Cyber terrorism is not an idle threat. New malware and cyber-attacks are developed every day, all created with the intent of stealing money, information, identities, or as in the case of Car hacking inflict physical damage and wreaking serious havoc.
The explosive nature of the cyber battlefield has resulted in frequent anti-virus/anti-malware updates becoming a necessity, a needed measure against new attacks that exploit devices not protected by older software.
Now compare this dynamic environment to that of an automobile’s development. Designing and producing a new car is a task that takes years, with plans only rarely being changed once an OEM moves past the design stage. To assume security measures developed in such a static environment can hold up to the barrage of never ending cyber threats is naïve. In a recent article, Automotive World calls for an overhaul of the approach taken to cyber security in vehicles, both before and after a car is sold.
The needed steps to be taken to improve automotive cyber security best practices starts with regular checking of software integrity throughout the design process. Instead of leaving software analysis to the end of a vehicle’s design period, it should be checked throughout each stage of its development. As new features are added and old ones updated, software used must be scanned for bugs that could later cause problems. Automotive World emphasizes the risks OEM face by not catching code issues early on, such as delays in development, vehicle recalls, or loss of life due to a cyber-attack. To ensure the quality of the testing done, they also strongly encourage the use of third-party penetration testing and consultation services to expose holes potentially unseen by the developers. Firms like Trillium play an important part in this procedure, giving OEM the opportunity to strengthen their cars’ cybersecurity from an early stage in the development process and throughout.
The second solution to this lack of preparedness is to implement updates to their security after they’ve left the factory floor. It is unreasonable to expect cars to roll out onto the streets with perfect code, but any bugs found need to be addressed by the OEM. Legislation is moving in favor of placing the responsibility of car software integrity in the hands of the producer, meaning OEM and other suppliers need to provide the means of keeping cars safe once they are on the road. To this end, Over-The-Air update services like those found in SecureOTA are needed, giving vehicles the fast, seamless security updates they need to stay protected in cyberspace. As cars become more and more integrated into their environments thanks to V2V and V2X technology, the speed at which new attacks are brought to bear on vehicles will only increase, and only software of the highest quality can ready drivers for future threats.