The technology is in place for driverless cars, but data security must be improved.
Regulators are weighing new laws, and insurers and other stakeholders are actively studying the matter.
Progress is being made, and come 2019, the first driverless cars are expected to take to our roads, according to BI Intelligence.
Car manufacturers are working diligently to ensure that their driverless cars are hack-proof, given their exposure to the connected ecosystem.
Some fear that hackers could gain access to one or more autonomous vehicles, taking command for their nefarious purposes.
As manufacturers brace for this leap into the future, they are taking steps to secure this weakness.
Revealing vulnerabilities
Manufacturers are showing much concern about hacking. One automaker, Tesla, offers a bug bounty programme, rewarding experts between $100 and $10,000 for exposing and reporting vulnerabilities.
In 2015, researchers Kevin Mahaffey and Marc Rogers were able to hack into a Tesla Model S, revealing six vulnerabilities, including remotely opening and closing car doors, seizing control of the infotainment system, and even starting the car.
>See also: The battle for a driverless car network: can all survive?
When it comes to busting the connected car ecosystem, that hasn’t happened yet. What remains vulnerable is the car’s OBD-II port, typically found underneath the dash and included in all cars manufactured since 1996.
Accessing the port makes it easy to upload malicious software. Once that feat is accomplished, only then can an outside force take command of the vehicle.
The Alliance of Automobile Manufacturers, composed of 12 automakers, and the Association of Global Automakers, comprising 12 manufacturers and five suppliers, have developed a framework for automotive cyber security best practices.
Together, automotive manufacturers are addressing potential cyber security challenges in an effort to “continue producing safe vehicles that incorporate modern and robust security protections”.
The framework covers several areas, including vehicle security by design, risk assessment and management, threat detection and protection, incident response, and collaboration and engagement with appropriate third parties.
From this framework, the stakeholders employ their best practices and provide the tools for industry members as they calibrate their “threat awareness, detection, prevention, protection, mitigation and response measures”.
In other words, the alliance and association members are working cooperatively to assess and detect risks, and collaborate with each other as well as with outside parties.
Investing in security
Since the initial collaboration was announced, an all-new Automotive Information Sharing and Analysis Center (Auto-ISAC) was launched in an effort to “identify emerging threats and potential adversaries”.
The Auto-ISAC became fully operational in January 2016 and serves as a central hub, with members sharing information on attempted hacking as well as hacking events and threats.
It is the first time the auto industry has brought together competing companies to share threat intelligence, sometimes anonymously.
Further, the industry is benchmarking the data security practices of the medical, airline and railway industries.
Prevention strategies used in these industries include advanced security architecture, patch management, intrusion detection and prevention, and cloud security measures, each of which are in diverging stages of adjustment to the private vehicle habitat.
>See also: How driverless cars can and will be hacked
Understanding that the auto industry alone cannot thwart potential attacks, stakeholders are working with the government, academia and other business interests to stay ahead of the game.
For example, the annual SAE Battelle CyberAuto Challenge brings students, engineers and hackers together to work on real cars to find actual vulnerabilities.
At the same time, the challenge identifies talent among high school and college students – individuals who may very well play significant roles in manning the connected car ecosphere in coming years.
Waiting for perfection
So, where does this leave the public? Will driverless cars become widely available, and at what cost?
No prices have yet been announced by manufacturers for the simple reason the network is not yet up and running and prototypes are still being utilised.
Moreover, insurance companies and some aftermarket parts suppliers have been lobbying government rule makers in an effort to mandate that car manufacturers divulge detailed information about their proprietary systems.
Much information is already supplied for repair purposes, but manufacturers have shown reluctance in disclosing details about critical vehicle systems, including crash avoidance and driver safety systems.
These two systems are most vulnerable to hackers, thus the reluctance of original equipment manufacturers to share data security information that might very well expose them to some future liability.
As all the moving parts are put together to get driverless cars secure and ready for the road, consumers will have to wait a little bit longer for the green light.
Sourced from Matt Keegan, car tech expert and writer, CARFAX