29 September 2014
Author: Ian Dickie
29 September 2014
Author: Ian Dickie
1 September 2014
A group of IT security researchers have called upon the car industry to ensure cars are built to withstand attacks from cyber criminals.
The group, which calls itself I am the Cavalry, formed at last year’s Def Con security conference to try to promote greater cooperation between the IT security community and the consumer goods manufacturers. It has written an open letter to the CEOs of the major car companies, urging them to take the issue of automotive cyber security more seriously. Specifically, it is asking automakers to sign up to the Five Star Automotive Cyber Safety Program which sets out five key ways the industry can make its products safer. These include: safety by design, third-party collaboration, evidence capture, security updates, and segmentation and isolation.
The modern vehicle is effectively a computer on wheels. It is heavily controlled by software and embedded devices and increasingly connected to the internet in order to take benefit from a growing number of infotainment and safety applications. Just like any other computer connected to the web, the modern car is capable of being hacked.
Should we be worried? Probably. At the extreme end of the threat spectrum is terrorism. The advent of vehicle connectivity happens to coincide with the replacement of previously mechanically governed systems (brakes, steering, throttle control) with electronically governed by-wire systems. It will (in theory) be possible for determined, well resourced terrorists to make vehicles crash. Regardless of how many fatalities resulted, it is likely that thousands of people would be fearful of using their vehicles for a time and the resulting disruption and economic damage could be significant. Of course such an attack would require extraordinary coordination and would be fiendishly difficult to carry out – perhaps more so than other, more low-tech options available to terror groups.
There is also a concern that malware of any kind, even that created for “sport” by hackers (like many of the viruses which plague PCs) could enter the vehicle via the infotainment system and permeate safety-critical systems, whether intended or not. While there are good reasons to worry about the vehicle safety implications of car-hacking, history suggests that the connected car has more to fear from good old-fashioned theft and extortion. Picture the scene. You return to your vehicle on a cold, dark evening. Your electronic key will not open the doors or start the ignition. You receive an SMS from the criminal gang who have hacked the vehicle demanding an electronic payment of EUR 100 to unlock the vehicle. Vehicle connectivity opens up countless new opportunities for relatively low-level financial crime perpetrated on a mass scale by criminal gangs, whether the driver’s financial details are stored on-board the vehicle or not.
Look at the last 20 years of security challenges in credit cards, ATM machines, on-line banking and e-commerce. Again and again, criminal gangs have found it relatively easy to recruit talented IT experts, to share information internationally and to devise cunning methods to commit fraud and steal money from banks, businesses and their customers. Information is shared, bought and sold on the so-called dark web and new methods can be rolled out so quickly, it’s difficult for even the most responsive companies to prevent attacks.
If they are going to protect their customers’ safety and security, not to mention their own reputations, automakers and their suppliers will have to get very serious about secure hardware and software. The will need to embrace encryption. But they will have to do more than that. They will have to re-invent complex, global business systems and processes within their own organisations. From the R&D centres right on down to the dealerships, they will have to become companies which have security at their core. Remember the old cliche about the chain only being as strong as its weakest link? More often than not the weak link turns out to be human. The banks and financial institutions have always known this. They have become masters of digital security, spending billions on technology and systems and still they face a daily battle to stay ahead of the bad guys. The automotive industry has a lot of ground to cover, and not much time, to establish a secure basis for the era of the connected car.
Author: Ian Dickie
23 February 2014
It seems like only yesterday that India was being widely talked of as one of the next titans of the global auto industry.
And indeed things were looking good for the world’s second most populous nation. During a succession of boom years, vehicle sales were driven by strong economic growth and a rapidly expanding middle-class. Indian companies started taking an interest in international businesses, most notably Tata’s highly successful acquisition of Jaguar Land Rover, and the stage was set for India to join the ranks of the world’s automotive superpowers. More recently though, a combination of increasing fuel prices, the weakening rupee and prolonged high interest rates have led to rising vehicle finance costs and a marked slowdown in the domestic market. In 2013 sales fell for the first time in a decade, despite manufacturers’ liberal use of incentives in a bid to entice customers into their showrooms.
In the past few days however, there have been a couple of promising signs that policy-makers are ready to act to help pull the nation’s auto sector out of the doldrums.
On 21 February the government of Tamil Nadu announced plans to set up an bold new “Auto City” - a modern 1,000 hectare industrial park for domestic and global vehicle manufacturers and suppliers. This is the first initiative of its kind in India and the state government plans to form an Automotive Industrial Development Centre (AIDC) offering investment services, support and incentives with the aim of making Tamil Nadu a “destination for manufacture and export of motor vehicles”. The Auto City would boast a logistics hub to provide multi-modal transport, a design and technology park and common infrastructure such as effluent treatment and waste management utilities. It would enable the transportation of goods to various ports on a 24-hour basis. Chennai is already the centre of India’s auto industry with global OEMs including BMW, Ford, Hyundai and Renault Nissan located in the area, along with major domestic players. Tamil Nadu also accounts for 35 per cent of India’s auto component production worth $6.2 billion. Now the state government says it aims to make Chennai one of the top five auto-clusters world-wide.
And this announcement from Tamil Nadu comes just days after the Indian government announced cuts to the national excise duty on automobiles in it’s interim budget for 2014. Finance minister P. Chidambaram took the unexpected step of reducing the duty on small cars and two-wheelers from 12 to 8 percent. He also slashed duty from 30 percent to 24 percent on SUVs, and on large and mid-sized cars from 27% to 24% and 24% to 20% respectively. Manufacturing received a boost too in the form a reduction of excise duty on capital asset purchases from 12% to 10% across all sectors.
If these measures are signs that India’s political leaders are serious about intervening in the strategic interests of their domestic auto industry, it might be back on the road to growth again pretty soon.
Author: Ian Dickie