If there were one word to summarize our meeting on Cybersecurity, then surprisingly, that word would be optimism. And that comes after a meeting where we examined the incredible number of attach vectors, weaknesses, and terrible risks when it comes to the cyber security of something as big and heavy as an autonomous car.
So, what was the case for optimism? Well, to a certain extent, it is relative. The industry has had the pleasure of being relatively naïve in the face of cyber threats in the past, mostly because in a disconnected world, the threat vectors all needed to include physical access to the vehicle. This meant that the threats HAD to be local, and could not scale to thousands, or even dozens of cars. Then, as cars have become connected, the industry had a few dire wake-up calls, such as the Jeep hacks over Sprint networks. As a result, carmakers have adopted a much more proactive approach to cybersecurity.
Other factors that helps a great deal is that carmakers:
- need to protect the value of their brand
- are very familiar with the costs of recalls
- are very familiar with the costs of lawsuits
- are relatively few in number, and it is not a "race to the bottom" industry, like much of IoT (ex: low-cost IP cams)
So, today, carmakers AND their various component vendors are adding security at every level of the car. From centralized systems, to cloud systems, to heuristics that work like PC antivirus, to TPMs, and security levels down to individual components of the car. Tremendous resources are being spent on OTA updates to ensure the code is verified, and can only come from the trusted source.
Although optimism ruled the day, nobody would promise there wouldn't be successful attacks. That risk can never be reduced to zero. But the industry, at every level, is thinking independently and together about security, providing multiple layers of defense.
With thanks to our host Infineon, and to our speakers. As always, members can access today's presentations in the Member Library.