December 14, 2020
Mandy L. Stanton
Information Security & Privacy, Transportation
With a wide variety of devices, sensors and platforms in today’s vehicles, cars are data factories on wheels. Through these platforms, vehicles and transportation infrastructure are increasingly connected, making vehicles an increasingly attractive target for cyber attackers.
As modern vehicles collect a growing amount of data about a user’s daily life, attackers may use this information to access personal information or cloud services holding a user’s data. Attackers could also decide to target the vehicle itself. Cybercriminals have permeated private networks connected to home appliances and smart devices, and vehicles may be no different if manufacturers don’t prioritize security standards. As autonomous cars develop, malicious actors could take attacks further by compromising safety features of vehicles, jeopardizing the safety of individual users and disrupting traffic and urban safety. This may sound like an episode of "Madam Secretary," but it has the attention of the automotive industry. So, what are some potential approaches to safety practices in light of this potential threat?
- Reiterating Best Practices: Like all other technology, the automotive industry can benefit from security best practices such as implementing a cohesive security program, changing passwords, updating and patching software and users being familiar with device.
- Refocusing on Security: The National Highway Traffic Safety Administration (NHTSA) promotes layering cybersecurity protections, including a protection process for safety-critical vehicle control systems, timely detection of and rapid response to incidents and cyber resilient design. Motor companies may pivot their application developers approach from “release now and fix later” to making the design as hack proof as possible prior to installation.
- Reconfiguring City Networks: To avoid attacker-caused gridlock, we may see companies encouraging cities to use multiple smaller networks instead of a single, large network for automotive activities.
- Educating Users on GPS Spoofing: Efforts to educate drivers on attacks of lesser-used technologies may go a long way in mitigating risk. Companies may encourage drivers to use GPS on an as-needed basis to avoid attacks through which an attacker interferes with a GPS system via a radio signal.
As vehicles become increasingly connected, best practices and legislation remains to develop to address cybersecurity concerns in the vehicle ecosystem.
The Between the Lines blog is made available by Mitchell Williams Law Firm and the law firm publisher. The blog site is for educational purposes only, as well as to give general information and a general understanding of the law. This blog is not intended to provide specific legal advice. Use of this blog site does not create an attorney client relationship between you and Mitchell Williams or the blog site publisher. The Between the Lines blog site should not be used as a substitute for legal advice from a licensed professional attorney in your state.