The High Stakes of Cyber Security for Connected Cars


According to a report by journalist Susan Kuchinskas, which was released in association with the TU-Automotive Cybersecurity and TU-Automotive Detroit 2018 conferences, change is afoot in the cyber security market for connected cars.

As with everything IoT, connectivity ushers in a whole new set of risks alongside a string of promised conveniences and capabilities. Refrigerators can tell you the foods you’re running low on; they can also spy on you. Connected cars can put the brakes on before you rear-end someone; they can also run you off the road.

The stakes are high

The need for security looms large for every type of connected device. However, it’s worth pointing out that there’s risk … and then there’s risk. With mobile devices and desktop computers, the ramifications of a devastating breach are personal and financial. With vehicles, the devastation can be physical – potentially life-threatening.

Suffice it to say, security is important for connected cars.

And the industry is responding. In fact, within the last two years, the conversation around security has completely changed. According to Chris Thomas, a founder and partner of the venture investment firm Fontinalis Partners, it’s evolved from a discussion about what’s necessary and how much it’ll cost, to an imperative: “a must-have,” Kuchinskas reported.

“There’s been a huge paradigm change in how people think about [security] as an overall component of the system,” Thomas said.

Is security achievable?

It’s important to understand that in cyber security, there’s no such thing as “100 percent secure.” Anything that can be built can be broken. That’s why even giants like Microsoft and Apple are continually issuing security patches and updates: new weaknesses are discovered, then addressed – over and over.

In short, security isn’t a static goal to be attained. Rather, it’s a process: a verb.

This means that when we talk about securing connected cars, we’re not talking about a checklist. We’re talking about a posture, an approach. We’re talking about standards and best practices. These are what we can control, and when we control them well, the whole industry is safer.

However, there are, and always will be, attacks whose type and timing we can’t predict. If cyber security were a story, this tension between what we can control and what we can’t would be the central conflict of the plot.

Let’s pause on that note – but stay tuned for our next article, in which we’ll explore just how complex the goal of connected car security is (and why), along with what we can do to achieve the strongest possible security at every point on the chain: from tier-one companies all the way down to the consumer.