Automotive Security is About to Change

Automotive Attack Surfaces.jpgThe focus and scrutiny on automobiles and the transportation sector as a whole (planes, trains, etc.) will increase to unprecedented levels. 

In 2015 we saw major vulnerabilities in automotive technology, where researchers were able to take over the control of vehicles, including the acceleration, braking, and steering.  There were also reports of weaknesses in commercial airlines systems which could impact flight systems.  It is absolutely critical to understand what dangers will emerge as vehicle-control represents a clear and present danger to life safety. 

The transportation sector is at a pivotal moment where the innovation, integration, and pervasiveness of advanced technology is automating control functions which directly impact the safety of people.  This year, it is estimated 12% of cars will be connected to the Internet and by 2020, 220 million “connected cars” will be in use.  Each one full of potential points of attack.

The intertwined complexities must be understood to appreciate the challenging work ahead.  Modern vehicles are miniature compute ecosystems unto themselves, with several computers, on-board storage, networks, applications, sensors, and user accounts.  All which must be protected.  These vehicles will not only operate themselves and connect Internet resources with occupants, but will also eventually communicate with each other and massive infrastructure systems while on the road and in the sky.  As the requirements for human-operation begins to wane, we hand over our safety to digital systems which may be as vulnerable as the other devices in our lives.  The need to secure life-safety systems is a daunting endeavor as demand for new features are pushing technology forward at breakneck speed.

In 2016, we will see a tremendous amount research continuing, working to find vulnerabilities and potential avenues to exploit.  Most of this research will be conducted by reputable organizations seeking to highlight problems proactively.  We don’t expect malicious hackers to gain the ability to conduct widespread attacks, but there is a good potential some limited campaigns may be attempted.

The auto industry has recognized the risks and is aggressively investing in exploring the problems.  Working groups are being formed and collaboration across the industry is being established as an affront to this common problem.  Research is being funded, bug bounty programs established, best practices defined, and investments are being directed to both architecture improvements and creating sustainable security solutions.

Life safety issues earn a greater focus by the public, government, and businesses.  The road ahead will be filled with regulatory guardrails, incident potholes, litigation detours, and the occasional herd of startled consumers.  The goal, that everyone desires, is to secure future transportation products for the safety of the public and the continued viability of the auto manufacturers.  The trip ahead will likely be very interesting.

Want to know more? 

Hardware security and other topics will be discussed at the upcoming McAfee Labs: What’s in store? Cyber threats in 2016 and beyond live webcast on Jan 20th 2016.  Space is limited. Reserve your place today.

The Intel Security McAfee Labs 2016 Threat Predictions white paper is now available.  Download your copy for free.

Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear more on what is going on in cybersecurity.

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.