Cyber security solutions long overdue, says IHS Automotive

By / 9 years ago / News / No Comments

Chris Valasek and Charlie Miller recently remotely hacked into a 2014 Jeep Cherokee, proving that they could disable the SUV’s engine functions and take control of features such as air conditioning, locks and the radio remotely.

The flaw was exposed in an article published by Wired magazine, which says a patch has now been issued.

In response, Egil Juliussen, senior analyst and research director, IHS Automotive, said that the company has been tracking the growing threat of car hacking as connected cars become the norm. The company added that: “This is definitely a scary event that will have a significant impact on how the auto industry view the cyber security.”

Mr Juliussen added: “The first question is what does it mean for Chrysler Uconnect car owners? Fortunately, it very unlikely that these vehicles will be attacked from other hackers. The reason is that the research spent a large amount of effort (probably a few man-years) to acquire the knowledge to this. Hence, other hackers would need to spend a lot of time to get equivalent expertise. But the Chrysler owners should get the software update as soon as possible – just in case.

“For the auto industry, this is a very important event and shows that cyber security protection is needed even sooner than previously planned. Five years ago, the auto industry did not consider cyber security as a near-term problem. This view has changed – especially since the research in 2013 by UCSD and University of Washington showed that wireless hacking of vehicles was possible. The report by Senator Edward Markey on cyber security earlier in 2015 increased the urgency at most OEMs to add hacking protection for connected car systems. He, along with Senator Richard Blumenthal, introduced a bill yesterday in Washington on the subject.

“NHTSA started a cyber security research project several years ago and is expected to release guidelines on what the auto industry needs to do about cyber security. Other organizations, such as Southwest Research Institute, also have research into automotive cyber security. Most auto OEMs are also increasing their effort in cyber security for future systems. Additionally, there are now products from cyber security companies that the OEMs can use for better protection.

“The main impact is that cyber security will be one of the toughest challenges that the auto industry will face in the next decade or two. This event shows that the auto industry needs to add cyber security protection as soon as possible and this must start with a thorough review of existing connected car systems and update these when problems are found.

“The growth of software Over-the-Air (OTA) is also likely to increase with cyber security updates becoming an important reason to add OTA. These OTA systems already have built-in cyber security and choosing OTA-vendors is likely to include their cyber security capabilities. Note that IHS Automotive is currently working on an OTA report for customers to be available later this summer.

“IHS Automotive forecasts that more than 82.5 million autos worldwide will be connected to the Internet by 2022, more than three times the 26.5 million connected cars this year. In seven years, 78 percent of the cars sold globally will be connected, up from 30 percent now, according to IHS.

“Long-term, cyber security will be required for all cars that have any connection to any device – especially Smartphones. In principal, the solutions are straightforward, but the details are exceptionally difficult. Each connected car needs perimeter cyber protection and operational cyber protection. Perimeter protection is needed for all wired and wireless access points that check and ensure any data, software or other contents are safe and comes from a legitimate source. Operational security is needed because perimeter security will never be 100% secure. Hence, operational security checks the messages that flow between the computer systems in the car to check for suspicious behaviours that are compared to a database of valid messages. These solutions include layers of hardware and software-based cyber security solutions that receive increasing capabilities as the potential hackers gain expertise in how the auto electronics systems work.”

He added: “Cyber security will become a major challenge for the auto industry and solutions are long overdue. The auto industry is adding cyber security, but the question is whether it is fast enough to avoid major incidents. Fortunately, there is not a compelling business model for hacking into cars that will generate revenue for the typical hacker – at least not yet. Indeed, the car can be a lethal weapon for disruption and destruction, but this falls into cyber-warfare categories and could cause very serious events, but is not expected to be what the vast majority of hackers will do. The auto industry can strengthen this point by adding cyber security solutions that make it more expensive and time-consuming to be successful and thus lowering the desirability or profitability of hacking cars.”

 

For more of the latest industry news, click here.

Natalie Middleton

Natalie has worked as a fleet journalist for nearly 20 years, previously as assistant editor on the former Company Car magazine before joining Fleet World in 2006. Prior to this, she worked on a range of B2B titles, including Insurance Age and Insurance Day. Natalie edits all the Fleet World websites and newsletters, and loves to hear about any latest industry news - or gossip.

Leave a comment

You must be logged in to post a comment.