JJ Eden, executive director of the North Carolina Turnpike Authority, emphasises the importance of implementing security measures when installing vehicle technology amidst a surge in cyber related incidents
As I have written about in previous months, the emergence of vehicle infotainment systems, safety systems, and other modern applications in the past ten years has shifted vehicles from mechanical devices to computers on wheels.
Like every other computer technology, systems bring vulnerabilities, attacks and a rigorous monitoring and protection program that extends beyond antivirus protection on your car. Cyber related incidents on vehicles grew more in 2023 than in the previous ten years combined.
“We must think about security first. Not just for assets but also for other parts of the ecosystem and build cyber security use cases for new features”
While technologies exist today to get vehicles to perform more services than ever, they introduce significant risks as we include more personally identifiable information or location information that are required to perform the additional services. As many Americans have experienced firsthand, additional exposure of this information may create an opportunity for others to invade consumers’ privacy and in a worst-case scenario, threaten the safety of the vehicles.
In the last year, attacks on high-value assets such as large fleets have more than doubled. Nearly 50% of the attacks are on vehicle telematics or infotainment systems, almost always done remotely and beyond borders.
With this said, how does industry provide technology safely across the world in urban and rural areas and ensure the safety and security of vehicles and drivers? The industry’s key technologies include real-time over-the-air updates while the vehicle is in motion. Industry must share information through open, interoperable standards to work together against every growing bad actor.
International Organization for Standardization, Society of Automobile Engineers and United Nations compliance standards must become mandatory and audited by industry compliant non-governmental entities and government compliant groups to ensure systems are monitored, and threats are mitigated in real-time; regulations are only effective if adopted by the industry and allow private industry to continue to innovate.
In addition, standards and compliance checks must be proactive using AI and large language models (LLM) to identify and mitigate vulnerabilities before they become a material threat. Proactive real-time vulnerability programs are needed to ensure vehicles and their drivers remain safe.
When we innovate and create new technology for modern safety and convenience, we must all be aware that bad actors and threats will continue to emerge and become stronger and more complex no matter where you are in the ecosystem. We must think about security first. Not just for assets but also for other parts of the ecosystem and build cyber security use cases for new features. Further, we cannot design products and systems in a vacuum; companies need to work with the industry and create common standards that can be used for managing vulnerabilities and protecting customer data privacy.
This article first appeared in the June 2024 edition of TTi magazine.