The reality of connected cars throws up some significant questions – not least about cybersecurity. The fear of a hacker gaining control of a vehicle as it speeds along is a very real one for potential consumers. Here, Sergey Zorin, a security expert at Kaspersky Lab, an international cybersecurity and anti-virus provider, talks to The National about driverless transport risks and protections.
Given the evidence of flaws in the basic technology itself (Google recently admitted blame for a crash involving its self-driving car), in addition to cybersecurity issues, how does the industry intend to address sustained consumer scepticism around autonomous vehicles?
At the moment technologies are developing fast with more connected cars appearing. These cars are not autonomous, but they bring various benefits to drivers – from security on the road to geo positioning and multimedia systems. So what should be done now, at the moment of developing these technologies, is consideration of all possible weak issues, including cybersecurity, of course. And we are already working closely with a number of car manufactures on these issues.
Some manufacturers, such as Tesla and more recently General Motors, have implemented “bug bounty” programmes, which can offer financial rewards for hackers to reveal flaws and bugs in company software code. Do you see this as a move in the right direction?
We believe these are very good initiatives: bug bounty programmes attract industry attention to cybersecurity issues of connected cars, helping them to develop with security in mind, being viewed from different sides by both companies’ and independent experts.
Existing technologies will provide some protection for the driverless car but new methods of attack will inevitably be developed. How do you see security technology keeping up?
Just like in IT security, we gather expertise on different aspects of security and we work on technologies for tracking potential risks. This combination of knowledge of the issues and proactive technologies helps mitigate even the threats that are just appearing. Everything can be compromised if the attacker has enough time and professionals in their team. But luckily, research has shown that it is not very easy to break through the security of modern cars.
Are car makers themselves a main source of concern regarding the implementation of sufficient cybersecurity?
We wouldn’t say car manufacturers have a bad attitude to security. Nevertheless there are some problems in the automotive industry that may cause trouble.
The first problem is that traditionally car manufacturers have to plan everything, including security, five to seven years ahead of time, because this is the typical cycle of development of a new car model – obviously security and hacking methods develop much faster than this.
Another problem is that due to technological limitations it is not always possible to implement security fixes fast and wide enough to totally eliminate all risks. Both these issues actually can be solved by implementing update mechanisms in the next generations of car electronics. This makes it possible to patch unexpected vulnerabilities soon after they are discovered. We expect that new generations of cars, planned for production five years from now, will be equipped with such technologies. The third security problem that car manufacturers are already facing is connectivity in cars. The connected car concept suggests that multiple modules inside the car have a data exchange channel with outside domains. Some vulnerabilities have already been discovered in these data exchange channels. As a security company we’ve been researching this area for several years now and we see that there are more vulnerabilities emerging. The development of trusted communications technologies for cars is something that both the security and automotive industries should be focusing on in coming years.
chnelson@thenational.ae
Follow The National's Business section on Twitter
