Do OEMs Take Cyber Security As Cyber Seriously As They Should?
Historians agree that no invention affected American everyday life in the 20th Century more than the automobile. Yes, the car was around in the 19th century, but Henry Ford created the assembly line that spurred the economic growth to make automobile accessible to the middle class. With that came a great social movement of freedom of choice and discovery. No longer were most people restricted by the short distances they could walk or ride a horse
But now with the rise of the Internet of Things, OEMs are facing a new hurdle to selling the next generation of automobiles: the security of their connected cars. Remember the Jeep that professional hackers broke into and immobilized via the car’s WiFi connection back in 2015? Now even a common thief can become a vehicle hacker with gadgets available for purchase online.
A simple Google search turns up a plethora of items for sale, instructional videos and how-to articles on breaking into a vehicle that’s equipped with IoT devices. One news site put a car hacking gadget to the test and was able to unlock a Land Rover in two minutes. And what about that super fancy, “smart” gizmo that you plugged into your OBD-II port to monitor your engine health? That too can be hacked (and ripped out).
OEMS and Cyber Security
So where do OEMs stand when it comes to the security of their vehicles? A recent survey by the Ponemon Institute states:
• Developers are not familiar enough with their company’s program to secure software for automobiles.
• Developers do not believe their companies are taking security seriously enough, or empowering them to make software more secure.
• Developers want – but do not have – the skills necessary to combat software security threats and they do not feel they are properly trained.
• Automakers are not as knowledgeable about secure software development as other industries.
• Security is not built into the Software Development Lifecycle (SDLC) in the automotive industry.
• Enabling technologies are not being provided to developers so they can build security into their processes.
Simply put, OEMs aren’t educated enough about how to take the proper steps to make cyber security a top priority. Traditionally, the demand of the consumer and the government sways what manufacturers focus on. We have a hunch over the next couple of years they’ll start to take cyber security seriously.