Feds to connected car makers: Do more about security -- now

Thu, 2016-04-14 12:58 -- Doug Peeples

So far, there are no documented instances of terrorists remotely hijacking connected cars, but a Department of Justice official said it's immensely important for those cars to have a high enough level of security to protect against any that may occur in the future.

John Carlin, Assistant Attorney General for National Security, spoke at the SAE World Congress in Detroit earlier this week and met with car company and law enforcement officials.

As the Detroit Free Press noted in a news article on the conference, 220 million cars connected to the Internet are likely to be cruising the roads in the next few years. And the DOJ and other federal agencies see a strong possibility that terrorists or cybercriminals would try to hack them because they are attractive targets.

Talking to reporters, Carlin said he wasn't trying to cause alarm but wanted car makers to weigh the possible security risks of connected cars. He said "It's better in every respect to think of the risk on the front end. We can't play catch up ... Assume the worst."

Carlin also referred to driverless cars, mentioning that they would be driving city streets by 2022 and that a few years later the market for those cars would be worth $42 billion. "You can easily see how the auto industry makes for a valuable target for hackers of all stripes. You have valuable information and infrastructure that they want."

Controlled demonstrations of how connected cars can be hacked have been done. While it's certainly a major challenge for car makers to protect Internet-connected cars to the degree DOJ and other agencies want them to, security isn't something car makers have been ignoring.

Late last year Sandy Lobenstein, VP for Connected Services and Product Planning at Toyota, testified before a congressional hearing on cars and the Internet. Among other things, Lobenstein told the committee: "As the ecosystem continues to evolve beyond the automotive companies, responsibility and accountability for protecting vehicles from potential cyberattacks and for preserving consumer privacy should also evolve to include all the relevant players."

Related articles…
How Microsoft and Toyota want to make your cars safer -- and far easier to drive
Daimler, BMW and Audi: How they're moving us closer to self-driving cars

Doug Peeples is a Portland, Oregon-based writer specializing in technology and energy. Follow @smartccouncil on Twitter.