We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
A few months ago I bought my first new car in years. I was planning on buying a used one but decided that a shiny new vehicle would be a pandemic treat. I’m amazed at the connected car technology, all the embedded software-driven programs that have essentially turned the car into APIs on wheels.
I was thinking more about this in late January when a 19-year-old in Germany made international news with a grisly revelation: He was able to remotely access more than 25 Tesla vehicles and, if he had wanted to, some of their own. functions including unlocking the doors, opening the windows and even starting keyless driving.
The story had a happy ending. The teenager, David Colombo, is a white hat hacker who uses his skills to identify security flaws. For example, he discovered the holes in a third-party data logging app available to Tesla owners, TeslaMate, that allowed him to push commands to the cars. Colombo notified TeslaMate and Tesla and a solution was quickly issued.
The proliferation of connected cars
But the incident has served as a disturbing reminder that security vulnerabilities are a clear and present risk to all connected cars that are reshaping the automotive industry, and the nature of driving, and that better security should be a higher priority.
The technological disruption plaguing the automotive sector is accelerating rapidly. In August, President Biden signed an executive order that aims to make half of all new vehicles sold by 2030 zero-emissions, including battery, electric, plug-in hybrid electric or fuel cell electric vehicles. The government followed that up in February with a plan to allocate $5 billion to states to fund chargers for electric vehicles along highways.
The New York Times, in a story [subscription required] headlined “Why This Year Could Be a Tipping Point for Electric Cars,” reported in February that “battery-powered cars are experiencing a breakthrough moment.” The paper said a dramatic jump in the number of electric cars sold worldwide, from 2.5% of all new cars in 2019 to 9% last year, signals that 2022 “could be the year in which the advance of battery-powered cars became unstoppable, any doubt that the internal combustion engine is on the way to obsolescence.”
The proliferation of software in cars
Even before electric vehicles started to gain traction, the amount of software code in today’s cars had reached about 100 million lines [subscription required]and many experts expect that number to reach 300 million by 2030. To put that into context, a passenger plane has about 15 million lines of code and a modern jet fighter has about 25 million.
Many modern vehicles now have more than 100 electronic control units built in to control everything from seat belts to the infotainment system. Advances in cloud computing and 5G wireless technology allow vehicles to become increasingly smarter and more connected to the world around them, such as networks and services in homes, businesses, infrastructure and other vehicles. When software is eating the world, as entrepreneur Marc Andreessen once remarked [subscription required] in 2011, it absolutely devours the car.
These innovations are extremely exciting and should deliver a range of societal benefits, including cleaner air, reduced fuel consumption, safer roads and greater economic productivity. However, all this additional connectivity poses security and privacy challenges that have yet to be adequately addressed.
Cars as “information clearinghouses”
“The influx of digital innovations, from infotainment connectivity to wireless software updates, is turning cars into information centers,” said a McKinsey report. “These changes not only deliver significant customer value, but also expose vehicles to the more seamless side of the digital revolution. Hackers and other black-hatted intruders are trying to gain access to critical electronic units and data in vehicles, potentially compromising critical security functions and customer privacy.”
The current lack of security and privacy regulations and standards is a Wild West that won’t survive in the long run. That’s why I think federal and state lawmakers will soon become more aggressive in considering legislation to harden these systems against breaches.
Deja vu all over again
We’ve seen this movie before with emerging new technologies. In the early days of the Internet of Things, the tech industry was slow to focus on security and too often shipped devices with weak password protection and other vulnerabilities.
The auto industry cannot make the same mistake. The stakes are extremely high: automakers have not only a business, but also a legal and ethical reason to ensure that the new type of vehicles is safe and earns consumer trust.
The discovery of the Tesla vulnerability came six and a half years after security researchers discovered on a laptop 10 miles away [subscription required] an SUV that loses power, changes radio stations and turns on the windshield wipers using the car’s entertainment system connected to a mobile data network.
Why things like this still happen is a serious question that needs to be answered.
The need for safety regulations not only for self-driving cars, but also for all connected cars
In April 2018, California introduced regulations requiring autonomous vehicles to comply with applicable industry standards for cybersecurity. That’s great, but such thinking needs to be extended to the much larger universe of connected cars.
The United States demands technological transparency in other sectors, such as the federal regulations of the Centers for Medicare and Medicaid Services for data transfers using Application Programming Interfaces (APIs). It seems inevitable that there will be stricter oversight of automotive technology – not just in terms of security, but also in terms of data privacy. Automakers and their third-party partners will collect massive amounts of data in an automotive API ecosystem that will grow exponentially.
The industry would be wise to brace for the action ahead.
Kin Lane is chief evangelist at Postmanan API-first development platform whose user base has recently surpassed 20 million software developers.
Welcome to the VentureBeat Community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers