Protecting connected cars from cyber threats
As connected cars plug into various networks, they become more vulnerable to hackers. Fortunately, there are ways to protect these high-tech vehicles against cyber threats.
We still refer to our mobile devices as “phones” even though making phone calls is the very least of their functions. In the same way, we are likely to continue calling connected vehicles “cars,” even though driving as we understand it today will soon be eclipsed by a myriad of other capabilities.
The connected car will be able to drive itself, performing tasks such as dropping you off at the airport before taking your children to school. During the day, while you are at work, you may be able to rent it to a taxi service provider. On weekends, you might choose to take the wheel again — for purely recreational reasons. The rest of the time you can hand over responsibility to the car’s automated systems while you surf the web, watch a movie, work or sleep.
Living in networks
To take on these new functions, the connected car has to “live” in multiple networks, interacting with systems including power grids, car manufacturers, traffic control, vehicle-to-vehicle communications, road tolls, home networks, technical services and government. But all that connectivity comes at a price -- the risk of a cyber attack.
“The connected car is a network of networks,” explains Tim Best, EY Director, Cyber Security. “That means it is only as secure as the networks in which it operates. All of these present possible ‘attack vectors’ for hackers.”
Like every other company, car manufacturers have to protect the cybersecurity of their whole ecosystem. But for other industries, the stakes are not so high: If your mobile phone is compromised, it is inconvenient but not usually life threatening. However, if a car is travelling at high speed down a highway, a security breach could easily endanger life.
Traditional security no longer enough
Traditional safety measures focus on protecting a car’s individual electronic components, which control all of its functions, from central locking to braking. But a safer approach is to protect the entire network, including not just the technology but the people and the processes. “The only way you can address cyber threats is by monitoring, detecting and alerting,” says Best.
“You have to monitor networks, communications and transactions, and identify unexpected behavior," he says. "You have to understand potential attackers: who they are, what their motivations are and how they might attack you." Once this information is discerned, companies can develop incident responses and procedures based on likelihood of attack. "If a threat manifests, you then have an appropriate response to successfully deal with it,” Best says.
Companies will also need to collaborate more with other organizations, he adds, by taking initiatives such as sharing threat intelligence and creating joint audit processes.
Legal and ethical questions
Connected cars raise multiple legal and ethical questions. Who is to blame when accidents (inevitably) occur? The software programmer, the car manufacturer, the dealer who sold you the car? And what about decision-making — what happens when the automated car has to make a split-second choice between running over a child or endangering the lives of its passengers?
There are no easy answers and many issues remain to be explored. But there is no doubt that connected cars offer the most exciting revolution in transportation since the invention of the internal combustion engine. With the help of new technology, the future of driving may mean less actual driving ... and more living.