With the increased integration of IoT technologies in vehicles, a number of steps are being taken to guard against cyber attacks.
“All of your electronic conveniences are, potentially, electronic vulnerabilities,” said Jack Dunham, a member of the UL automobile cyber security team. “In a pre-connected era, the worst-case scenario might have been the loss of your personal information or your credit card number. But automotive hacking has now made the real worst-case scenario the potential loss of life.”
The U.S. National Highway Traffic Safety Administration (NHTSA) recently released guidelines aimed at protecting vehicles against potential cyber-attacks. The goal of the guidelines is to ensure that cyber security is a key consideration among car designers and manufacturers. Recommendations include:
- Focusing on brakes, acceleration, and steering;
- Access points into a car’s basic electronic systems should be locked down or sealed shut once cars are mobile;
- Encryption keys and passwords that give access to a car’s computer should not provide access to multiple vehicles.
Pending legislation called The Security and Privacy in Your Car Act – or the “SPY Act” – would require the federal government to establish standards to ensure automakers secure a driver against vehicle cyber attacks. It would also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond the proposed federal minimum standards.
“Drivers shouldn’t have to choose between being connected and being protected,” Senator Markey, one of the senators who filed the bill, said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles.”
Recently, UL – a global safety science organization, – launched its Cybersecurity Assurance Program (CAP), offer testable cyber security criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls, and increase security awareness.