Automotive > Infotainment & Telematics Blog



Greater Security through Connectivity

by Roger Lanctot | Oct 15, 2015

The automotive security situation is bad. How bad is it? Only 19% of industry executives surveyed by The Ponemon Institute on behalf of Rogue Wave Software and Security Innovation think that it is even possible to make a car “nearly hack proof.”

Ponemon surveyed more than 500 automotive developers, engineers and executives primarily from OEMs and Tier One suppliers with the following topline conclusions:

  • Developers are not familiar enough with their company’s program to secure software for automobiles.
  • Developers do not believe their companies are taking security seriously enough, or empowering them to make software more secure.
  • Developers want – but do not have – the skills necessary to combat software security threats and they do not feel they are properly trained.
  • Automakers are not as knowledgeable about secure software development as other industries.
  • Security is not built into the Software Development Lifecycle (SDLC) in the automotive industry.
  • Enabling technologies are not being provided to developers so they can build security into their processes.

The study further finds that “despite the understanding that automobiles are hacking targets, only 41% of developers polled agree (and 28% disagree) that secure software is a priority for their company. Worse, a large number of them (69%) believe that securing the applications are difficult/very difficult and nearly half (48%) believe that a major overhaul of the car’s architecture is required to make it more secure.”

Industry analysts talk about the percent of cars that will have over-the-air software updates in one year, five years, 10 years. Some experts talk about the need for LTE connectivity – some day.

It is clear from the rash of hacks and recalls in the past 18 months that all cars need to be connected as soon as possible. These connected cars need to have live connections at all times such that software can be monitored to detect and/or prevent intrusions. Software updates will be necessary to keep defenses up to date.

The Ponemon study starkly illustrates the scope of denial and downright defeatism pervasive in the industry. This defeatism is only magnified by the scope of industry ignorance of the issue. In this context the driving public is growing increasingly sympathetic to government efforts to get involved and lend a helping hand.

The only thing more terrifying than hackers penetrating cars is the government stepping in to help solve the problem.

An even more fundamental barrier to resolving this issue for automakers is the internal conflict between telematics departments, which are being asked to generate revenue from wireless service subscriptions, and teams seeking to add vehicle-to-vehicle connectivity (based on DSRC Wi-Fi technology) operating out of the safety systems department. The safety engineers view DSRC as just another sensor - while the telecom module is simply seen as adding cost to the car's bill of materials.  Car makers need to stop looking at telematics as a nexus of revenue generation and recognize its importance to enhancing the safe operation of the vehicle.

Some car makers, most notably BMW, have already recognized this proposition and made the decision to include 10 years of telematics service with their vehicles in multiple geographies around the world. Others are still trying to get an immediate short-term payback from telematics.

The path to secure cars leads through the telecom module. The sooner the industry embraces ubiquitous connectivity the more swiftly we will achieve robust vehicular security.  We have Security Innovation and Rogue Wave to thank for highlighting the shortcomings of the industry's grasp of this issue.

Download your complimentary copy of the white paper here: http://web.securityinnovation.com/car-security-what-automakers-think

Previous Post: VW's Horn Shows Us All How to Testify before Congress | Next Post: A $100M Learning Experience from Brazil
Leave a comment