19 Mar 2019
Cyber security flaws in the automotive industry
Solicitor Ernest Aduwa examines cyber security flaws in the automotive industry, in Automotive World.
Ernest’s article was published in Automotive World, 14 March 2019, which can be found here.
A highway that consists entirely of driverless cars might sound boring but it goes without saying that the industry’s future will need to rely on vehicles connected to the internet in order to improve safety and traffic flow for example.
To some, the idea of travelling on a highway that consists entirely of driverless cars might seem mundane. However, to others (particularly in the corporate world) such an idea offers endless opportunities, for example, the ability to focus on business, planning a meeting and even taking part in a conference whilst travelling.
The problem that the motor industry faces relates to the threat to its consumers. Presently, the motor industry is not in an ideal position to say that it has substantially reduced the cyber security risk that modern vehicles face. The bottom line is that any device that is connected to the internet can be targeted by a cyber attack and these attacks will range from data breaches to road traffic incidents, and will come at a huge cost to the motor industry if such attacks are not mitigated against from the outset.
It would be wrong to suggest that the motor industry is not aware of the problems it faces and it would be wrong to suggest that the industry was aware but did not care about the problems. In fact, the industry has consumer safety and satisfaction as one of its highest priorities and is tirelessly working to strengthen its products for the consumer.
For instance, with vehicles connected to the internet the customer must know which data is being collected and what is being done with it. This is a challenge that the motor industry has to deal with because previously when a customer purchases a car, they are concerned with drivability and performance only. Now, the customer must also be concerned about whether or not private companies will be monitoring their use of the car and/or selling data to other third parties. Car manufacturer Daimler has developed the “Daimler Vehicle Backend”, which they describe as a secure VPN (Virtual Private Network) connection that regulates and monitors the connections to all internet services. It performs functions such as authorisation and authentication; it also provides data protection and prevents the driver from being distracted by adapting the information from the internet to the driver. Daimler also states that to protect the systems against external attacks it also employs specialists who are well versed in automotive IT security in the areas of encoding, domain segregation and interfaces between security-related functions in the vehicle.
Even blockchain technology is being considered to improve the cyber security for the modern vehicles. Blockchain technology is considered by advocates to be ‘unhackable’. Whilst this is a very bold claim, it has not stopped the motor industry paying attention to the technology. As noted by Deloitte in its article entitled Accelerating Technology Disruption in the Automotive Market, blockchain could be used to share data securely and enable consumers to save money on insurance, which could be based on more accurate vehicle usage data. Similarly, this could also result in less tax / fees being paid by some road users. For example the lorry driver who spends days on the road should, in theory, be paying more towards road maintenance than the driver of a small smart car which is not used regularly.
As stated, the motor industry is aware of the challenges it faces. However, it cannot meet the challenges alone, governments need to also introduce laws that allow for changes in the sector. In 2017, the UK government acknowledged the challenges the industry faces and issued guidance in its Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles publication. Whilst only guidance, the publication set out key principles that the industry, from designers and engineers, to retailers and senior level executives, should follow. Such guidance is useful because it sets an industry standard and best practice.
