Do Automakers Still See Hackers as a Hoax?
MADISON, Wis. — Earlier this week, when the federal government’s automotive safety regulator laid out cybersecurity guidelines for carmakers, U.S. Transportation Secretary Anthony Foxx said that cybersecurity is “a safety issue and a top priority at the department.”
Clearly, the government’s agency hopes to get ahead of potential attacks
on vehicles, well before cybersecurity blows up in the face of connected
cars. There is fear among regulators that a cybersecurity failure could
irreparably damage the future of highly automated vehicles.
But never mind the fed’s concerns.
As it turns out, some of the best minds in the automotive industry don’t
believe hackers are interested in cars.
This perception is clear in survey results released Thursday by Ponemon
Institute, the leading independent security research organization.
The survey’s goal, as the institute explained, was to gather information
on the state of the industry’s security practices.
Given a number of high-profile automotive cybersecurity incidents during
the last 12 months, reasonable people might expect revolutionary changes
in the automotive industry’s attitude toward cybersecurity, explained
Gene Carter, director of product management and marketing at Security
Innovation, one of the companies who sponsored the Ponemon survey.
Instead, the survey found that automakers and suppliers still haven’t
made cybersecurity a priority in vehicle development. “The automotive
industry has a very long way to go before embracing [the need to be
fully prepared for] cybersecurity,” Carter told EE Times.
The survey was conducted among 500 respondents, all directly involved in
developing of automotive software, with 44% coming from OEMs, with the
balance from Tier 1, 2, and 3 suppliers.
Denials
According to feedback from the 500 respondents, only 52% believe that
hackers are actively targeting automobiles. This number is slightly up
44% in the previous year’s survey.
Wasn’t the Jeep hack that led to Chrysler’s recall of1.4 million vehicles in 2015 a wakeup call for the industry? Apparently not.
Talk about denial.
More worrying is that although half the industry believes hackers are targeting automobiles, only 54% of respondents agree that security is a priority for their company.
Further, less than half (42%) agreed that their company’s development processes include rigorous security requirements, design, implementation and testing, according to the survey results.
Carter told us that even though some in the industry have begun to accept the fact that automobile hacking is a real threat, “there has been little change in the behavior of automakers and suppliers to address the growing concern.”
Next page: Who's responsible?