Anthony Foxx, U.S. Department of Transportation Secretary, has announced a plan to release, in the near future, a set of cybersecurity guidelines for the automotive industry. The announcement was made at the Billington Cybersecurity Summit in Detroit, where government officials, automakers, security experts and companies discussed industry collaboration to keep cars safe.
One of the main concerns of evolving car technology and connectivity to outside systems is the possibility of system vulnerabilities that will allow hackers to control a car. This concern is further emphasized by the emerging technology of self-driving cars, which will be even more connected to other systems and thus more susceptible to outside interference.
As of yet, there isn’t a single documented case of a car being hacked remotely but the risk should not be underestimated for the potential harm of a hacked car will increase in the future.
The Secretary has said that government’s cybersecurity guidelines will determine the industry to cooperate and share information regarding software development and also gain insight from other industries.
“There is no one company that can do on its own what all companies can accomplish together.”
Foxx acknowledges the fact that “for better or worse, the government has a reputation for moving slowly, but we hope that our guidance when it is released will break new ground.”
The security of cars is a matter of national security, and the government should start to look beyond mere guidelines, to laws and regulations to avoid falling in the common scenario where the law hasn’t caught up with technology. One such scenario we have seen in recent years is the release of civilian drones without any laws to properly regulate their production and use.
Besides the government’s guidelines, the auto industry has released its own best practices guidelines for connected vehicle cybersecurity. The document was developed by security experts from the Automotive Information Sharing and Analysis Center (ISAC) over the course of five months. Some of the areas the best practices cover are governance and accountability, threat detection and mitigation, risk assessment and management, and incident response.
Do you think that the measured and caution taken by the auto industry is necessary? How likely do you think car hacking will be?
Image source: Static World