Cars are nowadays being computerized but a number of people have not thought about the security of these computerized cars.
Most ratings are based on comfort, value, performance and safety – computer security has been ignored.
This is an issue of concern since hackers can easily gain control of your vehicle and cause serious accident.
This matter has not escaped the attention of a group of a security research group who are now proposing an automobile cyber safety rating system at the Defcon hackers convention.
This system is supposed to complement the existing systems and to help users know how safe their vehicles are from hacking.
I Am The Calvary, the group behind this push was founded by long time security researchers. It aims at getting policy makers and hardware manufacturers to take the security of computerized vehicles seriously.
This security advocacy group has a Five Star Automotive Cyber Safety Program offering a five-point checklist of computer best practices.
The five points are meant for the automakers to implement and they address issues touching on all matters pertaining to the security of vehicles.
The five points include third-party collaboration, safety by design, security updates, evidence capture, and segmentation and isolation. Calvary explained that all these points are important since they address different types of hacking, so they are more than just a call for action.
Third party collaboration will require manufacturers to have a disclosure policy that is coordinated to have them work with security researchers to help discover and address flaws in security systems.
Safety by Design compels the manufacturers to inform the customers how security has been considered in the development in their car’s software design. The information should include the supply chain rigor, security industry standards and adversarial testing.
Security Updates addresses the issue of new threats. There should security updates for the in-car computer firmware and software. This is because hackers keep on developing new techniques that require these updates. The updates should also be automatic to ensure maximum security.
Evidence Capture will requires a form of “black box” to be included in the vehicles to log evidence for safety investigations just as it is done for airplanes. These “black boxes” should take into the consideration the privacy concerns of vehicle owners or drivers.
Segmentation and Isolation on the other hand will require manufacturers to implement segmentation and isolation of computerized components. This is important because if they are not segmented a hacker who gets access to any system in your vehicle may interfere with all other systems.
I Am The Cavalry delivered a petition on Friday to security researchers and car manufacturers to help raise public awareness and support for this undertaking.
Collaborative effort between automakers and security experts is necessary for the success of this measure. And it is an issue that even vehicle owners will be following keenly since it touches on their own security.
“The proposal is a concerted effort to preempt disaster — specifically the idea that hackers could gain control of vehicles and cause deadly accidents” said Cavalry co-founder Josh Corman.
“As we have unfortunate events unfold, we will be better prepared to have the conversation over Internet-connected car security as well as the security and safety of all devices being given Internet connectivity,” Corman added.