Connected cars could be hacked by an intentional cyber swipe or compromised by an unintentional intrusion.
“The development process is not just about inventing new products and putting those features into a car. Engineering has to be done with a certain level of understanding that the interactions between features could create an undesirable,” said Radovan Miucic, Ph.D, Senior Intelligent Vehicle Engineer at the U.S. R&D Center of Chinese automaker Changan.
Miucic and other panelists addressing the topic of “Protecting the Connected Car” at the March 14 Automotive Megatrends Connected Car Detroit conference spoke with Automotive Engineering.
The first line of cyber defense is acknowledgement that attacks are possible. Researchers have proven that today’s cars can be hacked,” said Meg Novacek, Executive Director of Business Development North America for Argus Cyber Security.
David Martin, a Detroit division special agent for the Federal Bureau of Investigation, said cyber attacks on the Internet of Things (IoT) serve as a cautionary tale. “I think the connected car industry is taking to heart that most of the problems that are being seen in the IoT marketplace are with devices that were designed with no thought whatsoever of security being baked in,” Miller said.
Cyber security is an upfront consideration for Miucic and the autonomous vehicle team working at Changan’s Plymouth, MI, R&D facility. “We allow room for innovation, but we do that in a very orderly way so that we don’t end up with things that we don’t want. We don’t want a non-protected vehicle in the future,” he said.
The speed-to-market differences between the automotive and other industries can create challenges. “We’re now seeing a clash between the fast-pace of the consumer electronics world and the traditionally conservative way of development in the automotive world,” said Miucic, underscoring that engineers need to be extra diligent during the development process.
‘What if’ scenarios are exceedingly relevant for today’s engineers—such as if someone inserts a wrong or physically impossible message into the network bus. How does a component react?
"If someone is successful at re-programming a module, how does that affect the module? There’s actually quite a huge space that has to be explored in order to get to a sufficient level of security inside the vehicle,” Miucic asserted.
Vehicle access isn’t limited to unseen cyber hackers. David Miller, Chief Security Officer at Covisint, said leaving a key fob with a parking valet could provide an opening for a cyber attack. “You might not know if the person installed some sort of virus into the car either on purpose or by accident. The accident could be as simple as a USB port being used for listening to music. But if that [personal electronics] device was compromised when something was downloaded, it could install a 'worm' or 'trojan' into the vehicle,” Miller said.
Jonathan Allen, a director at the strategy and technology consulting firm Booz Allen Hamilton, said cyber security protection requires that participants look at the big picture. “The ecosystem is much larger than just the car.”