About half of British drivers (49 percent) are concerned about the safety of the connected car, according to a study. Car manufacturers also admit there could be a security lag of up to three years before systems catch up with cyber threats.
The report – commissioned by Veracode, a web and mobile application security product company, and carried out by the International Data Corporation (IDC) – found half of drivers are concerned about the security of driver-aid applications, such as adaptive cruise control, self-parking, and collision avoidance systems, reflecting an equal level of concern with the safety of the entire vehicle.
The research found several cybersecurity approaches being taken by manufacturers to reduce risk across a number of application-driven connected car systems, including performance, dashboard and smartphone connectivity, as well as driver aids. Combining driver sentiment with interviews from organisations such as Fiat-Chrysler, Seat, Scania, Delphi and German industry body ADAC, the paper sheds light on questions such as: What are the cybersecurity implications of the connected car? Who is responsible for ensuring the applications are secure? Where does product liability lie? What are the issues and approaches for personal data and privacy? Findings include:
· Driver downloaded applications pose security challenge. All manufacturers interviewed reported concerns around the security of critical systems being exposed to applications they did not develop, creating situations where the safety of the vehicle would ‘leave the control of the manufacturer’.
· Manufacturers should be liable for safety of the connected car. 87 percent of drivers polled believe all aspects of safety – including resiliency of applications to cyberattacks – rests with manufacturers, regardless of whether an in-car application was developed by a software company or the car manufacturers themselves.
· Manufacturers do not feel they need to worry about driver data privacy. However, 46 percent of drivers are concerned about this issue, particularly as applications continue to integrate. For example, as navigation system evolve to find, reserve and pay for parking automatically, the potential for leaking credit card information and other personal data arises.
Chris Wysopal, CTO, Veracode said: “What we’re seeing happen in the auto industry is a microcosm of what’s happening in financial services, healthcare and virtually every other sector – applications are not created with security in mind, creating a major area of risk. Exposing a car to the Internet makes it vulnerable to cyberattack due to poorly written software, which could render the car unstable or dangerous. Building a secure application development programme is a significant challenge for manufacturers, which is compounded by the need to do so under the microscope of government regulated safety standards and liability concerns.”
And Duncan Brown, research director, European Security Practice, IDC, said: “Manufacturers cannot afford to be complacent when it comes to application and overall system security within vehicles. The positive implication from our research is that the market for downloadable applications is large, spanning the entire market of drivers of all ages and genders. Manufacturers should increase their focus on how to secure applications that enhance car functionality, such as the many driving aids currently being developed.”
The joint IDC/Veracode white paper with more detailed statistics and conclusions from the study can be found at http://www.veracode.com/sites/default/files/Resources/Whitepapers/idc-veracode-connected-car-research-whitepaper.pdf.
