Automotive industry races to address cyber security risks

TOKYO — As automakers rapidly adopt connected and automated technologies, the race is on to protect these vehicles from cyberattacks and computer viruses.

Toyota Motor aims to install connected technologies by 2020 in all its noncommercial vehicles for sale in Japan and the U.S., starting with the new Corolla hatchback and Crown sedan launched in June. With these technologies, vehicles can “communicate” with drivers, theoretically making driving safer and more efficient.

In the U.S., Subaru too announced its vision to make connected car services available in more than 80% of new vehicles sold in Japan, the U.S. and Canada by 2022. Tokyo-based market research specialist Fuji Keizai estimates that more than 100 million connected cars will be on the roads by 2035, accounting for 96.3% of all vehicles sold that year.

Yet, their vulnerability to cyberattacks is prompting companies, from suppliers to insurers, to develop protective solutions. Some jurisdictions and industry groups are also preparing guidelines for the market, which are hoped will draw more players into the market.

In 2015, two researchers succeeded in remotely turning off a Jeep Cherokee engine while it was being driven, which resulted in Fiat Chrysler Automobiles recalling 1.4 million such vehicles in the U.S.

Cars made by Toyota, Ford Motor and Tesla are among those being tested by hackers in organized experiments. Hackers were able to send commands to the vehicles’ network to control braking and accelerating, potentially take over keys and certificates, wiretap networks, and even overwrite commands from drivers.

Toyota ‘s new Crown enables drivers to check the route and time required for the journey using a smatphone app. (Photo by Koji Uema)
Auto parts and audiovisual products maker Harman International, an American subsidiary of Samsung, is working with carmakers to create software to block such attacks. It hopes to see its automotive cybersecurity software adopted in some vehicles in the U.S. and Europe by the end of this year.

The software protects these vehicles by putting up shields to ward off attacks via Wi-Fi, Bluetooth, intervehicle networks and other entry points that hackers can penetrate. Its technology detects electrical signals in these networks, with a special algorithm that disables the ability of automobiles to react to false commands. The company also provides automakers with cybersecurity analysis.

Asaf Atzmon, Harman senior director of business development and marketing for automotive cybersecurity, said, “[The software] is capable of selecting valuable information to be sent from vehicles needed to update algorithms.”

In March, Harman announced a two-year collaboration with France’s Groupe PSA on cybersecurity solutions, including consulting and preproduction work, to establish next-generation security services.

Other parts suppliers have also been investing in cybersecurity startups focused on connected cars. Japan’s Denso invested in U.S.-based automotive security companies DellfFer and ActiveScaler earlier this year. Germany-based Continental acquired Israeli startup Argus Cyber Security.

Insurance companies, too, are getting in on the act. Tokio Marine & Nichido Fire Insurance agreed in April to work on research in the area with White Motion, a joint venture between Japanese autoparts maker Calsonic Kansei and French cybersecurity company Quarkslab. It hopes to be able to come up with standards for insurance payouts as a result of cybersecurity breaches by 2019.

“We first need to collect know-how on evaluating potential cyber threats,” said Daisuke Kyogaku, deputy head of research and development manager at Tokio Marine. Deputy Manager Keisuke Okumura pointed to a new revenue source: “New protection services from cyberattacks may create another chance of profits.”

The key to the development of this new industry is determining who is ultimately responsible for accidents. Research has shown that hackers can plant a virus in the car’s black box that can erase any evidence of attacks.

“There is currently no international rule but each jurisdiction is discussing its own guidelines,” said Nobuhito Massimiliano Abe at A.T. Kearney, a management consultancy.

The U.S. is among the leaders in setting frameworks. Its Self Drive Act of 2017 requires motor vehicle manufacturers to form cybersecurity and privacy plans. They are also expected to follow best-practice guidelines drawn up by organizations including the National Highway Traffic Safety Administration and the Society of Automotive Engineers.

Asian countries are developing their own frameworks as well. Singapore updated its Computer Misuse and Cybersecurity Act last year to address the growing threat of cybercrime. Japan’s cybersecurity basic act encourages the industry to use appropriate data security measures concerning external communications. Dubai plans to release its own set of security standards for autonomous vehicles, based on analysis of the cyberthreats facing them.

The International Organization for Standardization is developing standards for road vehicles and cybersecurity engineering. This is expected to speed up the establishment of an international framework for security, enhancing the development and sales of next-generation cars.

However, risk consultant Woody Epstein said, “It is impossible to fully prove the accuracy of the program of autonomous cars or its complete protection from any measure of attacks.”

He said that civil laws must be established to require that “the vendor and independent parties must place all of the diagnostic information they find into the public domain when a technological failure inflicts damage,” in order to lower the future risks to society and to introduce a measure of transparency.

Leave a Reply

Your email address will not be published. Required fields are marked *