Experts speculate that we are very close to self-driving cars and that such cars may ultimately be better than humans at tasks such as merging and parking. Whether those cars will use refractive mirrors and lasers to judge distances or operate like a video game to a remote call center location, one thing is certain: they will rely even more heavily on digital technologies.
Today’s cars have already gotten incredibly computer-based. Locks, braking, acceleration, and more go through the car’s computer systems. When hackers demonstrated that they could wirelessly take control of a Jeep, they illustrated a new wave of cyber security issues: our dependence upon digital assistance in automobiles poses new cyber security risks.
Here’s what you need to know about cyber security for the automotive industry.
Think Like a Hacker
Understanding the risks and potential weaknesses in security in a vehicle requires a different sort of thinking: thinking like a hacker. Programmers look to solve problems with automated solutions—coding strings of characters to perform or assist functions. Hackers look for holes and weaknesses in that programming. White hat hackers can think that way, and then report the weaknesses that they find so that patches can be created, such as the massively expensive recall Chrysler did surrounding that Jeep hack demonstration. But not all hackers will report the vulnerabilities they find, the black hat hackers who instead engage in cybercrime.
Understanding that difference in thinking, between coding solutions and looking for vulnerabilities, helps people understand why security flaws turn up later—why do patches even get issued? Why did they not just solve those problems in the first place? It is not negligence. It is a completely different way of thinking.
The list of potential vulnerabilities, then, in a digitalized automobile, is as long as the list of digital solutions. Anything that includes coding can potentially get hacked. Whether or not that can be hacked remotely, though, is another question altogether: theoretically, anything can be hacked, but without a direct hardline connection the list may grow shorter.
Some of the possible vulnerabilities include:
- Navigational systems and rerouting of vehicles
- Braking, including any anti-skid, or anti-lock functions
- Wireless locks
- Bluetooth communication systems
- Stabilization systems, such as vehicles with anti-roll or correcting systems
- Hijacking cars to join the Internet of Things in a botnet attack
The list could go on, but that is the idea: cyber criminals can get very creative about hijacking an automobile. It could be to threaten a particular passenger, to utilize a car as a torpedo or similar weapon or to just generally create chaos.
One thing is certain: the responsibility for cyber security in the automotive industry will come back on automakers themselves. Self-driving car legislation is moving through Congress. The Executive Order on Cyber Security from President Trump’s administration puts the responsibility for cyber security directly on department heads, as a primary function of their offices. We can expect to see more of that sort of thing in the future.
Cyber Security Monitoring
Just because cyber security is becoming the direct responsibility of CEO’s and top executives in every field, does not mean you cannot outsource. Just as internal IT departments often do not do the initial web design, cyber security monitoring is a different function and action than a standard IT office.
Attacks on the automotive industry are also unlikely to be comparable to automotive theft. To prevent theft, manufacturers put certain solutions in place, but the ultimate responsibility falls on the insured. Cyber security issues will result in expensive recalls and tremendous financial loss. That makes cyber security monitoring, with industry-specific insight, a very good idea.