Full Speed Ahead for Automotive Security Research

By on

At the 2016 Black Hat security conference, automotive cybersecurity researchers Charlie Miller and Chris Valasek demonstrated new ways to hack the 2014 Jeep Cherokee they compromised at the conference the year before. They were able to stop the vehicle from any speed in seconds, manipulate the steering so as to crash the car, and take control of the cruise control. Their specific intrusions required a laptop to be connected to the vehicle’s onboard diagnostic port; however, it’s not hard to imagine that soon the same or similar hacks could be performed remotely.

It’s these kinds of scenarios that led McAfee to focus intently on automotive security. We’ve published a white paper, Automotive Security Best Practices, containing recommendations for building security into the design, fabrication and operation phases of the automotive production process. More than just a set of recommendations, this paper is a call to action for the industry to integrate best practices into their processes now to achieve automotive security.

While we’ll continue to hear stories about what could go wrong if connected cars are compromised by bad actors, I’d prefer to focus on what can go right when this key part of the Industrial Internet of Things is built with security from the ground up. Securing automobiles and the infrastructure that supports them will be a powerful enabler.  We know transportation efficiency and driver safety can be dramatically improved with new technology.

Today there are distributed security architectures and layers of defense that can be proactively applied to help secure cars from chip to cloud. These include hardware security, software security, network security, cloud security, supply chain security and data privacy and anonymity. My blog, Your “Check Security” Light is On, includes more details of each of these.

McAfee, Uber and Aeris announced the Automotive Security Review Board (ASRB), a non-profit industry consortium, that will play a foundational role in defining and guiding the research required to meet the challenges of next-generation cars. The members of the Board, chaired by McAfee’s Chief Technology Officer Steve Grobman, are themselves technical experts, and the Board’s Technical Steering Committee includes world-renowned security experts. One board member, in fact, is Chris Valasek, the very hacker whose disarming of the Jeep was intended to spur automakers to build multi-layer protections into cars, Miller told WIRED.  He and other members of the ASRB intend to tap both mainstream and alternative industry innovation to continually improve automotive safety.

Likewise, at McAfee, we will be pushing automotive security to the next level, through technical white papers, blogs, the ASRB, and in other ways that hold promise in the future. We see technology as a powerful enabler – as long as the right security is built in from the beginning. Doing so with connected cars will go a long way toward creating a safer transportation environment for all.

Please click here for more information on the white paper and ASRB. You’ll also find a video and infographic.

Leave a Comment

Similar articles

Now well into its second decade of commercial availability, cloud computing has become near-ubiquitous, with roughly 95 percent of businesses reporting that they have a cloud strategy. While cloud providers are more secure than ever before, there are still risks to using any cloud service. Fortunately, they can be largely mitigated by following these cloud ...
Read Blog
Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions ...
Read Blog