Emerging Cyber Defense for Cars

There is a new emerging market for cyber defense for cars

Cars today are equipped with some level of internet connectivity and wireless local area network (LAN). Allowing the car to tap into the internet provides additional benefits to the driver as well as the ability share internet access with other devices both inside and outside of the vehicle. Typical examples include: automatic notification of crashes, notification of speeding, weather alerts, all the way to the self-driving vehicles that are being developed and tested. Given this level of sophistication, protecting cars from malicious software is fast becoming big business.

Cyber threats have already started to appear in vehicles. Last year Fiat Chrysler did a recall to install new software in 1.4 million vehicles after researchers showed they could turn off a Jeep Cherokee’s engine as it drove. Software manipulation was also behind Volkswagen’s recent emissions scandal.

According to researcher IDATE, the number of connected cars has risen 57% annually since 2013 and approximately 420 million connected cars will be on the road by 2018.

The Vulnerabilities

The cyber defense concern is that hackers may eventually try to track driving patterns, interfere with fleet management of trucks, or falsify information passed electronically to insurance companies.

A large portion of this emerging market is coming from Israel and Silicon Valley, as both regions have lead in the cyber security market for the last 10 years. The race to keep cars secure and prevent the nightmare scenarios of a hackers commandeering your vehicle is “potentially a $10 billion market opportunity over the next five years” according to Daniel Ives, and analyst with FBR Capital Markets in New York.

A Two-pronged Defense

First, they must make sure nothing bad gets in, like a virus creeping in through the navigation system.

Then they have to keep internal communications secure to allow your vehicle to keep functioning, for example, side-view mirrors which angle down when backing up.

The Learning Curve

Check Point, headquartered in Tel Aviv, is one of the world’s largest cyber security firms. They pioneered the computer firewall two decades ago and hopes to repeat that success with a security capsule for vehicles. Alon Kantor, Vice President of Business Development, says they are focusing on protecting the car’s external gateway.

After two years of meeting carmakers and their top suppliers, he said they now have a working “proof of concept.” “The car manufacturers didn’t know exactly what cyber security was. We had to study the networks in different cars. It was mutual learning,” Kanto said. Check Point said they had to show executive from a few large automakers that they can hijack a car’s external communication channel by using a handheld transceiver and frequency jammer, both of which can be purchased on eBay for a few hundred dollars, coupled with a laptop computer running open-source software.

“Automakers are working to keep pace with the dynamic nature of cyber threats by incorporating security by design, developing internal expertise, and cultivating partnerships – both procedural and operational – with organizations specializing in cyber defense,” says the Alliance of Automobile Manufacturers, a Washington-based association of 12 of the largest car makers.

The Different Security Focuses

Check Point’s system has everything going in and out of the car pass through the company’s cloud-based network, where it is inspected in real time and malware is blocked. “The idea is to prevent the next recall and handle all security and updates over the air,” Kantor said.

Technology giants like IBM and CISCO have asked their teams in Israel to work on protecting cars too. “What makes cars so vulnerable to attack is that they are such complex systems,” said Yaron Wolfsthal, head of the IBM research center in the desert city of Beersheba. Premium cars, through a complex supply chain, can run up to 100 million lines of software code- about 12 times more than the new F-35 Stealth Fighter Jet! IBM has developed a comprehensive prototype, Wolfsthal said, and is looking to integrate it with a car manufacturer. The program will be connected to other IBM systems that can spot patterns of broader security breaches.

As car manufacturers look to technology to meet the demands for more features, safety, comfort, and entertainment in vehicles, it is apparent that cyber defense is going to be equally as important to keep us safe from hackers and malware alike.