From the earliest days of 2015, it looked like cyber security would be the big automotive industry topic of the year.
Harman snapped up RedBend in January, with cyber security ranking high on the checklist of reasons for the acquisition; and automotive cyber security has been a top topic of discussion ever since. It was a key underlying theme in the recent discussions over the acquisition of HERE; the unprecedented Audi/BMW/Daimler joint bid for HERE saw Daimler's Dieter Zetsche openly discuss the need to secure control of the software - and the security of the software - required for autonomous driving.
Earlier this year, a wormhole in BMW's ConnectedDrive system was highlighted by a 'white hat' hack part-sponsored by Germany's ADAC; BMWâ€™s solution was to deliver an over the air software patch to the affected cars within 24 hours. Itâ€™s a problem that probably should never have existed, but at least it was identified and solved, with no customers affected, and no harm to the brand.
Last week, Fiat Chrysler became the first OEM to issue a recall for cyber security reasons. Unlike BMW, FCA has needed to recall 1.4 million vehicles to manually update the carâ€™s software via USB, following the high profile hack of a Jeep Cherokee whilst being driven by Wired journalist, Andy Greenberg.
FCA may be the first OEM to issue a cyber security-related recall, but it will not be the last. Maybe it takes high profile cases like this â€“ and 1.4 million vulnerable (if not affected) cars is certainly high profile â€“ to make the industry sit up and take the issue of cyber security as seriously as it does vehicle security and safety.
Itâ€™s worth noting that, in many languages, there's only one word for safety and security. A hacked bank account or email address is an inconvenience; a hacked car could easily become a safety hazard, for the occupants and for those around the vehicle. Wiredâ€™s Greenberg described sitting in the frozen Cherokee on the interstate with a heavy truck bearing down upon him, and the hackers shouting, "You're doomed!"
Should cyber security be something that OEMs work on in isolation, with each developing its own solutions? The silo approach certainly has its benefits, preventing hackers from making a single attack on thousands or millions of vehicles across multiple brands all at once; but it also means a duplication of R&D for the same result. Identifying threats is crucial, which is where some kind of cyber security social network would come in handy; AlienVault spoke to Automotive World about its Open Threat Exchange (OTX), where OEMs, suppliers and other interested parties can collaborate in confidence.
A 1.4 million unit recall is a big warning. Itâ€™s time to take automotive cyber security seriously â€“ really seriously â€“ or the impact on the industry, on brands, on individualsâ€™ livelihoods and on lives could be so much worse than a fast-approaching 18-wheeler. Pessimistic and hyperbolic? Take a look in your rear-view mirror...
Editor, Automotive World