Car electronics could be next cybersecurity frontier
As automakers continue to pack innovative electronics into their vehicles, data security becomes a real concern.
As automotive manufacturers continue to draw in customers by integrating the latest high-tech gadgets into their vehicles, the cybersecurity risks associated with car electronics deserve a second glance.
The issue of automotive data security was broached last month with the release of a report commissioned to investigate the potential cause of the unintended acceleration dangers discovered in Toyota's product line in 2009.
Following the National Research Council's analysis of Toyota systems – which included council from NASA experts – investigators concluded that electronic error was not to blame for gas pedal malfunctions. However, detailed study of the vehicles' architecture yielded several separate observations.
"The increasing role of electronic systems in automobiles creates new safety oversight challenges that the National Highway Traffic Safety Administration (NHTSA) must address explicitly and proactively," explained research coordinators from the National Academies. "As the electronic systems become more complex, interconnected and capable, safety assurance demands will grow, as will the need to maintain public confidence in their safe performance."
As Bloomberg columnist Angela Keane noted, today's driver can now complete one-touch cell phone conversations with Bluetooth technology, navigate new cities with advanced GPS and listen to their favorite radio stations from anywhere using satellite radio. But with this impressive convenience comes potential vulnerability as entertainment and safety systems sit together in close proximity.
"Once you have access through the infotainment system, the question is could a hacker get access to the safety-critical components," Andre Weimerskirch, chief executive of a Detroit-area security firm, told Bloomberg.
For the time being, Weimerskirch suggested, the data security threats are largely hypothetical. Current architecture protocols mandate a certain level of separation between entertainment and safety utilities, but such regulations may no longer hold up to the advanced tactics of cybercriminals. As such, many in the industry are calling for preventative action before problems bubble to the surface.
"The issue for the industry and for the government is that you're one really bad situation away from it becoming a thing that people think about," University of California – San Diego computer science professor Stefan Savage told Bloomberg. "Much better to try to address it early. This technology is changing so fast that NHTSA needs to make sure they can keep up."
This important consideration was addressed in the NRC report, as analysts recommended a variety of strategies for providing the NHTSA with the auxiliary support it would need to address all vulnerabilities. Lead author and New Jersey Institute of Technology professor Louis Lanzerotti asserted that it would be financially and operationally impractical to place the entire burden of car electronics on the agency, alternatively advocating for the formation of a committee of industry, government and academic experts in fields ranging from automotive engineering to network security.
The report recommended that NHTSA officials serve more as a steering committee to facilitate the development and enforcement of standards. Currently, there is no prescriptive set of rules for how automakers should go about designing their systems to optimize data security. Instead, the current framework serves more as a reminder of what car electronics systems should not do.
Whether or not such provisions are amended, according to Lanzerotti, the NHTSA would serve as the primary enforcement mechanism to ensure compliance. As such, a comprehensive review of the Office of Defects Investigation may be in order to provide regulators with capable monitoring tools and other technical imperatives needed to "investigate flaws in electronics-intensive vehicles."
Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet