Fighting off cyber attacks begins on the drawing board

""

With the Internet of Things (IoT) increasingly becoming a reality around us we find ourselves in new territory.

Probably the most famous recent hack involved Fiat Chrysler having to issue a recall of more than 1.4M vehicles after ‘white hat’ researchers Charlie Miller and Chris Valasek showed how to exploit a loophole in the infotainment system of a Jeep Cherokee to take control of it.

The cyber security ideals that have protected us in the past are no longer enough to keep our data, and us, safe in this uncharted future. The era of reactive security, or security as an afterthought, is over. We have now entered the era of proactive security, or security by design.

As a production strategy, security by design is exactly what it sounds like. To develop secure products, the concept and strategy for securing them must be considered as part of the design process from day one. However, achieving this in practice means building a culture of security within an organisation.

Everyone in the organisation, and especially those at C Suite level, should see cyber security not as an afterthought but as one of the main goals in design and production. 

There are a number of reasons to give security a position of highest importance in the design and production process of the automobile. The increasing threat of hacking and the importance of consumer safety both present compelling arguments for adopting a security by design strategy. However, for most organisations the final decision will probably come down to economics. What is the ROI for built-in cyber security? Can security by design offer a carmaker a competitive edge in the market?

The automotive sector has yet to compute an ROI for built-in cyber security. This might be off-putting for some, who would rather see a concrete success scenario than dive-in as an early adopter but consider the benefit for an early adopter. We can already see from other industries that security is becoming a deciding factor for consumers and that, conversely, a lack of security is incredibly damaging to a brand’s reputation.

Take last autumn's attack on Sony for example. It exposed, not only a large number of embarrassing secrets but also an organisation that was ill-prepared for a direct attack on its internal network. Luckily for Sony the US president stepped in, labelled the hack as a state sponsored act of aggression, and provided assistance. This not only helped Sony combat the attackers but also provided it with a way to protect their brand image.

Even so, the hack caused upheaval in the organisation and damaged its infrastructure and reputation but it was not as costly as it could have been.

This would not be the case in an automotive manufacturer, where the risk exposure is far broader, and it is not clear that the government would be in a position to provide immediate assistance.

When it comes to the automotive industry, data security is only one of several vital security issues and this is what makes vehicles an enticing target for hackers. Not only will they soon be able to secure personal data from vehicles but they will also be able to use those very vehicles to cause further havoc. This could be done either by using the vehicle as a device for attack or using it as a gateway into a multitude of connected devices. In a connected world, vehicle hacks have the potential to make the Sony debacle look like child’s play.

To stave off this bleak scenario, vehicles need to be designed for security. It’s no longer economically viable to gamble a company’s future on whether vulnerabilities will be found or exploited.

We can rest assured that the hacker community is savvy and motivated. If there is a vulnerability they will find it and if they are economically motivated they will exploit it. 

To catch up with the latest in cyber security don't miss TU-Automotive Europe 2015 this November 2-3. For more information and booking just click here>>>

 


Leave a comment

Your email address will not be published. Required fields are marked *