At the 2nd Billington Global Automotive Network Security Summit held on August 3rd, local time, members of the panel said that the risk management of autopilot and networked vehicle technology network security requires public-private cooperation and partnership.
Heidi King, deputy director of the National Highway Traffic Safety Administration (NHTSA), said: 'We need sound risk management processes and a network security culture to identify vulnerabilities and risks, anticipate unexpected situations, and be prepared adequately.'
Kim also stressed that the public's need for autonomy and networked automotive technology must be consistent with locally trusted technology. To do this, Kim said: 'The cooperation between the government and the private sector is crucial, Especially in strengthening threat management investment. '
At the same time, she also said: 'The public distrust may lead to a delay in the deployment of safer networked car technology, because public confidence is the key to technology deployment.'
♦ Growing network security needs
Former US Department of Homeland Security Michael Chertoff also discussed the growing demand for cybersecurity dialogue across the industry.
Chertof said: 'The topic of safety and security is no stranger to the automotive industry. When we consider these simulation security improvements and security improvements, we need to consider how to solve these problems from the network field.'
Chertof wants to know if the design needed to face new cybersecurity threats can be developed in a highly competitive industry market. He said, 'not only considering the complexity of the supplier, but also considering the entire ecosystem of supporting the car. The complexity of the system'. 'As we have autonomous cars and more intelligent cars, the security challenges will multiply. ' He also believes that in addition to development issues, the impact of related data is also Need to be solved. He cited the possibility of using autonomous driving and networked car technology to cause potentially dangerous accidents.
Chertof said: 'We need to consider how to use this data effectively, but also to ensure that the data will not be disclosed to others, and will not be passed on to those with ulterior motives. Because cars or trucks have become horrible now. One of the weapons of choice for the molecule. '
Chertof also highlighted the role of the federal government in cybersecurity and risk management. Chertof said: 'Most of the infrastructure is in the hands of the private sector. However, the only way for the government to truly protect the private sector is to work with the private sector. '
♦ Automotive engineers are the key to ensuring network security
General Motors President Dan Ammann also expressed a similar point of view. Ammann emphasized that as long as cybersecurity is still part of the early design phase, it may have an impact on autonomous vehicles.
'In this industry we must work together to prevent security breaches and crack down on bad behavior,' Ammann said. 'We are also designing a solution that can quickly respond to evolving threats.'
In the absence of engineers, Ammann also stressed the need to invest in the training of engineers. 'Because the shortage of talent in the front line of cybersecurity warfare is real, we need to cultivate engineering and technical aspects directly applicable to the field of cyber security. Talent. '
♦ Detroit's three major automakers have something to say
'The detection of one company is a precautionary measure for another company,' said Faye Francy, executive director of Auto-ISAC, to the summit participants. Auto-ISA was established in January 2016 and its official name is 'Automotive Information Sharing and Analysis Center' ( Automotive Information Sharing and Analysis Center), a network security information center for the North American automotive industry.
Michael Westra, Ford Motor Network's Automotive Network Security Technology Manager, stressed that it is necessary for automakers and suppliers to adjust their minds to address upcoming security threats.
'When you build the architecture, you need to assume that something is happening at any time.' Westra said. Regarding system updates, Westra said: 'This is the part of the field that I think the idea must change to some extent. '
In addition to the challenges of the automotive industry, Mark Chernoby, chief technology compliance officer at Fiat Chrysler, points out that automakers and suppliers also face the challenge of sharing the possibility of a common network vulnerability with others.
Jeffrey Massimilla, vice president of global cybersecurity at GM, said: 'The reality is that ISAC will work quickly if it does happen, because it is required to do so.'
The panelists further discussed the importance of public trust in the automotive industry, especially regarding the public's perception or fear of the automotive industry that may have an impact on the automotive industry's decision-making.
'How do we prove that the automotive industry has indeed taken action on these actions?' Nat Beuse, deputy director of vehicle safety research at NHTSA, questioned, 'Is this approach constructive and can inform policy makers?'
'I personally think that suppliers need to join us more and do more things, especially in terms of standards,' said Tim Piastrelli, GM's Cruise Division Security Director. 'Autonomous vehicles are a different 'variety'. It is also a different attack vector. '
Piastrelli declined to comment on who would be liable for the damage caused by hacking or intrusion during the construction of Cruise's web framework.