Automotive cybersecurity wasn’t even thought about 15 years ago—but today, it’s a well-understood and critical problem. The crux of the issue is due to the fact that cars have hundreds of millions of lines of code, which are run by computers. These changes—along with the development of, the transition to, and experimentation with higher tech vehicles, like driverless cars—mark a whole new era of transportation.
All of these changes are very exciting, but as more computerized functions make their way into the automotive industry, more security issues arise and there is a far greater chance that something could (and more than likely will) go wrong. A number of recent public reports from security researchers have demonstrated that hackers can manipulate vehicles by making them speed up or slow down or do other things that are out of the driver’s control. What’s more is that it has been proven that these individuals can do these things remotely and don’t have to have physical access to the vehicles to tamper with them. This raises some obvious and important questions, starting with, “Are the manufacturers considering these issues when they’re building these cars?”
This topic will form the basis of an RSA panel session moderated by our VP of business development, Jacob Olcott. (You can learn more about it and add it to your RSA schedule here.) Jacob will lead a team of panelists on the implications and ramifications of automotive cybersecurity and, more specifically, will examine whether there is a need for cybersecurity ratings in the automotive industry in the same way that there are crash-test ratings.
Pressing Questions About Automotive Cybersecurity
- Is a cyber ratings organization needed for the automotive industry? What role would this organization play, and what degree of influence would they have in the industry?
- What role should the government play in automotive cybersecurity? Should legislation—like the cybersecurity proposal from Sen. Markey and Sen. Blumenthal—be passed and enacted into law? Is this an example of thoughtful legislation or government overreach? Additionally, should there be a minimum industry-accepted standard for cybersecurity practices that automotive groups must follow?
- What are the responsibilities of the automotive industry? Should vehicle manufacturers develop rating systems for third-party hardware and software developers to use in order to demonstrate their trustworthiness? In other words, how can supply chain risk be mitigated so manufacturers can ensure that their vendors meet their standards and requirements for cybersafety?
- Are there best practices that can be gleaned from other sectors? Which industries have successfully mitigated cyber risks with emerging technologies?
- Is there something that is unique about cybersecurity in the automotive context that is different from other Internet of Things (IoT) applications? In other words, should life-and-death IoT applications be more heavily regulated and examined, both in the public and private sector?
- Could the existing five-star crash-test rating system be leveraged in the cybersecurity context? What changes would need to be made to that system to include cybersecurity?
- Would consumers look at cybersecurity ratings before purchasing a vehicle? How could awareness be raised on this topic to bring it to a degree of importance?
Join The Discussion
If this topic interests you, we invite you to join us on Wednesday, March 2, from 8-8:50 a.m., in Moscone West, Room 2016, for a lively and important session on the question, “Do We Need Cyber Ratings For The Auto Industry?”
Whether or not you can attend the session, we invite you to voice your opinion on the topic by tweeting us @BitSight with your thoughts on automotive cybersecurity. We’ll be retweeting your thoughts over the next week.
