By Lancen LaChance, Vice President of Product Management, GlobalSign
Wi-Fi hotspots, navigation systems and self-parking technology—these are just some of the cool connected car features available today. No longer are cars just for driving, they are connected systems embedded in our personal data network with access to valuable information that is attractive to hackers. Safely building systems for connected cars requires a much broader skill set than the prior generations of automobiles mandated.
Several high-profile automotive security stories have created awareness around just how easy it is to remotely take control of vehicles and the potential risks, but the disparity in maturity and readiness of the industry to tackle the cybersecurity concerns of connected vehicles is still eye-opening. Securing these systems is a must. Our physical safety and the privacy of our personal information will depend on it.
Security at EVERY stage
When people speak of security by design, they often refer to a broad spectrum of activities and approaches used to build stronger security postures in software products. There is another dimension of this security by design approach—security needs to be considered at every stage and by every person. In this context, I mean that security isn't a separate isolated function of the process, or of application development teams. Rather, all individuals involved with designing the product must be thinking about and implementing security best practices. It’s not a separate checkbox or stage gate. Although those stage gates are still useful for ensuring things go through proper reviews, on their own they are not sufficient for maximum efficiency of a proper security by design principle.
Impacting the Bottom Line
With GSMA Research estimating that 100 percent of all new cars will be connected by 2035 and that 75 percent will be autonomous by 2025, the urgency for auto manufacturers to build security into their product delivery capabilities will also grow.
The security vulnerabilities of connected cars can put consumer safety at risk and can significantly drive the cost of warranty replacements up when repairs are needed on potentially more than a million vehicles. Brands do not want to have to deal with expensive reputation repair and the resulting financial losses. For example, Fiat Chrysler has had to do a lot of damage control, including a widespread and costly recall of their vehicles after the Wired story of a hacked Jeep was published last year. Now, if something tragic had resulted from this, the damage could have been irreparable and affected whether the manufacturer would be able to stay in business.
Moving Towards a Better Approach
While technologies are constantly evolving, and the specific design choices will be broad, organizations do now have the opportunity to recognize the need to build teams with the right mind-set and skillset to ensure security is built into product design. In addition to building internal teams, it's critical to build the right partnerships to help incorporate best practices and proven technology solutions.
Some of the key areas we see the auto industry working on right now include identifying individual components in the vehicle and building appropriate mechanisms to manage the vehicle systems through its lifecycle.
It is encouraging to see that the auto industry is now addressing cybersecurity with the formation of the Alliance of Automobile Manufacturers, an industry-wide effort to identify emerging threats and also that leaders in the security space are setting the tone for strong connected vehicle security posture through security by design thinking.