Why functionality continues to rule over security in the connected cars industry

(Image credit: Image Credit: Mikko Lemola / Shutterstock)

Nowadays there is a huge demand for connectivity across a number of industries however, as the internet of things (IoT) grows in popularity, the cyber threat associated with it also increases. One issue that arises is that manufacturers have a tendency to focus on competitive edge rather than security. In many cases automakers will face decisions on trading security for ease of use and convenience and to be on the “cutting edge”. 

A growth in vulnerabilities 

With rapid innovation around connected systems focused on the user experience, manufacturers are spending money on adding all sorts of fancy sensors to cars but not paying close enough attention to security. This creates a problem because as the number of systems involved in a vehicle increases but no significant change is made in the architecture of inter-system communications via the CAN bus, vulnerabilities will grow not shrink. At the core, these vehicles and their critical components are left wide open to attack. One issue that needs addressing is that, in some cases, the automakers are not yet equipped with the staff or expertise to protect these systems from attack. 

Lack of focus

The lack of focus on safety and functionality of connected cars may be due to a lack of regulation or mandates within the industry. Without any direction on security, the industry needs to find a new way of getting manufacturers more excited about protecting their products against potential attacks. Something like threat analytics could definitely do the trick. 

Threat analytics 

Lately analytics in general have been a growing area, for both automotive and other industries, as more and more systems become connected. Nevertheless, the most recent addition to the solutions is the introduction of analytics directly related not just to the safety of the system, but to the security protecting the system itself. Essentially, threat analytics goes beyond detecting threats to a given system but also to detect attacks to the protection itself. 

With the help of threat analytics, companies can monitor their vehicles and IoT devices in real time to discover the gaps and flaws in their security and then mitigate them. 

Who is responsible? 

There a number of elements involved in connected and self-driving cars, so it is unclear as to where the responsibility for their security lies - will it be the court of public opinion that judges? Or will stronger regulation be the answer? The court of public opinion will play a part and likely judge this one fairly quickly, leaving the automaker to take responsibility as it’ll be their reputation on the line. However, with the recent launch of a Code of Practice for consumer IoT by the UK Government, perhaps in some parts of the world regulation will throw its towel into the ring. 

Responsibility aside, protection is always a must. By investing in something like threat analytics, connected car manufacturers will be able to protect their products, their customers and, as a result, their reputation; whilst also keeping up with the latest connectivity trend.  

Rusty Carter, VP of Product Management at Arxan Technologies 

Rusty Carter
Rusty Carter is a security software executive with over 20 years experience, and the current Vice President of Product Management at Arxan Technologies, an application security company that provides application shielding and protection against reverse-engineering and tampering to the world’s largest companies. Prior to Arxan, Mr. Carter led product management at Symantec, McAfee, and Pulse Secure (formerly Juniper), and was responsible for the introduction and growth of multiple new products and lines of business.