Do We Need Cyber-Ratings for the Auto Industry?

Jacob Olcott, VP of Business Development at BitSight Technologies, moderated this session with partners in crime Akshay Anand, Manager of Commercial Insights at Kelley Blue Book, Dr. Karl Koscher, Postdoctoral Researcher at UC San Diego, and Chien Lieu, Senior Legislative Advisor at Venable. A well-decorated and experienced panel on today’s topic of conversation: Automotive Autonomics. Olcott started the proceedings with an open ended question to the panel asking if consumers are actually aware of the risks and dangers involved with car system hacking.

“Consumer awareness has actually dropped from 75% to 25%,” said Anand, a startling fact which surely should drive the government to act on this matter.

This form of cybercrime is quite unique as it can lead to loss of life, which is really not acceptable in such a well-established industry where safety is paramount. Koscher, a driver of an 18-year-old car, refers to the case where hackers took over the controls of a newer Ford Escape through the car’s telematics over a cellular network. This steers us towards the head scratching question – why, with such a stringent safety standard rating system, does the subsection of ‘cybersecurity’ seemingly not factor in at all?

Rightfully so, the consumers wash their hands of responsibility. But who’s taking on this beast? Is the government doing enough with controls and laws to ensure the safety of this nation?

“Currently, it’s only the private sector actively combatting this threat of the next imminent attack on an unsuspecting motorist,” said Lieu. “There are standards which manufacturing companies must comply with. But, there are no standards on cybersecurity,” he added.

Anand – a self-confessed ”stats geek” – points out that less than 3% of consumers are concerned about such attacks. With only 2 types of cars providing an Internet service 5 years ago as compared to a massive 170 cars today; more and more consumers are getting connected while on the go. Yet, worrying about this risk is not at the forefront of peoples’ minds – rather, features like CarPlay and Android Auto are the programs people care about as it gives them the comfort and data accessibility they so crave while on the road.

The real struggle here is trying to get consumers to understand the risks. It’s tough for your average motorist to truly understand the dangers without having some kind of first-hand experience. Vulnerability analysis is not an easy thing to explain; the test methods and results are different from traditional crash test ratings – especially in today’s dynamic threat environment.

Senator Edward J. Marky of the Washington Office called upon NHTSA to introduce a control called ‘Spy Car Act’ to combat the problem of car hacking and informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards. Saying this, there’s the worrying possibility for motorists that insurance companies could increase the premiums on those driving models with a low cyber-threat rating? Also, would those cars with a low rating be an even easier target for cyber criminals?

The question still remains. Mandatory cyber-ratings – friend or foe? It seems that you, the consumer, will have to make this (uninformed) decision at the moment.