IT Support and Hardware for Clinics
31.3K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Ramping Up Automobile Cybersecurity

Ramping Up Automobile Cybersecurity | IT Support and Hardware for Clinics | Scoop.it

In late 2014, signs emerged that the automobile industry was taking the first steps toward addressing cybersecurity and privacy risks.

See Also: Solving the Mobile Security Challenge

For instance, General Motors hired its first chief product cybersecurity officer, and the automobile industry set up an automobile Information Sharing and Analysis Center to collect and share information about cyber-related threats and vulnerabilities in motor vehicle electronics.


Heading into 2015, efforts to mitigate cybersecurity and privacy risks affecting automobiles continue to gain traction. Recently, Senator Edward Markey, D-Mass., issued a report detailing various automobile security and privacy vulnerabilities. Then, on Feb. 11, Markey confirmed that he, along with Senator Richard Blumenthal, D-Conn., will introduce legislation that would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards for improving the security of vehicles and protecting drivers' privacy.

"We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century," Markey says.

The senators' efforts come after auto manufacturer BMW recently addressed a potential security gap affecting data transmissions to and from the company's connected vehicles via the mobile phone network.

But while early steps are being taken by the industry to get on top of the risks, progress around securing automobiles may not come as quickly as some would hope. "Sure, proof of concept exploits are there - and they are real - but there is not even a semblance of exploitation by the criminals in the wild," says Anton Chuvakin, research vice president for security and risk management at Gartner.

"We do have a chance to prepare for this now by starting early with car and other device security," he says. "However, the history of information security teaches us that we probably won't. Today the threat is mostly 'not' real, but all signs point that it will become real."

Key Risks

Chris Valasek, director of vehicle security research at IOActive, a computer security services firm, has researched cyber vulnerabilities in automobiles through funding from the Cyber Fast Track initiative from the Defense Advanced Research Projects Agency, or DARPA.

Based on his research, Valasek says hackers could gain access to a vehicle's systems and potentially take private information, such as GPS coordinates or the driver's username and password for various in-car applications. Also, cybercriminals potentially could obtain control of computers within the car that operate certain features, such as cruise control, Valasek says.

"[Through our research], we showed that if you're on the car's computer network, you could send messages to completely stop the car and immobilize it," he says. "If an attacker found a way to break in remotely - through Bluetooth, cellular or an application - and was able to be on the right portion of the car's network, they could stop the car, disengage breaks or steer the steering wheel."

Down the road, automakers also need to worry about the potential cyberthreats concerning so-called "autonomous" or driverless vehicles now in development, says Stephen Wu, an attorney at the Silicon Valley Law Group, who has been researching the legal concerns regarding autonomous driving. "If cars crash because of information security vulnerabilities, it could lead to liability for the manufacturers," he says. "They need not only be concerned about safety, but also the governance of information security, privacy and the management of information that's being generated and communicated by cars."

Security Gaps Remain

The recent report from Senator Markey is based on a survey of 16 major automobile manufacturers about how vehicles may be vulnerable to hackers and how driver information is collected and protected.

Among the findings:

  • Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions;
  • Most automobile manufacturers were unaware of or unable to report on past hacking incidents;
  • Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers;
  • Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real time, and most said they rely on technologies that cannot be used for this purpose at all.

Valasek at IOActive says the biggest takeaway from the report is how most of the manufacturers couldn't answer many questions. "This means that not only are they behind on their security efforts, but probably don't have a good idea of the attack landscape or where to start," he says.

Legislation

The new legislation proposed by Markey would include three key requirements:

  • All wireless access points in cars must be protected against hacking attacks and evaluated using penetration testing;
  • All collected information must be appropriately secured and encrypted to prevent unwanted access; and
  • The manufacturer or third-party feature provider must be able to detect, report and respond to real-time hacking events.

To address privacy issues, Markey is seeking a transparency requirement that drivers be made explicitly aware of data collection, transmission and use. He also wants consumers to have the ability to choose whether data is collected, without having to disable navigation. And he's seeking prohibition of the use of personal driving information for advertising or marketing purposes.

"In essence, the proposed legislation codifies what have been best practices in privacy and security for years," says Scot Ganow, a privacy and security attorney at the law firm Faruki Ireland and Cox PLL.

But that doesn't mean the proposed law won't face challenges similar to those that have arisen in previous failed attempts to adopt federal data breach legislation, Ganow says. "As with all laws seeking to regulate commerce and, in particular, the flow of information, the struggle will exist over balancing appropriate regulation while not choking innovation and corporate independence."

Proactive Approach

As the security and privacy landscape around automobiles continues to take shape, manufacturers can start taking the necessary steps to get ahead of the challenge before it becomes a real problem.

Right now, hacking a vehicle is still very hard and very expensive, Valasek says. "That's not to say that won't change in the future. But you want to start implementing security measures before there is an actual problem."

Valasek argues that manufacturers "will have to accept that security is required as part of the process and not an after-thought. Only then can we truly talk about mitigating risks."

In addition, automakers should hire more cybersecurity experts and attempt to integrate security into the automotive software development lifecycle, says Ben Johnson, chief security strategist at Bit9 + Carbon Black, an endpoint security firm. "Immediately, I would be hiring penetration-testers and security consultants to do as much assessment and analysis of the existing systems as possible," he says.

It may also be in the best interest of the automobile industry - and consumers - if manufacturers adopt a model similar to PCI-DSS, the independently developed standards in the payments card industry, says Andreas Mai, director for smart connected vehicles at Cisco. "If an independent body devised a list of security features and controls that a vehicle and its computer systems should have, and the body audited vehicles for adherence, even if it was voluntary, like Consumer Reports, it would at least provide consumers with the notion someone has looked at security and provide a baseline level of confidence," he says.


more...
Secunoid's curator insight, February 19, 2015 1:52 PM

The next frontier to keep an eye out for from security perspective, Automobiles.

Sandesh's curator insight, March 23, 2015 9:55 AM

They have introduced the cybersecurity which is attached withh audio player

Scoop.it!

UK gives thumbs-up to driverless cars — but first come the driverless pods

The UK is opening up its roads to driverless cars, with the government announcing this weeks that it wants to take a "light touch, non-regulatory approach" to trials of autonomous vehicles. The decision comes after a six-month review of the country's suitability for driverless tech, with the government confirming that current laws are no barrier to testing, and that £19 million ($29 million) in funding will be handed out to four pilot schemes across the country.

However, this doesn't mean that UK residents can expect to see empty hatchbacks roaming the streets anytime soon. In terms of actual utility the projects scheduled for trials later this year are more like localized shuttles than actual cars: they'll operate in limited numbers, mostly in pedestrianised areas, they won't be available for public use, and they'll always have a licensed driver behind the wheel.

THESE AREN'T CARS — THEY'RE SHUTTLES

The government plans to introduce a new "code of practice" to regulate the trials, a non-legislative approach that it says will be "more flexible and less onerous ... than the regulatory approach being followed in other countries, notably in the US." No doubt this refers to the fact that although America was the first country to introduce laws covering driverless cars the vehicles are only currently legal in four states. In Europe, only Germany and Sweden have carried out similar legal reviews. The UK government also announced that it does plan to introduce actual legislation in 2017 that would cover more complex issues — such as liability in the case of a crash.

The Uk wants the law to be "more flexible and less onerous" than in America

The schemes currently planned for the UK aren't likely to cause any pile-ups however — two of them use electrical vehicles that can't travel much faster than a run, while the third is currently based around a single military jeep and won't hit the streets until 2016. The two projects using electric cars are scheduled to begin testing later this year: that's the Lutz Pathfinder Pod in Milton Keynes and Coventry, and the Meridian shuttle in the southern London borough of Greenwich. The final project is run by Venturer and will be operating out of Bristol, but only consists of single, repurposed military jeep, and won't hit the streets until 2016.

Of the more immediate projects, the Lutz is the more futuristic looking of the two, with angular wheel caps and a windscreen that arches over the top of the two-seater cab. The Meridian is bigger but looks more like a double-ended golf cart, with a sort of circular seating pit that fits ten and looks fit for shuttling tourists around at Disney World. Neither are particularly fast (the Lutz has a top speed of 15mph while the Meridian can't go faster than 12mph) and both will stick to primarily pedestrianized areas.

It's a small step for now, but the UK government obviously has big plans to open up development as fast possible. Who knows what might grow out of these little pods?


more...
eric roberts's curator insight, February 13, 2015 3:45 AM

I must be getting really old ?

i just cant see these things taking of here in the UK, without special lanes for them, which separate them from the regular cars. driverless cars ?what next.

www.pellonautocentre.com/blog


Be-Bound®'s curator insight, February 13, 2015 4:46 AM

Slowly but surely we are getting to the next giant leap that will imply IoT and the connected cars.

Scoop.it!

TESLA: In 6 months we will start producing battery packs that can power a home

TESLA: In 6 months we will start producing battery packs that can power a home | IT Support and Hardware for Clinics | Scoop.it

On Wednesday evening, Tesla revealed plans to release a new battery that it said could power homes. 

"We are going to unveil the Tesla home battery, the consumer battery that would be for use in people's houses or businesses fairly soon," CEO Elon Musk said, according to Bloomberg.

On Tesla's earnings call, CTO JB Straubel said the company would most likely hold an event in the next "month or two" to reveal the battery, according to a Seeking Alpha transcript. The battery would enter production in "about six months or so."

What is this battery? Straubel didn't go into deep detail. He just said, "It's really great. I'm really excited about it."

This isn't the first time Tesla discussed a battery for the home. The Verge reports:

On an earnings call last year Musk had laid out his ambition to make something that would live in consumers' homes, instead of their cars. "We are trying to figure out what would be a cool stationary (battery) pack," Musk said. "Some will be like the Model S pack: something flat, 5 inches off the wall, wall mounted, with a beautiful cover, an integrated bi-directional inverter, and plug and play."

"The long-term demand for stationary energy storage is extraordinary," added JB Straubel, Tesla's chief technical officer, during that call. "We've done a huge amount of effort there and have talked to major utilities and energy service companies." That plan seems like it's now much closer to a reality the company can share with the public.

Tesla is getting crushed Thursday after it missed analyst expectations and revealed plans to spend a "staggering" amount on capital expenditures. 

more...
No comment yet.