Vehicle IT Security in the Spotlight
As the issue of Cybersecurity for vehicles comes into the spotlight in The US, The Truck Industry Council (TIC) believes Australian regulations are more stringent and will therefore be more effective in protecting against vehicle hacking.
Last week the tech magazine Wired described in detail how it successfully hacked a Jeep Cherokee while it was on the road, in an effort to demonstrate how vulnerable vehicle information technology is.
The post’s writer, Andy Greenberg also related how 2 years prior, researchers managed to gain access to a vehicle’s electronically controlled systems through an on-board diagnostic port, and now they are able to the same remotely.
It just so happens, that US Senators Ed Markey and Richard Blumenthal have introduced the Security and Privacy in Your Car ACT of 2015 (SPY Car Act) in the Senate to amend Title 49 of The US Code of Federal Regulations, addressing transportation and related security. The Act seeks to introduce mandatory “cyber security standards for motor vehicles”, in a 2-year timeframe. The Act states:
“All entry points to the electronic systems of each motor vehicle manufactured for sale in the United States shall be equipped with reasonable measures to protect against hacking attacks,” it states.
According to Fullyloaded.com.au, if passed the bill would result in the following measures
isolation measures to separate critical software systems from noncritical software systems
evaluation for security vulnerabilities following best security practices, including appropriate applications of techniques such as penetration testing
protection for data collected by inbuilt electronic systems either on-board, transmitted or stored elsewhere
capabilities to immediately detect, report, and stop attempts to intercept driving data or control the vehicle.
Senator Markey believes the Act would help “protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles”, while Senator Blumenthal spoke of the need to protect against cyber criminals exploiting technological advances in vehicles such as wireless connected vehicles and self-driving.
Despite the senators raising concerns about potential loopholes in the American system, at home The Truck Industry Council (TIC) says Australian laws are much tougher and will protect commercial vehicles from the vehicle hacking that Americans are now concerned about.
While US Senators attempt to strengthen their country’s defences against vehicle IT vulnerability, a chief TIC technical officer Mark Hammond in a written response insisted that Australian commercial vehicles are sufficiently resistant to hacking and that onboard systems weren’t problematically vulnerable, having used similar standards as those set by The European Union (EU). The trucks sold here in Australia must comply with these strict standards.
Mr Hammond stated:
“All automotive products sold in Australia, including trucks, must comply with standards/regulations that detail test requirements for Electro Magnetic Compatibility and Immunity [EMC],” he writes.
“In Australia this is controlled by the federal government and specifically the Australian Communications and Media Authority (ACMA).
“ACMA have chosen to use European EMC regulations for Australia.
“These European Union [EU] standards are far more stringent than the current EMC regulations that apply in the US and Japan, although Japan is working towards adopting the EU EMC standards fairly quickly.”
Mr Hammond did go on to assure the industry that government will continue working with organisations and vehicle manufacturers to identify potential safety and/or cyber risks and look into regulations and vehicle standards is necessary as the US Senators are now doing.
The TIC officer explained in conclusion:
“Finally, TIC in no way supports or endorses the public disclosure of information that could encourage or assist in any way a person or persons to gain unauthorised and unlawful access and/or control of any system or function of a motor vehicle.”
Mr Hammond also explained that such hacks as the one documented on Wired, although possible are unlikely due to the immense effort that went into just one hack. He highlighted that this hack took 3 years of initial work, a university grant of US$80,000 and numerous vehicles which were torn apart.
“This was no ‘quick and simple’ computer hack,” Hammond stated.
While this hack is a warning to vehicle manufacturers and governments he doesn’t believe we have any cause for concern here in Australia.