Vehicles Equal More Than Thirty Computers, Now Imagine the Security Risk

The automotive industry has transformed the pace of innovation and technology development to an accelerated speed that the industry has never seen before.  Between the development of ADAS and autonomous vehicles, the vehicles on the market today are equipped with more technology than any other technological device. Toyota’s vehicles have more than 100 million lines of code beating out some jet fighters, technologically.

“It would be easy to say the modern car is a computer on wheels, but it’s more like 30 or more computers on wheels,” said Bruce Emaus of SAE International to The New York Times.

When the industry is experiencing that level of technological advancement it is impossible to ignore that the cybersecurity challenges that these vehicles face could be enormous if not protected properly. Just for a typical computer, everyone understands the importance of cybersecurity and can certainly understand that the dangers of a cyberattack to an enterprise can cause devastation to an industry for years to come. What about our vehicles? Compounded with the issue that vehicles today are armed with potentially thirty plus computers, some of the components of vehicles are made from hundreds of different OEMs – all that need to be protected.

NHTSA’s Standards

NHTSA has put together cybersecurity best practices for the automotive industry with the goal to focus “on practices and solutions that are expected to result in strengthening vehicles’ electronic architectures to protect against potential attacks and to help ensure vehicle systems take appropriate and safe actions, even when an attack is successful.”

NHTSA recommends a layered approach to cybersecurity so that if one breach is successful other aspects of the vehicle will still be protected. The NHTSA recommended guidelines include to identify and protect “safety-critical vehicle control systems”, fast discovery and action taken to resolve an incident, create a plan to address cybersecurity incidents, and implement a method to quickly support lessons learned.

Hacking a Vehicle Is Quite Simple

Wired reporter Andy Greenberg reported a test that he had done in 2015 while driving a Jeep Cherokee at 70mph in St. Louis. Two (planned) hackers managed to effortlessly hack into his car, gaining control of the vehicle via the Internet. For automakers, the vulnerabilities that were discovered indicated a serious and potentially life-threatening security risk that was achieved by hacking through the entertainment system receiving access to dashboard functions, steering, braking, etc. The result of an individual unexpected hack like this could be devastating but imagine if an entire fleet of vehicles were breached?

So understanding that the basic functions of a vehicle are vulnerable to a cyberattack, how can tier-1s and OEMs protect their vehicles? All tier-1s and OEMs should have a comprehensive automotive cybersecurity lifecycle management platform that combines three key capabilities: visibility, control and protection. These capabilities empower OEMs and Tier 1s by simplifying in-vehicle cybersecurity management, harmonizing communications across the supply chain, automating threat identification and prevention, and evolving with vehicles’ needs to protect the connected cars of today and tomorrow. A unique orchestration layer gives manufacturers unparalleled transparency into the entire cybersecurity lifecycle, enabling streamlined management of each phase: risk assessment,planning, policy creation and policy enforcement.

In addition, it is crucial to run assessments, where OEMs and tier-1s can get a full picture of all the vulnerabilities in a vehicle continuously so that they can secure each one in real-time.

The advancement of the automotive industry is at an exciting point and with the sophistication of technology, it needs to be coupled with the same sophistication of protection and security, keeping the industry innovative as well as safe.

Leave a Reply

Your email address will not be published. Required fields are marked *