We’ve heard someone refer to a Tesla as an iPhone on wheels, and that’s not too far off.
Computer chips have been in automobiles for decades—that’ not new. What is new is that automobiles are now connected to the cloud. Just another node on the internet-of-things (IoT). And from a cybersecurity standpoint, that’s a whole new challenge.
The Industry Acknowledges the Challenges
To its credit, the industry acknowledges these new challenges. In this year’s upcoming 11th Automotive Cybersecurity 2022 show in Detroit, the brochure even states “Vehicles are more and more vulnerable to hacking, both in the car itself and via the back-end IT systems to which they connect.”
The show is set to have demonstrations on the following:
- Cutting-edge technologies to protect against zero-day vulnerabilities
- Next-generation cloud technologies to protect vehicles on the ground
- Utilizing blockchain technologies to secure identities & locations
- Future of automotive cybersecurity: cryptography, cryptographic keys, & quantum technologies
This no longer sounds like just chips in automobiles.
The Risks and Challenges are Enormous
What’s becoming apparent is that the automotive attack surface is immense. The challenges to protecting it are enormous and so is the cost of failure.
How big is the challenge? From CBI Secure, “These days, the average new car has more than 100 million lines of software code–that’s 15 times the amount of software needed to fly an airplane. Complicating matters, automakers are sourcing code from different suppliers and may not be familiar with all the code used in their lineups.”
The attack surface is not just the automobile. “Meanwhile, the electrification of vehicle propulsion systems and associated charging infrastructure are increasing opportunities for exploitation. The nexus of EVs, EV charging stations, and power grids creates complex cyber-physical interdependencies that can be exploited.”
“Like any connected device, EV chargers face a variety of cyber threats. Attackers can target EV charging system hardware and software, apps for locating and paying for charging station services, and wireless communication links. Charging stations can be a conduit for DDoS attacks, ransomware, and data theft.”
What’s the cost of failure?, “According to various studies, automakers could lose approximately $1.1 billion from a single attack.”
How to Protect Connected Automobiles
The first step to protecting connected automobiles from cyber threats is to stop thinking of them as automobiles and start thinking about them more like computers with lots of applications on them. Sometimes the on-premises analogy applies (i.e., for the automobile itself) and sometimes the cloud analogy applies (i.e., for anything the automobile is connected to).
Automobiles are like computer applications in one more way. It’s always better to uncover problems in the design phase, before it hits production. Threat modeling, a techniques that’s been used effectively for years to uncover software vulnerabilities prior to deployment, is just as applicable to computers on wheels.
Commercially available threat modeling platforms can be used to automatically model threats on the automobile, in the cloud and everywhere in between. If you’d like to see a demo of a threat modeling platform that can help you protect your automobile, reach out to ThreatModeler. We’ll show you why we’re trusted by a growing number of the Fortune 1000 CISOs.