Wanna Cry About Automotive Cybersecurity? You Are Not Alone
July 11, 2017
By Kristin Kolodge
Consumers may be on high alert with the recent proliferation of Wanna Cry ransomware and other cybersecurity attacks. What used to be a fairly rare event targeted at credit card fraud and identity theft is now creeping into the workplace, helped by an increasing desire to be hooked up to the rest of the world. It seems that no connected technology is safe anymore—not even our vehicles.
How pervasive is the concern? Among the 8,500 respondents to the J.D. Power 2017 U.S. Tech Choice Study, 85% have a degree of concern with their vehicle’s security. And this level of concern is trending up year-over-year. Concerns surrounding added technology complexities, privacy, and the potential for systems to be hacked, hijacked, or crash are prominent among consumers in all generational groups.
Level of Concern Regarding Security with Vehicle Technology
Technically speaking, there is merit in this level of consumer concern. Consider the following vehicle risk gateways:
- Telematics information and its corresponding cloud transfer (typically omnidirectional)
- Wi-Fi enabled vehicles
- Autonomous vehicle technology
- Dongle-based insurance monitors
- The coming trend of vehicle connectivity (vehicle to vehicle, vehicle to infrastructure, vehicle to X, dedicated short range communication, etc.)
What can consumers do? Expecting people to cease all forms of connected communication is not a likely solution, nor a robust one. Instead, consumers are placing their faith in the manufacturers to create vehicle cybersecurity roadblocks, reduce vulnerabilities and essentially protect them from all manner of potential attacks.
That sounds nice, but is it realistic?
Manufacturers have formed a coalition called Auto-ISAC which stands for Information Sharing and Analysis Center. The mission is to share threat intelligence and vulnerability information to essentially move the collective industry ahead. Car companies have a shared position that a threat encountered by any one of them hurts the industry in general. When the Wanna Cry incident occurred, the Auto-ISAC went into critical operation mode to get information out to companies to look at their environment and then patch their systems as needed.
Another important activity showing the seriousness with which the industry is taking these threats is the collaboration with researchers (a.k.a. white hat hackers) to meticulously test for vulnerabilities before a malicious hacker can exploit the deficiency.
The goal is to get in front of any threat not only to protect the consumer but, just as important, to maintain their trust. Here we go talking about trust, again. Why is trust so prominent in today’s development environment? Consider the transfer of control that car companies are asking of the consumer. This includes control of the vehicle itself and the management of the consumer’s personal information to access some technologies. The ideal environment is one in which consumers feel safe sharing their information because they know it is behind a virtual lock and key.
Are we there yet? No. But it’s not cause for fear or tears. There are strong foundations in place and the auto industry does not need convincing of the critical importance of the situation at hand.
# # #
Kristin Kolodge is executive director for driver interaction and HMI at J.D. Power. She doesn’t doubt she’ll be hacked one day; it’s just a matter of time.
The information contained herein has been obtained by J.D. Power from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, J.D. Power does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or for the results obtained from use of such information.
This material is the property of J.D. Power or is licensed to J.D. Power. This material may only be reproduced, transmitted, excerpted, distributed or commingled with other information, with the express written permission of J.D. Power. The user of this material shall not edit, modify, or alter any portion. Requests for use may be submitted to firstname.lastname@example.org. Any material quoted from this publication must be attributed to “J.D. Power Mobility Disruptors, © 2017 J.D. Power. All Rights Reserved.” Advertising claims cannot be based on information published in this report.