WiFi hot spots, navigation systems, and self-parking technology—these are just some of the cool connected-car features available today. Cars aren’t just for driving anymore; they’re connected systems embedded in our personal data networks with access to valuable information that’s attractive to hackers. Safely building systems for connected cars requires a broader skill set than mandated in prior generations of automobiles.
Several high-profile automotive security stories have created awareness around just how easy it is to remotely take control of vehicles and the potential risks, but the disparity in maturity and readiness of the industry to tackle cyber-security concerns of connected vehicles is still eye opening. Security of these systems is a must. Our physical safety and the privacy of our personal information depend on it.
When people discuss security by design, they often refer to a broad spectrum of activities and approaches used to build stronger security postures in solutions. There’s another dimension of this security-by-design approach: security must be considered at every stage, by every person. In this context, security isn’t a separate isolated function of the process, or of the application development skills. Rather, security is an organizational competency across everyone involved in the product’s design.
It’s not a separate checkbox or stage gate that can be implemented to cover the range of needs. While those stage gates are still useful for ensuring that things go through proper reviews, on their own they aren’t sufficient for maximum efficiency of a proper security-by-design principle. With GSMA Research estimating that 100% of all new cars will be connected by 2035 and that 75% will be autonomous by 2025, the urgency for auto manufacturers to build security into their products will grow accordingly.
The security vulnerabilities of connected cars puts consumer safety at risk and significantly drives up the cost of warranty replacements when repairs are needed on potentially more than a million vehicles. Brands don’t want to deal with expensive reputation repair and resulting financial losses. For example, Fiat Chrysler has had to do a lot of damage control, including a widespread and costly recall of its vehicles after the Wired story of a hacked Jeep last year. If something tragic had resulted from this, the damage could have been unrepairable and affected whether or not the manufacturer would be able to stay in business or not
While technologies are constantly evolving and the specific security design choices will be broad, organizations now have the opportunity to recognize the need to build teams with the right mindset and skillset for security. In addition to building internal teams, it’s critical to build the right partnerships to help incorporate best practices and proven technology solutions. Some of the key areas we see the auto industry working on right now include strongly identifying individual components in the vehicle and building appropriate mechanisms to manage the vehicle systems through its lifecycle.
It’s encouraging to see that the auto industry is now addressing cybersecurity with the formation of the Alliance of Automobile Manufacturers, an industry-wide effort to identify emerging threats. In addition, leaders in the security space are setting the tone for strong connected-vehicle security posture through security-by-design thinking.
Lancen LaChance is vice president of product management for GlobalSign, a provider of security and identity solutions for the Internet of Everything (IoE).