The latest perceived target for cyber criminals: the automobile. The DOT has a vision for a networked automotive future in which cars speak to each other and to roadway infrastructure via wireless communications. But opening up those channels of inter-car communication means also providing a way in--an avenue that hackers could exploit for ill. As such, the Department of Transportation is looking for ideas to help it develop an automotive cyber security roadmap that will, in due time, impart the technologies we need to safeguard our wired roadways.
This isn't so much a call for proposals a la Darpa as much as a genuine call for ideas--that is, there's no contract to be awarded as a result of this request for information. But the DOT still wants your input, should you have any to offer. Via the RFI:
The USDOT is collecting relevant information to characterize needs and establish a strategic research roadmap to meet the rising challenges of ensuring the safety of automotive safety-critical systems due to increasing complexity of motor vehicle systems using advanced electronic controls to improve drivability, safety, efficiency, and operational reliability; escalating use of information technology in motor vehicles to enhance basic and secondary vehicle functions and to enable infotainment applications; and wireless connectivity to in-vehicle systems, between vehicles and external information networks, and among vehicles.
Essentially, it sounds like the DOT is smart enough to know that America's roadways will evolve, either within the scope of its own Connected Vehicles vision or beyond it. And it wants to be prepared. Call it an official acknowledgement that change is afoot on America's highways and byways.
I'm happy they are actually addressing this matter. This has been on my mind since last year when I learned about the development of tangible systems. Now my question is "Will every car's computer be labeled with its license plate number, and if so will it report everyone who drives over the speed limit to the proper authorities?" I personally think that the DOT should simply establish the system and then have nothing to do with it except for monitoring status of the system as a whole and maintenance. I also think that when we do get to the point of autopilot that there should always be an override feature in personal vehicles and that that override feature be the master override so we can maintain control of our car.
Auto Computer systems like OnStar have already been hacked. Criminals have figured out where the specific car is located using the auto GPS system, hacked to automatically unlock the doors and start it, without your key, then steal it with out you even knowing.
The problem I fear is this. That hackers will soon be able to place trojan viruses in the auto's computer system of million of cars, then and on a certain programmed "death date" the brakes will be disabled, the gas peddle sticks at 100MPH and the steering wheel will be prompted to take and immediate quick left turn.. Killing million of people in rush hour traffic as the largest traffic pile up the world has ever seen. Think I'm kidding? How do you know the Government isn't already tracking your whereabouts via your OnStar GPS?
I suggest stick to the old autos, avoid this new OnStar GPS technology and keep your families safe.
The best move would be to simply to eliminate any and all central servers.
Ie no smart roadways all the intelligence is in the vehicles.
Another important thing there needs to be an air gap firewall between the engine control systems and navigation system.
No linking them via the CAN bus that way a hacker cannot do things like disable engines braking systems etc.
There is is no need for interconnected vehicles so I think the budget for this research can be pulled as the government simply cannot afford it.
I agree Ruri!
Let's not spend more of our money on this. Besides, systems should be simplified as they're being enhanced.
I see paranoia is running rampant here.
The issue is simple, this is not about the ability to communicate, but the ability to download and run new code. This only becomes possible if wireless updates and/or third party applications are allowed.
Design it so the only way to update or install new code is via wire. Make this available only through the dealer as a service . Only dealer/manufacturer approved 3rd party software will be permitted.
A hacker could hack his own car, but would not be able to distribute that code to other vehicles.
If an individual were to get 3rd party software on the internet, and then manually download it to his own car, then he is responsible, and most importantly knows it is happening.
If you buy a used car, take it to the dealer and have it wiped clean and re-programmed with approved software.
If a hacker can plug something into his/her car and mess with it, all he/she has to do is plug into another car and mess with it. I personally think the idea of an air gap between the two systems would be amazing but with that air gap the possibility of making auto-pilot for cars might be ruined unless you can get all systems to simply transmit quantitative data and lack the ability to do true downloads and uploads and actually a third and fourth system should be used. One controls the engine, one is the actual piloting system, the in car sensors and transceivers (only capable of receiving and sending analyzable data), and the smart roadway system sensors and transceivers with the previously mentioned restrictions.