PARIS—The computer industry has long known that there is no such thing as a computer that won’t get hacked. If Tesla is a computer on wheels, as many would say, then it’s hackable.
The attack surfaces of current and future connected cars are myriad (ranging from unprotected buses and communication channels to downloaded apps and firmware updates), offering hackers a million different scenarios to exploit.
Automotive engineers today “are wide awake” to the potential of cybersecurity, said Mike Ahmadi, global director, critical systems security, Synopsys Software Integrity Group.
With a growing number connected cars and coming autonomous cars planned for rollout, automakers know they have a bullseye on their back. They know hackers are eager to hack cars. Security researchers like Billy Rios says, “I’d love to do it even if I had to do it free.”
The question now is how best to deal with this imminent threat.
A group of 60 engineers — including those at carmakers and tier ones — have banded together and formed a “cybersecurity testing requirements task force,” according to Ahmadi. Two months ago, Ahmadi was invited to chair the group, which is now officially approved and placed under the SAE Vehicle Cybersecurity Systems Engineering Committee.
They believe the answer lies in testing — testing not just functional safety but also non-functional safety. And they believe in documentations and standards.
It’s easy to roll your eyes when you hear about yet another industry group drafting industry standards. But when it comes to cybersecurity, Ahmadi believes that the new task force is an essential step in the development of automotive robotics.
By testing, the members aren’t referring to the mileage and hours their connected cars must log for testing. Their plan is to “test infinity.”
Individual automakers have sporadically dabbled with different technical measures for cybersecurity such as penetration, malware or fuzz testing. The problem, however, is that “their framework lacks vigor,” Ahmadi noted.
The goal of the new group is “evidence-based testing and evaluation procedures for connected cars,” he explained.
The team is moving fast, said Ahmadi. “We’re meeting twice a month. Each meeting lasts two hours,” he added. The members are fully aware that they must learn fast, collaborate closely, and act promptly.