The focus on the security of automobiles and the transportation sector as a whole (planes, trains, etc.) is steadily increasing.
In 2015 we saw major vulnerabilities in automotive technology, in which researchers were able to remotely take control of vehicles, including the acceleration, braking, and steering. There were also reports of weaknesses in commercial airlines that could impact flight systems. It is absolutely critical to understand what dangers will emerge because vehicle control represents a clear danger to life and safety.
The transportation sector stands at a pivotal moment at which the innovation, integration, and pervasiveness of advanced technology is automating control functions that directly impact people’s safety. This year, it is estimated 12% of cars will be connected to the Internet and by 2020, 220 million “connected cars” will be in use—with each one full of potential points of attack.
The intertwined complexities must be understood to appreciate the challenging work ahead. Modern vehicles are miniature computing ecosystems unto themselves, with several computers, on-board storage, networks, applications, sensors, and user accounts. All of which must be protected. These vehicles will not only operate themselves and connect Internet resources with occupants, but will also eventually communicate with each other and massive infrastructure systems while on the road and in the sky. As the requirements for human operation begin to wane, we hand over our safety to digital systems that may be as vulnerable as the other devices in our lives. The need to secure life-safety systems is a daunting endeavor while demand for new features pushes technology forward at breakneck speed.
In 2016, we will see a tremendous amount research working to find vulnerabilities and potential avenues to exploit. Most of this research will be conducted by reputable organizations seeking to proactively highlight problems. We don’t expect malicious hackers to conduct widespread attacks, but some limited campaigns may be attempted.
The auto industry has recognized the risks and is aggressively investing in exploring the problems. Working groups are being formed and collaboration across the industry is being established to combat this common problem. Research is being funded, bug-bounty programs established, best practices defined, and investments are being directed to both architecture improvements and creating sustainable security solutions.
Life-safety issues demand a greater focus by the public, government, and businesses. The road ahead will be filled with regulatory guardrails, incident potholes, litigation detours, and the occasional herd of startled consumers. The goal is to secure future transportation products for the safety of the public and the continued viability of the auto manufacturers. The trip ahead will likely be very interesting.
Interested in more?
McAfee Labs 2016 Threat Predictions report is now available. Download your copy for free.
Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear more about what is going on in cybersecurity.