Detroit, Michigan - In a world where motor vehicles can be weapons and cars increasingly depend on internal computers and internet connections, car companies are under increasing pressure to find ways to guard against cyber-attacks.
Auto industry chiefs, security experts and government officials warned at an motor industry conference here on Friday that hackers can threaten to do everything against cars that they do to other computers: remotely steal owner information, or hijack them and render them more dangerous than the truck that killed 84 people in Nice on 14 July.
Assistant US attorney general for national security John Carlin said: “When you look at autonomous cars, the consequences are so much greater than the Nice attack.
“We know these terrorists. They don't have the capability yet. But if they're trying to get people to drive truck into crowds, than it doesn't take too much imagination to think they are going to take an autonomous car and drive it into a crowd of people.”
General Motors' chair and chief executive Mary Barra said that the advanced information technology that comes in new cars, especially ‘connectivity’ systems linking cars to the internet, created huge new challenges.
“One of these challenges is the issue of cybersecurity, and make no mistake, cybersecurity is foundational,” she said.
Barra pointed to the need to protect the personal data of customers who use their in-car system for banking or to pay for other services.
“The fact is personal data is stored in or transmitted through vehicle networks,” she said.
On top of that is the complexity of the newest auto IT systems, which, she said, “opens up opportunities for those who would do harm through cyber-attacks.”
Carlin said cyber-attacks generally have cost the US economy billions of dollars, and that the problem is that hackers often outrace efforts to strengthen security.
That would be the case for the motor industry, especially as it pushed ahead with self-driving cars, he said.
Honda vice-president Steven Centre said the problem was that carmakers were under pressure from consumers to add more and more connectivity features to their vehicles.
Changing landscape
The landscape is changing fast, according to Jonathan Allen, a cybersecurity expert with Booz Allen who is helping car companies and their suppliers organise to deal with threats.
Up until only two years ago, manufacturers tended to downplay the threat posed by hackers, he noted. But there has been a significant cultural shift within the automotive industry, which is now taking the challenge very seriously.
For one thing, the threat to the reputation of carmakers is far more substantial, noted Josh Corman, founder of I am the Cavalry, a cybersecurity consulting firm.
Online fraud is one thing, but hacking into cars could actually threaten “flesh and blood”, so that carmakers have to be even more vigilant, he said.
GM chief cybersecurity officer Jeffrey Massimilia said sharing information broadly across the industry was one of the keys to fighting off the threat.
Within the past year, the industry and key suppliers have received government approval to share information among themselves on cybersecurity without the threat of anti-trust action.
Automakers are also recruiting “white hat” hackers who help hunt down vulnerabilities in cars’ IT systems.
Fiat Chrysler Automobiles senior manager of security architecture Titus Melnyk recently invited “the bug crowd” that looks for weaknesses in new software, smartphones, computers and consumer electronics.
“We should have a way for people to find things and report them,” he said, “These threats are evolving; at FCA we take that seriously.
AFP