Internet-enabled cars, also called “connected cars”, are becoming a widespread reality. Soon we will witness automated vehicles, like the “Google car” and other vehicles pointing towards the self-driving vision. Surely, it is an exciting revolution. Nevertheless, imagine you are “driving” your car at 100Km/h… and your car has got a virus! This thought may send a shiver up your spine, and it may be not a far away future.
Until recently, vehicles were designed to be closed and self sufficient. Now they are becoming part of an extended open network, responding to our expectations of making vehicles an extension of our home, office, or personal space. However, the connectivity that makes this possible also introduces very disturbing security risks.
With the paramount increase of sophisticated computing devices installed within cars (entertainment systems, navigation systems, engine control units, etc), your car will effectively become a data center containing as many as 100+ interconnected servers. Moreover, many of these connections will be wireless and connected to external networks, which immediately pose a considerable risk of attacks by hackers, criminal organizations, or even terrorists.
To make the scenario even worse, most cars’ systems will be internally connected to each other. This opens the possibility that, if any component is compromised, hackers could gain control over the whole vehicle, including ability to control speed, alter navigation, or even disable brakes. Maybe less alarming, but still worrying, are scenarios where car information may be used by burglars to discover a car’s home address and car’s owners being on holiday, for instance based on the car location.
It is therefore of utmost importance that car’s manufacturers take complete accountability for cars cybersecurity, making it central to their business models. They must view vehicles as part of a wider system and, in that context, take all steps required to secure both existing fleet and new vehicles.
To achieve it, car manufacturers can draw on security expertise under development by mobile computing and IoT. Nevertheless, connected cars will have very specific requirements, including high value and long lifecycle (15 or more years), complexity of updates (which may involve a dealer visit) and cost of failure in terms of both money and human life risks. Also, connected vehicles will be likely to have less computing power and very heterogeneous hardware/software landscape, compared to traditional IT, which also makes security risks and solutions very specific to this ecosystem.
To conclude, will you be ready to “drive” your automated car at 100Km/h, knowing your car may have a virus? Well, let’s say you may be willing to spend your money for proper antivirus. Were you not?
For more information on “Cybersecurity for the Connected Vehicle” please refer to the Capgemini Automotive web portal