Not too long ago, most people probably couldn’t imagine their automobiles being vulnerable to cyber security threats such as hacking. But with the rapid growth of connected objects of all types as part of the Internet of Things (IoT)—including vehicles—these concerns have become a distinct possibility.
Adding to the mix in vehicular security is the emergence of self-driving cars. In the coming years, we can expect to see more robotic vehicles moving along city and suburban streets as well as highways. With all the added intelligence, automobiles are essentially becoming traveling computers.
Considering these and other developments on the mobile cyber security landscape, security in the automotive industry has become more challenging and complex. Automakers today not only have to ensure driver and passenger safety when designing and building vehicles; they also need to account for potential information security weaknesses in their products.
A 2016 report by consulting firm Deloitte notes that the increased efforts to make vehicles more connected, automated and driverless will transform vehicles as product innovation, competition and consumer demand drive integration of the latest technologies and services. “The shift from an environment of independent, closed vehicle systems to one that is connected to vehicle ecosystems represents a historic reshaping of the opportunity and risk equation for the marketplace,” the firm says. “This is particularly true when you consider the maturity of cyber security capabilities and risks.”
Deloitte says a hallmark of the IoT is the “information value loop,” in which sensors and machines can cycle through the stages of creating, communicating, aggregating, analyzing and acting upon data by themselves. “When the sum of those decisions and actions is the safety of human passengers, it becomes critical to make sure any vehicle ecosystem has three mutually reinforcing properties.”
One of the three properties is security. Another is vigilance. “Hardware and software can degrade, the nature and intensity of attacks can change, and no level of security is perfect,’ Deloitte says. “Security must be complemented by monitoring to determine whether a system is still secure or has been compromised.”
The third property is resilience. “When a breach occurs, limiting the damage and reestablishing normal operations are much more easily and effectively done when there are processes in place to quickly neutralize threats, prevent further spread, and recover,’ Deloitte says.
Security, vigilance and resilience are vital components of cyber
risk management and information security in more familiar information ecosystems, the report says. “If the vehicles of the future are leveraging the same technologies we find on our home computers, networks and mobile devices, then are they
not subjected to the same vulnerabilities and sensitivities?”
Organizations and consumers need to consider the myriad of cyber security risks as the future of automobiles takes shape, Deloitte says. The risks go beyond the loss of data or a minor inconvenience. The firm cites the World Economic Forum as stating that hacking the location data on a car is merely an invasion of privacy, whereas hacking the control system of a car would be a threat to a life.”
The importance of securing individual sensors is perhaps most important in today’s connected car, which Deloitte calls “a data center on wheels full of Internet-connected features.” A typical vehicle today contains about 70 computational systems running up to 100 million lines of programming code, firm says.
Cyber security in the automotive sector will only grow in importance as vehicles rely on more intelligence in the future. As noted in a 2016 report by consulting form KPMG, deep learning—an advanced form of artificial intelligence—is driving significant change for autonomous cars and for the automotive and transportation industry. The study projects that by 2030, a new mobility services segment tied to products and services related to autonomy, mobility and connectivity will be worth more than $1 trillion globally.
The direct impacts of deep learning will “revolutionize the nature of doing business for automakers,” the KPMG report says. Deep learning is a key enabler of building self-driving vehicles that can operate without human intervention. It is accelerating autonomy faster than anyone could have imagined, and it has far-reaching implications for the industry and societal mobility as a whole, according to Gary Silberg, KPMG’s national automotive leader.
The coming new era in automotive product development and manufacturing will emphasize the vehicle’s nervous system, including a computer “brain,” sensors, controls, driver interaction and data storage. This will mean a great shift in organizational structure, talent acquisition, and operating models for most car manufacturers, Silberg says.
It also means vehicle manufacturers will need to keep cyber security in mind throughout the entire production process.