The Dark Side of "Smart" Cars (Part I)

JAN 14 2017

AUTHOR

Kumar Ritesh

The automotive industry is undergoing a technological revolution thanks to the increasing digitalization and connectivity of cars. More than 82.5 million automobiles sold worldwide will be connected to the Internet by 2022—three times more than the 26.5 million on the road this year. In just seven years, 78% of cars sold globally will be connected, compared to just 30% today.

Clearly, consumers are clamoring for features like GPS communication, Wi-Fi, advanced infotainment systems and apps, vehicle-to-vehicle communications, automatic accident-avoidance features, computer-operated power steering, self-parking, automatic cruise control based on road conditions and more.

But there's a dark side to intelligent vehicles: They offer a larger surface for hackers, potentially jeopardizing the security of vehicles as well as the entire automotive ecosystem, from communication systems to manufacturer and vendor supply chains.

From a cybersecurity standpoint, everything that's connected can be hacked. That means cyber attackers will have more options at their disposable to compromise a vehicle and, ultimately, the larger ecosystem.

Traditionally, hackers could only disable certain functions in a car by directly infecting the ECUs (electronic control Units); now they can achieve the same outcome simply by hacking a smart phone that controls certain aspects of the vehicle.

I believe there are four key trends disrupting the automobile industry and fostering the rise of the smart car, and they carry a set of corresponding cybersecurity implications:

  • 1. Connectivity, leading to an expanded remote attack surface that could make it easier for hackers to penetrate vehicles
  • 2. Autonomous driving, which increases the number of computer-controlled features that could allow hackers to take over vehicles
  • 3. Electrification, leading to an increased reliance on critical power infrastructure (eg, power grid for electric charging stations) and requires improved security features
  • 4. On-demand mobility, which makes driver/passenger personal information more accessible, leading to identity theft

Rapid technology advancement is not only pushing vehicles to be more responsive, entertaining and data-driven; it's also increasing their reliance on external infrastructure. As a result, it is imperative that cybersecurity considerations extend beyond vehicles to the entire ecosystem.

Mobile communication, travel and passenger information management, city traffic management, smart interscan, schedule and location management, vehicle-to-vehicle communication and toll management — all force vehicles to rely on the external ecosystem.

The core challenge for manufacturers and regulators is the ability to expand beyond protecting their own environment. This requires a joint effort among all players in the ecosystem to enforce cybersecurity measures.

In part 2 of this article, I discuss a multi-layered cybersecurity approach to securing the automotive ecosystem.