Automakers do battle with car hackers
No, you’re not talking crazy.
The threat of regular people having their vehicles carjacked by cyberattackers is real.
Fact is, computer hackers on the other side of the world potentially could — while you’re driving — crash your navigation system, cut your brakes, disrupt your steering or remotely take control of the entire vehicle. Hackers do not need to be in close proximity; all they need is something as simple as internet connectivity. Cars have become heavily connected to the internet.
They are essentially computers on wheels.
That’s why automakers in Detroit, Germany, France, China and Japan are aggressively working to monitor technology protections in private cars, trucks and SUVs connected to the global internet to provide navigation assistance and so much more.
“The awareness of cyber security in the entire world has gone up. It’s not a secret there is an existing cyber war between the U.S. and Iran,” said Moshe Shlisel, CEO of GuardKnox Cyber Technologies, based in Ramla, Israel.
His company is composed of Israeli Air Force veterans who helped pioneer the cyber defense systems that are still deployed in their fighter jets and missile defense systems.
He travels to Detroit, throughout the U.S. and around the globe working with automakers seeking to eliminate vulnerabilities exploited by computer hackers all over the world. The threat can’t be underestimated, Shlisel said.
“Customers have expressed concerns that, due to the cyber wars taking place nowadays, the automotive market will be exposed to remote cyberattacks,” he said. “If you’re driving a vehicle that’s connected to the internet, the security status of current vehicles is pretty much the same as computers in the 1980s. And the reason car manufacturers are worried about that — the vehicle is part of the global internet and you can be in North Korea or Iran and reach any vehicle in the entire world.”
‘National risk’
An even bigger concern is the risk to fleets of vehicles that could cripple the transportation system.
“This would be a national risk,” said Shlisel, who indicated sites of energy companies in the U.S. are also on high alert amid tension between the U.S. and Iran.
The Department of Homeland Security warned this week that the current international conflict “may result in cyber and physical attacks against the homeland and also destructive hybrid attacks by proxies against U.S. targets and interests abroad.”
The federal agency urged companies to “consider and assess” the potential for cyberattacks.
“In the past, to conduct an attack on a specific individual or vehicle, you needed a person on the ground or a tracking device to identify the target. Today, in the era of connectivity, hackers can penetrate a vehicle remotely to find its location and then execute an attack,” Schlisel said.
Now more than ever
Protecting vehicles is like running security protections on your computer nonstop, Shlisel said.
It can be frightening to someone who understands that hackers are working relentlessly from all parts of the world to penetrate our networks and create chaos, and that includes cars.
Holly Hubert, a cybersecurity expert who retired in 2017 from the FBI in Buffalo, N.Y., said, “Since cars now are run by computers, vulnerabilities can be patched and mitigated just like any other computer. Automotive companies are aggressive in trying to find mitigation strategy for faulty code.”
No question, cyber security experts said, the issue is top of mind now more than ever.
Incredibly, that means competitors in the automotive industry are sharing valuable information and working together on this public safety issue.
“The bad guys share this information all the time. If the good guys aren’t sharing the information, they’re going to get hit,” said Faye Francy, executive director of the nonprofit Automotive Information Sharing and Analysis Center (AutoISAC), which specializes in cybersecurity strategies.
“Very simply, one company’s detection is another company’s prevention,” she said.
One of the reasons the automobile industry brought Francy in to coordinate cyber security is she, too, worked in the aerospace industry. Security for cars and jets have a lot in common.
‘Take this very seriously’
“There’s an awful lot going on as far as commitment to implementing cyber security,” Francy said. “As far as automakers go, they take this very seriously, as serious as they take safety. We’re in a nascent area and there’s a great deal of learning going on. We’ve made a lot of strides and there’s still more to be done.”
Remember, cyber crime experts pointed out, wireless technology controls thousands of elements in our cities and connected cars and all those areas are potential targets.
General Motors said it is intensely committed to defending against attacks.
“As vehicle connectivity continues to evolve, GM has continued to strengthen cybersecurity measures. We have a three-pillar approach which deploys defense-indepth, monitoring and detection, and incident response capabilities to protect our customers, their vehicles and their data,” said spokesman Chad Lyons.
The company plays a leading role in Francy’s organization, analyzing intelligence and best practices for emerging risks, he said.