modern cars are already vulnerable to hackers via in-car technology like Wi-Fi. These “connected cars” are becoming standard. In 2015, there were around 6.5 million connected cars on the road and by 2017, the figure almost doubled to 12.5 million. According to estimates, there will be as many as a quarter billion connected vehicles on the road by 2020.
This new technology has also opened a floodgate of security threats. While you might be behind the wheel, potentially vulnerable software control your car’s functions. “There is almost nothing in your car that is not mediated by a computer,” said Professor Stefan Savage, Department of Computer Science, UC San Diego, while speaking to Motherboardmagazine for a short documentary on car hacking.
Fear of car hacking has not yet penetrated the general population’s psyche, as demonstrated by a 2016 Kelley Blue Book survey of drivers. The results of the survey show that among its sample size, very few drivers fear car hacking and most consider connected apps and Wi-Fi networks nice features to have.
Worries over security have also not slowed down the pace at which connectivity features continue to be rolled out due to the real benefits all this technology can bring with it. Connectivity technologies in commercial vehicles not only improve efficiency and streamline logistics, they also lower occurrences of road accidents and reduce preventive maintenance costs. Incorporating connectivity technologies can also reduce 62 percent of all trucking costs, it is estimated.
A Real Threat
Vehicle hacking isn’t just a theory or seen only in Hollywood movies. In 2016, Nissan had to shut down its proprietary app NissanConnected EV for its Leaf line-up after it was found that hackers could access the cars’ climate control and other battery operated features to drain the batteries. Also, in 2015, automaker Fiat Chrysler had to issue a recall for almost 1.4 million vehicles after researchers Charlie Miller and Chris Valasek of Wired demonstrated a wireless hack on Jeep Grand Cherokee, taking over the controls of the dashboard, steering wheel, powertrain, and even the brakes.
Recently, WikiLeaks released documents blowing a whistle on the CIA suggesting journalist Michael Hastings’s fatal car crash was triggered by a car hack. In 2013, Hastings died after the car he was driving abruptly sped up and crashed into a tree. The media has largely covered this idea as a fringe conspiracy theory, but many of the details are consistent with how a hacked car could behave.
Regulators, Industry Respond
Autonomous vehicles are no longer a pipe dream and all vehicles soon will come with smartphone connectivity embedded into their systems. Fortunately, all manufacturers prioritize the satisfaction and safety of their customers. The burgeoning field of automotive cybersecurity will grow in partnership with regulatory and compliance bodies, original equipment manufacturers (OEMs), technology companies, insurance companies, and other stakeholders pressing for safe and secure architecture. Connected and autonomous automobiles are dynamic threat environments and numerous patrons are collaborating with groups like the newly formed Auto-ISAC, to sketch guidelines, standardizations, and best practices.
These bodies endorse integration of cybersecurity into the entire lifecycle of a vehicle – from concept to production, maintenance, and decommission. Even governments are taking notice of this. Earlier this January, a bipartisan bill titled ‘Security and Privacy of Your (SPY) Car Study of 2017’ was introduced in the United States focusing on the cybersecurity of automobiles. The bill mandated that the National Highway Traffic Safety Administration create
appropriate cybersecurity standards for vehicles. Other nodal agencies mentioned in the bill were the Department of Defense, National Institutes of Standards and Technology, and the Federal Trade Commission, among others. The bill stressed the importance of isolation measures to separate critical software from trivial programs and take measures to detect anomalous codes.
The European Union Agency for Network and Information Security (ENISA) has also envisaged similar scenarios and come up with a report on ‘Cyber Security Resilience of Smart Cars.’
Growing Tech, Broader Safety Net
Security cannot be an afterthought—it must be integral throughout the design process. Automotive cybersecurity is a new emerging market. According to report titled ‘Automotive Cyber Security – Global Forecast to 2021,’ the global automotive cybersecurity market is projected to grow at a compound annual growth rate (CAGR) of 13.2 percent by 2021, to reach a market size of $31.8 million by 2021.
A sizeable number of private firms are also venturing into automotive cybersecurity. Israeli startup Karamba Security unveiled security systems for connected cars that prevent hackers from running any malicious code on the car system like lane assist, infotainment, and GPS tracking. Another startup working in the same field is Argus Cyber Security. Argus helps car manufacturers, their Tier 1 suppliers, and aftermarket connectivity providers protect connected cars and commercial vehicles from hacking.
This is the Internet of Things (IoT) era and cars are no longer basic modes of transportation. Connected cars could be a new and refreshing use of big data and a business model worth leveraging as insights from these data can be monetized. A McKinsey report states that, “Once autonomous driving and car connectivity combine, customers might be offered mobility services in exchange for watching targeted advertisements, providing product feedback, or making purchases while in the car.”
Businesses in the future might also leverage these systems to offer free rides to stores to retain customer loyalty. The initial architecture of car networks is now almost 30 years old and was devised for various reasons, but security was not one of them. The systems were designed without an inkling that vehicles could be hacked, but it’s not too late. It’s time for cybersecurity professionals to step in and do what they do best–clean up the tech to avert disaster.
Resources used for writing the article
Courtesy of CISO MAG