The modern “bells and whistles” that excite car buyers are not the HEMI engines of decades past, but high-tech, software-driven amenities that make driving easier and more entertaining. As automakers ramp up the technology to supply computerized cars and trucks to fill the demand for constant connectivity, the frightening reality of hacking vulnerabilities must be addressed.
Ramifications of Autotech Attacks
A shocking article, “Hackers Remotely Kill a Jeep on the Highway—With Me in It” published by Wired magazine brought this new form of cyberterrorism to life back in 2015. Reporter Andy Greenberg demonstrated how hackers were able to take over the Jeep Cherokee he was driving, controlling everything from the climate control system to the vehicle’s transmission.
Suddenly, the term “wireless carjacking” became a hot topic that all connected car manufacturers needed to address. With the rise in popularity and acceptance of totally autonomous cars, automobile cybersecurity becomes even more vital for the safety of everyone on the road.
Automotive computer hackers may also be able to steal personally identifiable information or even credit card numbers from unsuspecting car owners or disable a vehicle altogether using ransomware. How prepared are automakers regarding these cyber threats? A recent 2019 survey of auto manufacturers revealed that 30 percent of participants didn’t even have a cybersecurity program in place.
Hack Blocking – Who is Protecting Autotech?
Currently, a new car may have upwards of 100 million lines of software code used to control features such as infotainment systems, sensors, steering, engine performance, climate control, video parking assistance, and Bluetooth connectivity, just to name a few. Virtually all of this code needs to be protected from malicious outside influence.
From tech giants like NVIDIA to start-ups like Dellfer, companies devoted to conquering potentially deadly autotech cyber-attacks are fighting back. Cybersecurity companies like these are specializing in automotive software security, to provide automakers with IoT (Internet of Things) software tools to protect drivers from outside manipulation of vehicle operating systems.
In addition to the efforts made by individual auto cybersecurity firms, the Automotive Information Sharing and Analysis Center (Auto-ISAC) seeks to work with governments, automakers, research groups, and universities to set standards and share knowledge to fight automotive cyber-attacks. Auto-ISAC has set standards and best practices in seven technical areas to promote auto cybersecurity, including:
- Security by design
- Risk assessment & management
- Threat detection & protection
- Incident response
- Collaboration with 3rd parties
- Governance
- Awareness & training
As with all technological advancements, excitement over the possibilities must be tempered by a “devil’s advocate” to envision potential pitfalls and risks that must be addressed. In the case of autotech, it’s clear that attention and discretion must be applied to prevent threats to public and personal safety.