Auto industry gives mixed response on validity of security threat
MADISON, Wis. — Earlier this week, when the federal government’s automotive safety regulator laid out cybersecurity guidelines for carmakers, U.S. Transportation Secretary Anthony Foxx said that cybersecurity is “a safety issue and a top priority at the department.”
Clearly, the government’s agency hopes to get ahead of potential attacks on vehicles, well before cybersecurity blows up in the face of connected cars. There is fear among regulators that a cybersecurity failure could irreparably damage the future of highly automated vehicles.
But never mind the fed’s concerns.
As it turns out, some of the best minds in the automotive industry don’t believe hackers are interested in cars.
This perception is clear in survey results released Thursday by Ponemon Institute, the leading independent security research organization.
The survey’s goal, as the institute explained, was to gather information on the state of the industry’s security practices.
Given a number of high-profile automotive cybersecurity incidents during the last 12 months, reasonable people might expect revolutionary changes in the automotive industry’s attitude toward cybersecurity, explained Gene Carter, director of product management and marketing at Security Innovation, one of the companies who sponsored the Ponemon survey.
Instead, the survey found that automakers and suppliers still haven’t made cybersecurity a priority in vehicle development. “The automotive industry has a very long way to go before embracing [the need to be fully prepared for] cybersecurity,” Carter told EE Times.
The survey was conducted among 500 respondents, all directly involved in developing of automotive software, with 44% coming from OEMs, with the balance from Tier 1, 2, and 3 suppliers.
According to feedback from the 500 respondents, only 52% believe that hackers are actively targeting automobiles. This number is slightly up 44% in the previous year’s survey.
Wasn’t the Jeep hack that led to Chrysler’s recall of 1.4 million vehicles in 2015 a wakeup call for the industry? Apparently not.
Talk about denial.
More worrying is that although half the industry believes hackers are targeting automobiles, only 54% of respondents agree that security is a priority for their company.
Further, less than half (42%) agreed that their company’s development processes include rigorous security requirements, design, implementation and testing, according to the survey results.
Carter told us that even though some in the industry have begun to accept the fact that automobile hacking is a real threat, “there has been little change in the behavior of automakers and suppliers to address the growing concern.”
Continue reading page 2 on Embedded's sister site, EE Times: "Do automakers still see hackers as a hoax?."