Alliance Initiates New Cybersecurity Forum

July 16, 2014

Read the automakers' letter to NHTSA on Cybersecurity; and view the agreement

At this year's Battelle CyberAuto Challenge on July 15, 2014, the Alliance announced A new initiative to further enhance the industry's ongoing efforts to safeguard vehicle computer systems.

Below is an outline of Alliance Vice President of Vehicle Safety and Harmonization Rob Strassburger's comments:

Computer technology has made possible dramatic advancements in auto safety, clean-car technology and fuel economy.

  • Computer technology helps airbags deploy in fractions of seconds when needed. In fact, several safety advancements involve computers, such as electronic stability control which uses high-tech sensors and computer systems to assist in driving safely.
  • Computer technology regulates ignition timing and emission-control systems to produce cleaner cars, as well as fuel injection systems that improve mileage and reduce CO2 emissions.
  • Advances in electronic theft-prevention technology have greatly reduced the number of stolen cars, and GPS helps police find vehicles that are stolen.

Auto engineers are incorporating security solutions into vehicles from the first stages of design and production, and their security testing never stops.

As cars and other forms of transportation increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features.

  • Vehicle hardware has built-in security features that help protect safety critical systems, and auto control systems are isolated from communications-based functions like navigation and satellite radio.
  • Automakers use proven security techniques to help prevent unauthorized access to software, and software updates require special codes.
  • Like many industries, auto engineers use “threat modeling” and simulated attacks with the latest methods to test security and to help design controls to enhance data integrity.

Automotive collaboration and partnerships are sharing solutions, seeking fresh approaches and monitoring new developments.

  • The International Society of Automotive Engineers, or SAE, has established the Vehicle Electrical System Security Committee to evaluate challenges and technical solutions and draft standards and best practices to help ensure the safety of vehicle electronic control systems and safeguards against cybersecurity threats in current and future motor vehicles.
  • The U.S. Council for Automotive Research (USCAR) formed a Cyber-Physical Systems Task Force in 2007 and participates in National Science Foundation workshops.
  • Automakers are bench-marking cybersecurity initiatives in other industries, including airlines, railways, and medical. The prevention strategies used in these industries include advanced security architecture, patch management, intrusion detection and prevention and cloud security measures, which are in varying stages of adaptation to the private vehicle environment.

As part of efforts to enhance cybersecurity, businesses, government and academia work collaboratively to stay ahead of hackers.

Since the Internet became an integral part of our lives, cyber conferences have become a standard part of the development process in many industries so that computer programmers can benefit from such additional tests on software systems.

  • The Defense Advanced Research Projects Agency or DARPA (the Pentagon's research arm) is often associated with a competition to develop self- driving cars, but DARPA also funds projects to test auto security.  In the most recent project in 2013, researchers needed physical access to a vehicle in order to redirect some electronic functions.
  • Vehicle manufacturers participate in DEFCON conferences to contribute knowledge and expertise regarding cybersecurity research involving motor vehicles. The next conference will be held in Las Vegas in August 2014.
  • Then of course, there is this Challenge. For its first CyberAuto Challenge! in August 2012, Battelle invited top-notched high school and college students to the U.S. Army’s Aberdeen Proving Grounds outside Washington, D.C. to work for a week alongside two dozen automotive engineers, IT researchers and government and Department of Defense officials to conduct an auto hackathon.

Sound cyber policy and resiliency is collaborative.

  • To complement automakers’ cyber resiliency efforts, the Alliance and Global Automakers are undertaking efforts to enhance the industry’s cybersecurity posture by working collaboratively to establish a voluntary industry sector information sharing and analysis center or other comparable program for collecting and sharing information about existing or potential cyber–related threats and vulnerabilities in motor vehicle electronics or associated in–vehicle networks.
  • While researchers have demonstrated how to gain access to various vehicle controls if a vehicle’s electronics or in–vehicle network could be compromised by hackers, at this point there has never been an unauthorized accessing of a vehicle in the road today.  Physical access to a vehicle is needed in order to get control of a particular vehicle’s functions.
  • Despite the absence of reported cybersecurity incidents affecting vehicles on the road, we are taking action to prepare for possible future threats.