At the 2016 Black Hat security conference, automotive cybersecurity researchers Charlie Miller and Chris Valasek demonstrated new ways to hack the 2014 Jeep Cherokee they compromised at the conference the year before. They were able to stop the vehicle from any speed in seconds, manipulate the steering so as to crash the car, and take control of the cruise control. Their specific intrusions required a laptop to be connected to the vehicle’s onboard diagnostic port; however, it’s not hard to imagine that soon the same or similar hacks could be performed remotely.
It’s these kinds of scenarios that led McAfee to focus intently on automotive security. We’ve published a white paper, Automotive Security Best Practices, containing recommendations for building security into the design, fabrication and operation phases of the automotive production process. More than just a set of recommendations, this paper is a call to action for the industry to integrate best practices into their processes now to achieve automotive security.
While we’ll continue to hear stories about what could go wrong if connected cars are compromised by bad actors, I’d prefer to focus on what can go right when this key part of the Industrial Internet of Things is built with security from the ground up. Securing automobiles and the infrastructure that supports them will be a powerful enabler. We know transportation efficiency and driver safety can be dramatically improved with new technology.
Today there are distributed security architectures and layers of defense that can be proactively applied to help secure cars from chip to cloud. These include hardware security, software security, network security, cloud security, supply chain security and data privacy and anonymity. My blog, Your “Check Security” Light is On, includes more details of each of these.
McAfee, Uber and Aeris announced the Automotive Security Review Board (ASRB), a non-profit industry consortium, that will play a foundational role in defining and guiding the research required to meet the challenges of next-generation cars. The members of the Board, chaired by McAfee’s Chief Technology Officer Steve Grobman, are themselves technical experts, and the Board’s Technical Steering Committee includes world-renowned security experts. One board member, in fact, is Chris Valasek, the very hacker whose disarming of the Jeep was intended to spur automakers to build multi-layer protections into cars, Miller told WIRED. He and other members of the ASRB intend to tap both mainstream and alternative industry innovation to continually improve automotive safety.
Likewise, at McAfee, we will be pushing automotive security to the next level, through technical white papers, blogs, the ASRB, and in other ways that hold promise in the future. We see technology as a powerful enabler – as long as the right security is built in from the beginning. Doing so with connected cars will go a long way toward creating a safer transportation environment for all.
Please click here for more information on the white paper and ASRB. You’ll also find a video and infographic.