Vehicle manufacturers understand that a successful hack that caused death or destruction could be a major blow. ''The incentive to prevent a giant malicious attack, is huge,'' said Gundbert Scherf, a McKinsey partner and an author of the report.

And with drivers believing that their vehicles are the ultimate private cocoons, even a benign attack, such as an unexpected message on a car's infotainment screen, could easily cause a major public relations problem.

Cybersecurity companies must protect a vehicle in multiple ways. Threats include SIM cards carrying malicious code, faked over-the-air software updates, code sent from a smartphone to the vehicle and the tricking of vehicle sensors and cameras with wrong information.

In addition, malicious code can be introduced through dongles connected to a vehicle's computer port, commonly called the OBD-II port, which is typically under the steering wheel and is used for diagnostics and tracking.

Tracking fleets are even more at risk, said Moshe Shlisel, the chief executive of GuardKnox Cyber Technologies. An entire fleet could be shut down or otherwise compromised for a ransom, he said.

Mr. Shlisel said : ''It's just a matter of time before a major hack happens.''

Over-the-air-updates can patch software vulnerabilities in modern cars, but the industry aims to protect electronic systems before that happens - including systems most exposed to the outside world, such as audio, navigation and phone systems.

To protect them and more sensitive systems, safety measures are being taken along every step of the manufacturing chain, from software to hardware design.

Major software and hardware suppliers to the world's manufacturers build in firewalls to ensure that such elements as infotainment systems are prevented from passing code to systems that regulate speed, steering and other critical functions.

Vehicles electronic control units are being designed to send an alert if one system that normally never communicates with another suddenly tries to do so. And they're also locked down, so that an attempt to inject new code will be thwarted.

''Human life is involved, so cyber-security is our top priority,'' said Kevin Tierney, General Motors' vice president for global cybersecurity. The company, which has 90 engineers working full time on cybersecurity, practices what it calls ''defense in depth,'' removing unneeded software and creating rules that allow vehicle systems to communicate with one another only when necessary.

It's a practice also followed by Volkswagen, said Maj-Britt Peters, a spokeswoman for the company's software and technology group.

Continental, a major supplier of electronic parts to automakers, employs an intrusion detection and prevention system to thwart attacks.

''If the throttle position sensor is talking to the airbag, that is not planned,'' Mr. Smoly said. ''We can stop this, but we wouldn't do so while the vehicle was moving.''

It's possible that future window stickers on new cars may point out that a vehicle meets cybersecurity standards.

''We should rate vehicles for cybersecurity. the same way we rate them for crash protection,'' said Jason K. Levine, executive director of the Center for Auto Safety.

All of which raises a question : If the US government could not prevent Russia from Hacking into its computers, can vehicle manufacturers do a better job?

''I'm very used to the gloom-and-doom narrative, and I would caution against it,'' said Mr. Scherf of McKinsey. ''We still have enough time to shape the narrative.''

The World Students Society thanks author Eric A. Taub.


Post a Comment

Grace A Comment!