Sen. Edward Markey (D-Mass.) recently issued a report that chided the auto industry for “alarmingly inconsistent and incomplete” practices in auto cybersecurity. The concern is warranted – today’s vehicles are staggeringly complex computers on wheels with a convergence of technologies that is creating new opportunities for those who may wish to do harm. But the industry is working hard to address the issue and has taken continued steps over the last year. It’s also important to note that diversity of thought and approaches is exactly what we need to combat cyber hackers.
Today’s vehicles have more connectivity than even most personal computers – up to 100 microprocessor-based electronic control units networked through the vehicle, coordinating and controlling such critical systems as anticipative braking, active cruise control, navigation systems and more. In fact, a premium car can contain 100 million lines of software code – more than some of the world’s most sophisticated aircraft.
{mosads}Automakers are working on multiple fronts to assure that vehicle are safe and secure. They joined scientists, white hat hackers, students and cyber security experts last summer for the third year in a row for the Battelle CyberAuto Challenge, a five day practicum designed to encourage the next generation cyber automotive engineer. The event included an announcement by the industry’s two trade associations, the Alliance of Automobile Manufacturers and Association of Global Automakers, that an auto Information Sharing and Analysis Center (ISAC) is being created to address the cyber threat, with the blessing of the industry’s regulatory body, the National Highway Traffic Safety Administration. SAE International (formerly the Society of Automotive Engineers), which develops standards for everything from lighting to air bags, is tackling the issue with multiple different workgroups.
And several automakers recently completed field tests of a new system that can detect intrusions into the vehicle so critical systems can be protected. The new technology is being designed into new vehicles now and expected to be on the road as early as 2018.
The diversity of approaches automakers are taking to confront the challenge, as pointed out in the Markey report, will likely lead to a more robust solution. It is not unusual in the early stages of development of a technology for different pathways to be pursued in a competitive fashion. The relative strengths and weaknesses of the various potential solutions that emerge from this seemingly messy process permits the market to arrive at the best solution available at any point in time. Technical innovation rarely proceeds along a monorail.
The auto industry recognizes that we need to support both formal and experiential platforms to allow auto engineers, designers, tech and communications security experts to coalesce. This problem will not be addressed by the industry alone looking at itself. We need diversity of thought from people outside the automotive industry, people who are not engrained in the car or security culture. How else can we stay a step ahead of hackers, who by definition will try a broad range of approaches?
The 4th annual SAE Battelle CyberAuto Challenge provides such a forum. This summer high school and college students will join automotive manufacturers, engineers, white hat hackers, academics and others at the headquarters of Delphi Automotive near Detroit to bring fresh thinking to the connected vehicle. It is also paving the way for an entirely new career path – the automotive cybersecurity engineer.
We’re in the early stages of managing the complexities that the connected vehicle brings. We have the opportunity now to anticipate issues and develop solutions, together, in the form of industry standards, information sharing and more. Solving this challenge will require a concerted effort that involves all stakeholders. There is much to do to keep our cars safe and secure in the new cyber world and the industry must, and will, lead the way.
Kelly is the president of Battelle’s National Security division.