LIVONIA (WWJ) – As more red flags are raised about the vulnerability of cars to hacking, we’re learning more about why hackers may be interested in cars.

“Nobody’s going to invest time and resources to attack one vehicle,” said Dr. Anuja Sonalker, Lead Scientist and Program Manager at independent research firm Battelle. “There’s not much gain there.”

Sonalker tells a Center for Auto Research conference on cybersecurity that the payoff comes when cars are connected, and can serve as a gateway to larger prizes.

“What hackers, we believe, are going to try to do, is they are going to springboard off of a car that they can hack to get into the infrastructure, to try to get into financial institutions, to try to get into anything else where the car is a legitimate user of that system.”

This conference, at Schoolcraft College, comes as recent reports have indicated that car companies have not done enough yet to protect their vehicles from hackers.

“Some very simple programming standards are not being utilized in the vehicles,” said Brett Hillhouse, World Wide Engineering Solutions Executive with IBM.

As cars add sensors and software, Hillhouse says those systems don’t always work well together. That can create unintended consequences. Hillhouse suggests that car companies learn from other industries, like aerospace, that have done more to make their software systems work together to prevent and detect cyber attacks.

“This isn’t exactly rocket science. But this methodology is used in rocket science.”

Cyber security needs to be stressed throughout the supply chain, says Hillhouse, and an industry that has historically had a mechanical mind set has to adapt to an electronic world.

“We’re seeing that a couple of OEM’s are taking this very seriously, and have moved in a very strong way,” he says. “But it’s the exception, rather than the rule.”

There have been standards to deal with electronic issues, says Dr. Andrew Brown, Delphi’s Chief Technical Officer, and they are learning as connectivity evolves.

“Now we built on that functionality to look at other potential threats, and provide the mechanisms to hinder anyone from taking control of the vehicle.”

There has not yet been a case of a hacker taking over a vehicle, other than in tests. Brown says the goal is to prevent that from happening.

“Our vehicles and our subsystems are safe today,” says brown. “What we’re trying to do is anticipate those threats.”

As Automotive and Transportation research manager at Frost and Sullivan, Praveen Narayanan tries to anticipate the threats, and see where vehicles may be vulnerable.

“You can find 16 or 18 distinct hackable points,” he said.

The protection, says Narayanan, needs to be prioritized.

“I need to protect the four most important systems in my car, my engine, my transmission, my braking and my airbags and seatbelts.”

Car companies and suppliers, says Narayanan are taking cyber security seriously. As vehicles become more connected, and add more sensors and software, those companies will need to spend more money to plug vulnerabilities and prevent attacks.

“There is a three to five percent additive cost to the cars, in terms of making sure you can self certify in terms of being cyber capable.”

The issue of protecting cars from hackers has been in the news a lot lately, with a recent 60 minutes report demonstrating how a hacker could control a cars brakes and steering.

But, IBM’s Hillhouse says despite the long term worries, and the need to get out in front of the problem, there’s little that today’s drivers need to worry about.

“It’s highly unlikely some person is going to be hacked themselves in their own personal vehicle. But, we don’t like the idea that it’s as un-secure and vulnerable as it obviously is.”

Connect with Jeff Gilbert
Twitter: @jefferygilbert


Leave a Reply