Is the automotive industry re-inventing the wheel?
10 June 2016 | 0
We all read with horror the account last year of Charlie Miller and Chris Valasek taking control of a Jeep Cherokee, driven by reporter Andy Greenberg. From 16 km away, Miller and Valasek interfered with the car’s speakers and air conditioning, and then cut off its transmission in the middle of a busy interstate highway.
This is in the context of a modern car having dozens of computers with as much as 100 million lines of code, and for every 1,000 lines of such there may be as many as 15 bugs that may be exploitable.
“One can’t help wondering if it has all been done before, in an environment that has arguably higher standards and so more stringent implementations”
Added to this is the assertion by Navigant Research that as vehicles become more automated and connected to the Internet, to other cars and even roadway infrastructure, the potential attack surface will grow exponentially.
There have been numerous high profile partnerships announced to tackle this, such as Ford with Amazon and HPE, Fiat Chrysler with Google, and a whole host of security start-ups have popped up, not least in Israel, to develop solutions.
But, one can’t help wondering if it has all been done before, in an environment that has arguably higher standards and so more stringent implementations.
Last year, when heading to the US for a conference, I had the rare surprise (has happened twice in my travelling life, and I worked in the aviation industry!) of a business class upgrade to cross the Atlantic. I marvelled, not only at the wine list and food selection, but at the connectivity at 35,000 feet as we cruised in the North Atlantic tracks. The entertainment system provided me with a wide selection of content, and some airlines are already allowing BYOD for entertainment, such as United Airlines in the US.
Should the automotive industry take a leaf from aviation in developing, implementing and securing operating, navigational and entertainment systems in transport vehicles? Well, after the fairly well publicised security issues seen in the press over the last 12 months or so, not least being the hijack cited above, the answer would seem to be yes.
While direct comparisons can’t really be made between a brand new A320 at around €86 million and even a luxury car at around the €100,000 mark, a modern mid-size family car can still take between three and five years to develop at a cost of hundreds of millions of euros. Therefore, if there are already established practices for how these systems can be developed, implemented and secured, it makes a certain amount of sense to at least start there, especially when the example is so safety conscious.
The promise of connected cars, for safety, for management and increased capability for the end user is really too great to pass, but in the rush to be first to market, auto-makers need to ensure that security is not overlooked, especially as self-driving cars become the norm in years to come.