The future of driving has been cast in terms of cars that talk to one another and eventually drive themselves, but all of that computer camaraderie on the roadways could fall prey to hackers unless the auto industry and regulators come up with stout defenses.
Cars could be shut down while going 60 miles per hour. Brakes could be disabled. Remote commands could be sent to cause collisions. And that’s just the beginning of the mayhem hackers might cause.
With that in mind, the major automakers announced Tuesday that they will establish an Information Sharing and Analysis Center similar to risk assessment centers in other tech-reliant industries.
“We’re acting now to get ahead of the curve to be able to collect and share this information,” Robert Strassburger of the Auto Alliance, a trade group that represents 12 major automakers, said in conference call with reporters.
Setting up a risk management system is the latest in a series of steps automakers are taking as they embrace computer technology that eventually is expected to literally drive cars. They deemed this one significant for a simple yet obvious reason: Even as they roll out connected and autonomous cars, potential hackers will continue to develop tactics to penetrate their cyberdefenses.
“If you look at the threat factors, and vehicle features and attack scenarios that have changed over the last 10 years, the risk is going to increase,” said Jon Allen of Booz Allen Hamilton, which worked with the Auto Alliance on the project.
Strassburger added, “Whatever we establish has to be nimble and adjust for the threat environment.”
Already, researchers say they have been able to hack vehicle computers and shut down their engines, disable brakes and trigger tire pressure systems, setting off dashboard warning lights.
At the turn of the century, car security meant removing the stereo, setting the alarm and attaching the Club, an anti-theft device, to the steering wheel. Then computers changed the landscape, and if their introduction was evolutionary, the role they will play in the years to come will be revolutionary.
Already, microprocessors control dozens of on-board functions, such as the deployment of air bags to acceleration, braking and the horn. And there is concern that those computers can been hacked through wireless networks, systems like OnStar and smartphones.
A congressional report this year cited those worries, saying, “There is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.”
The report was commissioned and released by Sen. Edward J. Markey (D-Mass.), who cautioned that “our technology systems and data security remain largely unprotected.”
BMW in January said it had fixed a problem that would have allowed hackers to open the doors of 2.2 million vehicles.
Although vehicles already are vulnerable to hacking, the possibilities for such cybercriminals could be amplified exponentially in the near future with the advent of connected vehicles and autonomous cars.
Connected vehicle systems extend many current systems such as radar, laser sensors and lane control devices into a network of communication with other cars and roadside detection devices. Rather than just communicate data to the car’s driver, connected vehicles will share that information with computers in other vehicles via a short-range broadband network.
That shared information will make driving safer, provided it’s not susceptible to hackers who could compromise the system.
The autonomous cars expected to appear on roads in the next 10 years have the same vulnerabilities. Current prototype systems rely on a pair of computers the size of desktop computers. In addition to allowing the cars to drive themselves, autonomous cars are expected to use the same systems developed for connected vehicles, as well as other outside data sources.
As the number of outside access points to a car’s computer expands, so do the opportunities for hackers to compromise the system.
As federal officials and automakers have sought to accelerate the process, they have been mindful of the need to create safeguards against hacking and to protect the 75 megahertz of spectrum in the 5.9-gigahertz band for exclusive V2V use. They have pushed back against proposals to allow some WiFi use in that bandwidth.