Roger Thornton, CTO of AlienVault, says essentially the same. "This is something we, as a species and an industry, have a very bad track record for," he said.
But, he adds that nothing is totally secure. "The field of cyberdefense is one of cat-and-mouse, where our latest defenses simply become the base line for our adversaries' next innovations," he said.
"To make any technical endpoint — a car, phone, PC — truly secure is a virtual impossibility while still leaving it useful to the user. The saying goes, the only secure computer is unplugged and buried in 20 feet of concrete. The same would go for a connected car."
That is Kiefer's view as well. "Given the speed at which vulnerabilities are found and exploited these days, compared to the engineering/production cycle of vehicles, a car designed secure two years ago will be easily hacked once it hits the road," he said.
"The major task will be to develop an autonomous framework that has been designed with security in mind, and then build upon it. A lot could be learned from existing security frameworks such as those for nuclear weapons or highly reliable systems used in the U.S. space program," he said.
James Arlen, senior security consultant with Leviathan Security Group and a hacking expert, offers a reminder that American roads are not exactly safe now, with individual drivers presumably in control.
"Honestly, in a system where your ability to drive is tested only at ages 16 and 80, with ineffective, revenue driven enforcement for the interval, I'd feel safer having MS Clippy (the old, now defunct Microsoft Office Assistant) at the wheel," he said. "With around 40,000 road deaths in the U.S. every year alone, anything at all would be safer."
Still, even if a driver (or rider) is statistically safer in an autonomous car, will owners trust it enough to give up control without some major security assurances?
Kevin Curran believes it will happen — gradually — as people become accustomed to the idea and also because manufacturers and developers will be confronted by liability risks.
"The motivation for security will be there," he said. "Everyone involved in the design could be held liable in a collision. Litigation could go back to third-party software design."
Stan Kiefer agreed, noting that in every industry, security becomes a priority when it has an impact on investment and profit. "The cost/risk balance will be mitigated to the level it makes economic sense," he said.
Roger Thornton believes it will take improvements in three areas — digital, connected and autonomous — to gain the trust of the average driving public. The technological capability of an autonomous car, he said, will likely drive the vehicle much better than a human could. The greater risks are in the digital and connected areas.
Sign up for Computerworld eNewsletters.