The world of cybersecurity is a scary one. It’s especially so when it comes to vehicles. The reason is simple: In other areas of security, the end game generally is lost money or the inconvenience of getting a new credit card. In vehicle hacking, what’s at stake can actually be physical safety. It’s bad enough to lose a few bucks. It’s quite another thing to lose one’s brakes.
The government is taking it seriously. In late October, the National Highway Traffic Safety Administration released best practices for auto makers. The guidelines call for a layered approach in which the highest risk attacks are prioritized. Protection of critical vehicle systems and consumer information is emphasized. The document, according to the NHTSA press release, also provides best practices for “researching, investigating, testing and validating cybersecurity measures.”
Concerns about the potential for hacking of automobiles have evolved during the past few years. If one event catalyzed those worries – especially among computer experts -- it was a story posted at Wired in July of 2015. It described how hackers Charlie Miller and Chris Valasek took over a Jeep Cherokee as increasingly alarmed reporter Andy Greenberg rode on a St. Louis highway. Miller and Valasek fiddled with the radio, windshield wipers and air conditioning. Then they got serious and scared the wits out of Greenberg:
Three things were learned from the story: Greenberg learned not to trust his life to computer geeks, even those who appear to be friendly. Chrysler Fiat learned that they had to recall and patch software in 1.4 million vehicles. The public learned that there could be a big problem with connected vehicles.
Not all the hacks of automobiles are life-threatening, of course. The fact is that automobiles, just like everything else, are ever-more deeply connected. This makes it possible for more traditional hacks to proliferate. For instance, intrusions into car entertainment systems can steal vital personal information. Other pertinent data – such as where the vehicle goes and the state of the various systems on the car – can be garnered by tapping into vehicle GPS and maintenance systems, respectively. The fact that these don’t seem so bad is a sign of how the terrifying the prospect of losing control of the car’s operation is.
The challenges of hacking vehicles are growing. The next step up the ladder of worries is the idea that crackers (bad hackers) will attack autonomous (self-driving) vehicles. This is not futuristic stuff: Autonomous vehicles have evolved to the point that Uber is testing them in Pittsburgh. While autonomous vehicles can reduce accidents, hackers conceivably could instruct them to all turn left or right simultaneously or take some other awful action.
Vehicles are inherently dangerous. They are also loaded with data. Hopefully, the government and industry will redouble efforts to keep everybody on the road safe. Automobile makers must work with security experts to protect the elements of vehicle security that are directly related to physical safety. Entertainment and other systems are important, of course, but can be attended to later.