“We can’t play catch up.
Assume the worst” about car hacking, a DOJ official warned recently.
If 2015 was the year that car hacking became a media sensation, then 2016 is the year it becomes a government fixation.
This year, the feds want the auto industry to fix the problem before it becomes widespread, and cars become a target not just for criminals but for terrorists.
Last month the FBI and NHTSA issued a public safety announcement that warned of the threat of car hacking, and more recently federal lawmakers have urged the auto industry to work with stakeholders to step up cyber-security efforts.
But while much of the concern around car hacking has surrounded consumers having their vehicles hijacked or their personal data swiped, this week Assistant Attorney General for National Security John Carlin visited Detroit to hammer home that car hacking isn’t just a cause for alarm for drivers but a potential national security threat.
“What brings me here is this is an industry that’s on the cusp of not just an evolution but a revolution in how our cars operate, how they talk to each other,” Carlin said during a presentation at the 2016 Society of Automotive Engineers’ World Congress.
An estimated 220 million vehicles will be connected to the cloud by 2020.
And while connectivity can make driving safer and more efficient, it can also be manipulated by terrorists and others to cause harm, Carlin cautioned.
“Within each of those cars will be hundreds of different systems…connected wirelessly,” he said. “What we can see based on the threats we’ve seen in other industries and other areas is…rogue nation states or terrorist groups are looking to exploit this change in technology.”
Horrific ResultsCarlin was referring in part to an incident last month in which hackers from the Islamic Revolutionary Guard Corps allegedly infiltrated financial industry computers and databases. One of the accused terrorists also reportedly hacked into the computer system of the Bowman Dam in New York, which contains information on its status and operation.
“It doesn’t take much imagination to see how similar vulnerabilities could be used against us by our adversaries to bring about horrific results,” Carlin said. “Every sector of the economy is a target—infrastructure, financial institutions, entertainment, agriculture, energy and yes, the auto industry.”
Carlin also noted the two security researchers who took remote control Jeep Cherokee last July and disabled it while the vehicle was on a busy highway with a journalist inside.
The subsequent media coverage led parent company Fiat Chrysler America to issue a recall for 1.4 million vehicles and resulted in a slew of other research-based hacks.
While all these hacks were set up in advance by researchers who had access to the vehicle and plenty of time to prepare the attack—and there hasn’t been a single documented case of a nefarious real-world car hack—Carlin added that “you can easily see how the auto industry makes for a valuable target for hackers of all stripes.”
While the auto industry has stepped up its cyber-security efforts by hiring security experts, offering “bug” bounties, and forming an Information Sharing and Analysis Center, it’s a tall task to design a completely hack-proof vehicle.
Carlin explained he was not in Detroit to cause panic and fear, but to meet with auto industry executives and law enforcement officials to encourage the industry to be proactive about security risks associated with connected cars before a catastrophic hack happens.
“It’s better in every respect to think of the risk on the front end,” Carlin said. “We can’t play catch up.
Assume the worst.”