For Auto Cybersecurity, the Cavalry Has Arrived
As the rapid computerization of cars and other devices raises worrisome questions about potential hacks and data breaches, cybersecurity advocates are moving to create solutions before those risks lead to major problems.
New cars are no longer just a mix of gears, pistons, and other machinery. They’re computerized vehicles, benefiting from the processing power under the hood. But with that comes a need for cybersecurity.
To address that need, an advocacy group called I Am the Cavalry—with members from the technology and auto spaces, including the Society of Automotive Engineers—is calling on stakeholders from across the auto sector and beyond to adhere to the “Five Star Automotive Safety Framework.”
As presented by cofounder Josh Corman at the Security of Things Forum on Monday, the group’s framework is built on five principles:
- safety from the design phase
- third-party testing of systems without legal risks
- data-gathering devices to collect forensic information
- software updates
- isolation of critical systems from other vehicle functions
To advance these principles, I Am the Cavalry has joined with computing giant Intel to form the Automotive Security Review Board, which was announced Sunday.
“We can, and must, raise the bar against cyberattacks in automobiles. With the help of the ASRB, Intel can establish security best practices and encourage that cybersecurity is an essential ingredient in the design of every connected car,” Intel Security Senior Vice President and General Manager Chris Young said in a statement.
To provide more immediate details to automotive and cybersecurity stakeholders, Intel Security released a white paper on best practices for “the next-generation car” [PDF].
The report stresses improved communication between manufacturers in order to institute best practices, focusing on vehicle design and—in a new wrinkle for the auto industry—an awareness of the risks to vehicles after they leave the lot.
“Threat analysis and risk assessment continues throughout the life of the car as old vulnerabilities are patched and new ones come to light, so the risk of attack can even increase with time,” the report notes.
a Connected Future
These announcements follow an increasing awareness about the security measures (or lack thereof) installed in modern cars. In July, Wired reporter Andy Greenberg exposed a vulnerability that allowed Chrysler cars using Uconnect software to be hijacked, prompting the automaker to recall 1.4 million vehicles. In May, House Energy and Commerce Committee leaders requested detailed information on automotive cybersecurity from 17 manufacturers and the National Highway Traffic Safety Administration.
“Connected cars and advancements in vehicle technology present a tremendous opportunity for economic innovation, consumer convenience, and public health and safety,” committee members wrote in a letter to the automakers and NHTSA. “These benefits, however, depend on consumer confidence in the safety and reliability of these technologies.”
And as I Am the Cavalry notes in its mission statement, the risks of these technologies stretch beyond the world’s highways. The rapid adoption of interconnected tech in the medical field, public infrastructure, and households presents a series of unique challenges that will soon face multiple industries, advocacy groups, regulators, and consumers.