Cloud computing has a near-endless list of use cases across virtually every industry, providing hackers with ample opportunity to get to know this technology. As automakers adopt the cloud and embrace its many benefits for software updates, autonomous features and more, will it open the door to new risks from hackers who are experienced in this area?
“For a hacker to be really proficient in cloud computing technology hacking, that concept has multiple avenues and ways for them to get whatever they’re looking for,” said Kristie Pfosi, automotive cybersecurity senior manager at Mitsubishi Electric Automotive America, Inc. “Whereas getting your hands physically on a vehicle, understanding CAN, the way that automotive network works that has a very, very narrow scope and maybe not a big enough payoff in the end. So I think that’s more based on the availability of the technology, the interest level for the hackers.” That interest might go up as their target increases in value.
“And you know, if you mess up cloud computing, the financial impact to you as a person is very minimal,” said Pfosi. “If you brick your car in the driveway and now you can’t drive it anymore, that’s a $40,000, $50,000 payday that you have to now try to replace your test vehicle.” To that end, Pfosi believes that the main motivator for malicious threat actors has historically been money.
“And that’s where you see ransomware becoming maybe the first true black hat, malicious attack against automotive would be more along those lines,” she said. “But you can still apply that some concept to autonomous vehicles by taking over other features of remote control.”
Brian Murray, director of global safety and security excellence at ZF, is confident that OEMs won’t apply any connections – cloud-based or not – without having the proper solutions and protections in place. He said that security would not be an “after the fact” solution, adding that OEMs are completing the necessary threat assessments.
“You’re not going to think about, ‘Does this technology create a threat?’” said Murray. “But rather, ‘What am I going to do with this technology, and if it were hacked, what threat could result?’ It could be a safety issue, financial issue, a privacy issue or whatever. Each of those different issues gets explored and considered and you determine what bad could happen in that arena as a consequence of someone hacking that. And then you build up the fences against those things. So it’s not about the technology, it’s about the application.” Maybe so, but Pfosi believes that the prevalence and availability of emerging technologies do play a role.
“We’ve had connected vehicles now in the market for 5-10 years, perhaps longer, depending on the technology you’re looking at,” she said. “There’s more market penetration. There’s more availability to hackers to try and play around with the technology and learn from each other. Whereas on the ADAS and autonomous vehicle side we’re just starting to see some of those enter into the market. So I think it’s just newer technology. I think it will eventually see a similar upward trend just like other emerging technologies.”
About the author:
Louis Bedigian is an experienced journalist and contributor to various automotive trade publications. He is a dynamic writer, editor and communications specialist with expertise in the areas of journalism, promotional copy, PR, research and social networking.