Automobile Industry Accelerates Into Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Automobile Industry Accelerates Into Security


Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.



Another day, another ISAC -- and this time its the automobile industry.
The Alliance of Automobile Manufacturers and the Association of Global Automakers today officially announced plans to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features that could put cars at risk for nefarious hacking. The industry is in the process of forming a voluntary mechanism for sharing intelligence on security threats and vulnerabilities in car electronics and in-vehicle data networks -- likely via an Auto-ISAC (Information Sharing and Analysis Center), the officials say.
The auto industrys move toward an ISAC comes on the heels of that of the retail and
oil and natural gas industries
, which recently formed ISACs for their respective industries. While retail and oil & natural gas have faced a wave of real-world threats and attacks on their systems, carmakers for the most part so far have been mostly faced with research demonstrating possible attacks. The heat is on, however, because by 2017, more than 60% of new vehicles will be connected to the Internet, auto industry officials say.
Researchers Charlie Miller and Chris Valasek last year at the DEF CON hacker conference elicited some nervous laughter among attendees as they showed witty but sobering evidence on video of
how they were able to hack and take control
of the electronic smart steering, braking, acceleration, engine, and other functions of the 2010 Toyota Prius and the 2010 Ford Escape. Their research follows that of 2011 work by the University of Washington and the University of California-San Diego, where academic researchers found ways to hack car features via Bluetooth and rogue CDs, among other tricks.
Miller and Valaseks work was about looking at what could be done if a bad guy hacker could get inside the cars internal network, and they also released their tools during the conference to help promote further study of vehicle vulnerabilities.
The researchers didnt get much response from Ford and Toyota, despite providing the carmakers with their white paper on their research and reaching out to the companies.
[The Retail Industry Leaders Association (RILA) rolls out a retail ISAC following the National Retail Federations (NRF) announcement of an intel-sharing platform. Read
Dual Retail Cyber threat Intelligence-Sharing Efforts Emerge
.]
But todays announcement -- which was made at a press briefing at this weeks Cyber Auto Challenge security event, where students work with automakers and government agencies on secure system design and programming as well as hands-on application -- appears to be a big step forward for the auto industry when it comes to factoring in the cyber security implications of new car features and functions. Ford and Toyota are both members of the Alliance for Automobile Manufacturers, and Toyota is also a member of the Association of Global Automakers.
Rob Strassburger, vice president of vehicle safety and harmonization at the Alliance of Automobile Manufacturers, says the goal of the first phase, a cyber security policy working group, is to provide an interim forum for security researchers to share their findings. Longer-term, well be doing the work of governance and scope that would lead to an ISAC to look at vulnerabilities, assess them, and issue alerts, Strassburger says. All actionable information our members then act upon.
Even so, Miller says he and Valasek were not part of the discussions that apparently led up to the plans for intelligence- and threat-sharing in the auto industry. Anything that helps shed light on the security issues in the auto industry is nice although I think, as a researcher, the problem isnt in sharing our research but rather in getting manufacturers to make changes based on it, Miller said in an email exchange. We have had no problem getting our research out in the media, etc., but I dont necessarily think the industry has been particularly responsive to the changes weve suggested they take, or if they have been, they havent included us in the discussion.  I tend to think the industry thinks they know what they are doing and dont necessarily need outside help from folks like us.
The working group will look at a formalized Auto-ISAC or other type of program for sharing intel, says Mike Cammisa, director of safety at the Association of Global Automakers. We will exchange vehicle-related cyber security information among automakers, their suppliers, and government agencies as well, he said. The goal is to continue to enhance the driving experience while maintaining the integrity of these systems.
Andrew Brown, vice president and chief technologist at Delphi Automotive PLC, a components supplier to automotive systems, says cyber security threats are bound to increase over time, as more automation and connectivity is added to vehicles. As such, that represents an increased opportunity for those who may want to do harm to vehicles and the systems we provide, he said. As a tier 1 supplier, we recognize we alone cant develop solutions and approaches to mitigate threats... Its important to have an industry-wide approach to cyber security issues, and it has to be initiated with the OEMs.
Valasek says car manufacturers and their suppliers tend to be a fairly closed group. While getting a consortium started is good, the real battle is what to do upon a breach. Pretending like they can develop a perfect system without flaws isnt the answer, he said in an email exchange. Theres no such thing as a bug-free system, he says.
 

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Automobile Industry Accelerates Into Security