New Technology; New Vulnerability
Automotive Dealership Law on September 29, 2014
Cybersecurity experts are beginning to caution that a day is coming in the very near future where locking our car doors will not be enough to keep the bad guys out—and it is not far-fetched science fiction.
Most people are not aware that their cars are giant computers (which are now being networked by giving them wireless connectivity). Yet, the danger to turning your car into a smartphone is that it subjects your car to the same computer geek hackers which have been plaguing our desktops for decades. Consider the complexity of a modern day car: the space ship that put humans on the moon (Apollo 11) had 145,000 lines of computer code. The average vehicle today? 100 million! Consequently, the appeal to hackers is strong. What is the nightmare scenario? Hackers access your car’s core controls by breaching its internet-connected entertainment system and tamper with your brakes. The good news is, however, unlike an Internet mashed together 30 years ago without thought to potential security risks, the connected vehicle starts from an almost clean slate and offers the opportunity to design robust defenses under standards the industry can agree upon worldwide.
Steps are now being taken to ensure that the forces of hacker evil remain a step or two behind the powers of good. Specifically, the Association of Global Automakers (“AGA”), the Alliance of Automobile Manufacturers (“AAM”), and Delphi (a leading global supplier of electronics and technologies for the automotive industry) have joined forces to form a voluntary information-sharing and analysis center for the automotive industry to target the threat of hackers. “We are taking this action to prepare for unforeseeable events,”1 says Mike Cammisa, director-Safety at the AGA, which together with the AAM will implement the industry initiative, known as Auto-ISAC. Auto-ISAC will bring together nearly 25 automaker members with other industry and government stakeholders on the issue. Andrew Brown Jr., vice president and chief technologist at Delphi, says while no reports of cybersecurity events against vehicles exist today, the advent of the smartphone connection inside cars and the government-led push to make vehicles safer and cleaner by getting them to communicate with each other could open the door. Brown also notes that “the industry is trying to be proactive and anticipate what those threats might be and put in mitigation factors in our designs and protocols so we don’t have to wait for an event to have a cause to action.”
Moreover, the National Highway Traffic Safety Administration (“NHTSA”) is also taking steps to control the growing threat of cyber-crime. NHTSA is collaborating with its federal partners, automakers, wireless and software industries, traffic safety stakeholders and U.S. law enforcement agencies to identify and analyze potential vulnerabilities and effective countermeasures, should such safety threats pose a danger to motorists.
Last but not least, car manufacturers are working on these problems too. Ford hardware has built-in firewalls to prevent malicious tampering, and the company has a team of noble hackers constantly probing for weaknesses. Toyota does all that as well, plus it embeds security chips in the tiny computers throughout the car, narrowing how they communicate and lessening the chance of outsider interference. The company even has forward-thinking plans this year to visit the world’s largest hacker conference, Black Hat.
Nevertheless, there remains a glaring problem beneath all of these security approaches: if decades of computer hacking has shown us anything, it’s that smart people with bad intentions will find a way to break in and cause trouble. Therefore, it is imperative that the auto industry continue to be proactive in staying a step or two ahead.
1“Auto Industry Draws Battle Lines Against Hackers,” WardsAuto, July 15, 2014, http://wardsauto.com/vehicles-technology/auto-industry-draws-battle-lines-against-hackers