As automotive manufacturers continue to draw in customers by integrating the latest high-tech gadgets into their vehicles, the cybersecurity risks associated with car electronics deserve a second glance.
The issue of automotive data security was broached last month with the release of a report commissioned to investigate the potential cause of the unintended acceleration dangers discovered in Toyota's product line in 2009.
Following the National Research Council's analysis of Toyota systems – which included council from NASA experts – investigators concluded that electronic error was not to blame for gas pedal malfunctions. However, detailed study of the vehicles' architecture yielded several separate observations.
"The increasing role of electronic systems in automobiles creates new safety oversight challenges that the National Highway Traffic Safety Administration (NHTSA) must address explicitly and proactively," explained research coordinators from the National Academies. "As the electronic systems become more complex, interconnected and capable, safety assurance demands will grow, as will the need to maintain public confidence in their safe performance."
As Bloomberg columnist Angela Keane noted, today's driver can now complete one-touch cell phone conversations with Bluetooth technology, navigate new cities with advanced GPS and listen to their favorite radio stations from anywhere using satellite radio. But with this impressive convenience comes potential vulnerability as entertainment and safety systems sit together in close proximity.
"Once you have access through the infotainment system, the question is could a hacker get access to the safety-critical components," Andre Weimerskirch, chief executive of a Detroit-area security firm, told Bloomberg.
For the time being, Weimerskirch suggested, the data security threats are largely hypothetical. Current architecture protocols mandate a certain level of separation between entertainment and safety utilities, but such regulations may no longer hold up to the advanced tactics of cybercriminals. As such, many in the industry are calling for preventative action before problems bubble to the surface.
"The issue for the industry and for the government is that you're one really bad situation away from it becoming a thing that people think about," University of California – San Diego computer science professor Stefan Savage told Bloomberg. "Much better to try to address it early. This technology is changing so fast that NHTSA needs to make sure they can keep up."
This important consideration was addressed in the NRC report, as analysts recommended a variety of strategies for providing the NHTSA with the auxiliary support it would need to address all vulnerabilities. Lead author and New Jersey Institute of Technology professor Louis Lanzerotti asserted that it would be financially and operationally impractical to place the entire burden of car electronics on the agency, alternatively advocating for the formation of a committee of industry, government and academic experts in fields ranging from automotive engineering to network security.
The report recommended that NHTSA officials serve more as a steering committee to facilitate the development and enforcement of standards. Currently, there is no prescriptive set of rules for how automakers should go about designing their systems to optimize data security. Instead, the current framework serves more as a reminder of what car electronics systems should not do.
Whether or not such provisions are amended, according to Lanzerotti, the NHTSA would serve as the primary enforcement mechanism to ensure compliance. As such, a comprehensive review of the Office of Defects Investigation may be in order to provide regulators with capable monitoring tools and other technical imperatives needed to "investigate flaws in electronics-intensive vehicles."
Security News from SimplySecurity.com by Trend Micro