CyberSecurity Risk in Automobiles, AutoMakers Remain Passive as US Government Takes Action


Frost & Sullivan white paper examines the trending topic of cyber security in the automotive industry…Bipartisan leaders of the House Energy and Commerce Committee sent letters to both the chief executives of major car manufacturers and the National Highway Traffic Safety Administrations. (NHTSA). These letters included 14 questions on each automaker’s cyber security readiness. Less than two months later, the Security and Privacy in Your Car Act (SPY Car Act) was introduced. The SPY Car Act is an unprecedented legislative action that focuses on hack mitigation and data privacy standards. Ultimately, the legislation would require a “cyber dashboard” rating system for vehicle security and privacy protection. Frost & Sullivan believes automakers are less than enthusiastic about these requirements, yet are willing to take the right steps to properly secure their vehicles.
Frost & Sullivan’s recent whitepaper, Cybersecurity: Automakers Remain Passive as Government Takes Action, analyzes key cyber security challenges, identifies solutions, and outlines a best-practices approach versus the currently, evidently unsuccessful, automotive security model.
Frost & Sullivan, an industry leader in the connected car space, developed this whitepaper to outline the trending topic of cyber security. During its composition, two fundamental cyber security events transpired – the federal government proposed significant auto security legislation, and a Jeep Cherokee’s infotainment system was successfully penetrated in a now famous, but somewhat irresponsible hack, which resulted in the recall of 1.4 million Chrysler vehicles.

Historically, vehicles had been closed systems; there was no need for a detailed security model. However, as the industry evolves, vehicles are now communicating with other vehicles and outside infrastructure.
In today’s connected world, it is just a matter of time before an unsupervised life-threatening attempt to hack into and control a vehicle occurs. In 2014, over 50 percent of the vehicles sold in the United States were connected. Frost & Sullivan believes the inevitable malicious attempts will target a vehicle that is already on the road. The potential for fatalities is a reality and with no current means of retroactively securing existing vehicles, OEMs must immediately develop an answer to this issue.
“Automakers must collaborate with the security community, become educated, and implement a holistic approach,” said Frost & Sullivan Automotive & Transportation Industry Analyst Doug Gilman. “Cybersecurity will continue to be a dominant topic, and OEMs, rather than the government, must take back the leadership role.”
As vehicles become more connected, the threat potential increases. No automaker wants to be the first to report their vehicle was maliciously hacked, which inevitably will happen. With no current method of identifying whether a car has been hacked, OEMs face a two-fold challenge: securing future vehicles and retrofitting security for existing fleets.
“Global automakers have a difficult road ahead. The industry is constantly evolving, and vehicle vulnerabilities are increasing,” stated Gilman. “With no proven vulnerability tracking, all connected vehicles are vulnerable. If automakers expect to have strong marks on their cyber dashboard, they cannot expect to accomplish it alone. The hacker needs to be right only once; automakers need to be right 100% of the time.”

Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies? hopes that the Indian Government also takes a stock of the situation .