Making Strides: The Steps to Take to Make Cars Secure

Cyber terrorism is not an idle threat. New malware and cyber-attacks are developed every day, all created with the intent of stealing money, information, identities, or as in the case of Car hacking inflict physical damage and wreaking serious havoc.

The explosive nature of the cyber battlefield has resulted in frequent anti-virus/anti-malware updates becoming a necessity, a needed measure against new attacks that exploit devices not protected by older software.

Now compare this dynamic environment to that of an automobile’s development. Designing and producing a new car is a task that takes years, with plans only rarely being changed once an OEM moves past the design stage. To assume security measures developed in such a static environment can hold up to the barrage of never ending cyber threats is naïve. In a recent article, Automotive World calls for an overhaul of the approach taken to cyber security in vehicles, both before and after a car is sold.

The needed steps to be taken to improve automotive cyber security best practices starts with regular checking of software integrity throughout the design process. Instead of leaving software analysis to the end of a vehicle’s design period, it should be checked throughout each stage of its development. As new features are added and old ones updated, software used must be scanned for bugs that could later cause problems. Automotive World emphasizes the risks OEM face by not catching code issues early on, such as delays in development, vehicle recalls, or loss of life due to a cyber-attack. To ensure the quality of the testing done, they also strongly encourage the use of third-party penetration testing and consultation services to expose holes potentially unseen by the developers. Firms like Trillium play an important part in this procedure, giving OEM the opportunity to strengthen their cars’ cybersecurity from an early stage in the development process and throughout.

The second solution to this lack of preparedness is to implement updates to their security after they’ve left the factory floor. It is unreasonable to expect cars to roll out onto the streets with perfect code, but any bugs found need to be addressed by the OEM. Legislation is moving in favor of placing the responsibility of car software integrity in the hands of the producer, meaning OEM and other suppliers need to provide the means of keeping cars safe once they are on the road. To this end, Over-The-Air update services like those found in SecureOTA are needed, giving vehicles the fast, seamless security updates they need to stay protected in cyberspace. As cars become more and more integrated into their environments thanks to V2V and V2X technology, the speed at which new attacks are brought to bear on vehicles will only increase, and only software of the highest quality can ready drivers for future threats.

Autonomous Vehicle Liability: Manufacturers and Insurance Providers Held Responsible

Responsibility is one of the most widely contested facets involved in the production and integration of autonomous vehicles. Since they have existed, autonomous cars have been surrounded by debate regarding who should take responsibility in the case of a collision or other incident involving one. While the days of streets filled with self-driving cars are yet far off, governments are starting to see the earliest manifestations of legislation in the field.

Recently, Japan’s Ministry of Land, Infrastructure, Transport and Tourism published the conclusions deemed from their meeting in late April, where they deliberated on the matter of liability in traffic accidents concerning autonomous vehicles. The discussion was focused on fully automatic cars, with the key point of discussion stemming from the cause of an incident – whether it was due to a glitch or to human error. Their consensus can be summarized as follows.

“It was proposed that, when the cause of the accident is due to a glitch in the system, the costs should be borne not only by insurance companies but by the manufacturers.”

The article published in Keizaikai Magazine goes into further detail, expressly mentioning the case of a car hack, saying that “Should a vehicle that is hijacked through some external cause, such as hacking, become involved in an accident, the case would be treated in the same manner as one involving a stolen car.”

The message being conveyed here is clear. In the event that a structural flaw in the autonomation systems of a vehicle is responsible for a traffic incident, the driver is not to be held responsible. This act of solidifying the policies to be taken regarding autonomous vehicles is a necessary step in integrating them into society, and serves as a great wake-up call to automotive insurers and manufacturers alike. The threat of car hacks grows more prominent by the day, and if cars aren’t equipped with reliable cybersecurity measures, the lives of their drivers will be at risk. If manufacturers want to protect their customers and themselves from this threat, a clear hands on cyber strategy is needed.

The importance of Trillium’s multilayered approach cannot be emphasized enough – any system that employs only one defensive measure puts itself at risk of a devastating breach. Quite simply, single layered defense open up for single point of failure. The cars of tomorrow need not only IDPS (Intrusion Detection and Protection Systems) blocking attacks from entering the vehicle, but also sturdy protection of the IVN (In-Vehicle Network) that roams behind gateway units, else they risk losing everything upon the inevitable breach of a single layer defense.