Automotive Cyber- Security Risks

Risk Group discusses “Automotive Cyber-Security Risks” with Adrian Pearmine, National Director for Smart Cities and Connected Vehicles.       Introduction In a digital global age, when “automotive computing” makes “endpoint security” a moving target, massive changes seem to be under way for the “automobile industry” globally. When millions of automobiles are being intertwined into a network of connected devices to the internet, the increasing incorporation of in-vehicle computer systems is with a hope that, connected automobiles, will take nations toward a mode of transport, that is safer, smarter, and more efficient for its citizens. However, it also simultaneously increases many new concerns and questions about cyber-security and privacy. Nations hope for a secure, smart, safe and hi-tech tomorrow, is built on today’s disappointment, as concerns are growing rapidly about critical security weaknesses in many of the internet-connected components, that are integrated in new automobiles  across nations. As of today, nations lack an effective, security- centric, infrastructure and framework for the “automobile industry”. In the absence of effective, integrated, security- centric risk management framework, infrastructure, tools, technologies and processes; the computer code, connected computers and information, communication and digitalization technologies seems to be creating a perfect formulation for cyber-attacks, espionage, and ransom. The “digital global age” has brought us the reality that the connected cars and security breaches are becoming an actuality of life. When security vulnerability of one entity or industry, has the potential, to negatively impact, assets in cyberspace, geospace, and space (CGS); managing the security risks becomes a fundamental necessity for each nation: its government, industries, organizations and academia (NGIOA). So the big question, today is, when the level of, sophistication, and brilliance, among cyber-criminals is getting similar, if not more, with the cyber defense community, how do we secure automobiles or anything that is connected to the internet? Autonomous Vehicles Connected vehicles that navigate themselves, and leave humans as passive passengers, are already being road-tested in many nations. Many new vehicles are now, fitted with a complex system of scanners, radars, lasers, GPS devices, cameras, and software. It is believed by many that vehicles that drive themselves, may be on roads relatively soon. While it remains uncertain as to the exact timeline of the autonomous vehicles, the bigger question is whether it is safe for the public and whether the public will embrace, self-driving vehicles. There are many unidentified and unknown risks. The challenges are substantial for not only the industry but also for nations governance, regulators, academicians, security professionals and insurers. The Autonomous vehicles based on Artificial Intelligence needs to have human capabilities to achieve the dream of autonomous vehicles. While many advances are being made, it remains to be seen whether we are close to Autonomous Vehicles. Is it Safe to Drive? The increase in, automobiles, armed with, internet-connected technology, has opened the door, for cyber criminals, to control cars remotely. It seems, cyber criminals today, has the capability, to take control, of the vehicle – affect the steering wheel, accelerate the vehicle, activate the brakes, turn off the engine, and a lot more. In addition, there are reports, that “ethical hackers”, were able to take control, and kill the accelerator of a Jeep in motion on the freeway. This is a cause of serious concern. Moreover, most of the vehicles, now include, wireless connections, like cellular service, Bluetooth and Wi-Fi–the means by which,