Along with the relatively nascent automotive anti-malware industry, system security is further endangered because vehicle engineers typically do not use the most state-of-the-art hardware. Instead, carmakers opts for processors that may be a generation or two older in order to ensure reliability and robustness. That older hardware, however, may be able to run up-to-date security systems, which can expose latent vulnerabilities in the hardware, according to Navigant.
The need for cybersecurity software is so critical that the Alliance of Automobile Manufacturers and the Association of Global Automakers set up its own Information Sharing and Analysis Center (ISAC), which enables the sharing of data involving cybersecurity.
Such info-sharing groups exist in most major industries, such as healthcare, financial services and aerospace, but until 2014 the auto industry didn't see the need for a cyber security network.
Within five years, most new vehicles will be connected to the Internet, according to Gartner. And, by 2035, there will be 21 million autonomous vehicles on roadways, according to research firm IHS Automotive.
The watershed moment
Egil Juliussen, director of research at IHS Automotive, said prior to last year's Jeep Cherokee hack, which was performed by two security experts who were able to control the vehicle remotely, the auto industry didn't see an immediate threat.
Fiat Chrysler Automobiles (FCA), the world's seventh largest automaker, issued a recall notice for 1.4 million vehicles in order fix a software hole that allowed hackers to wirelessly break into the Jeep Cherokee and electronically control vital functions.
"Last year they all got kicked in the butt," Juliussen said. "When that happened, then they had a data point around how much it could cost to fix these things -- 1.4 million cars that may cost $100, so all of a sudden you're looking at $140 million to fix that. So that changed how they looked at it."
"The first thing they did was look at existing systems...then began planning for new systems coming out in 2019 or 2018," he added.
While Internet-connected vehicles offer an avenue for attack, they also provide a potential solution to cybersecurity via over the air (OTA) software updates. Those updates are only now being offered by a limited number of automakers.
That will soon change.
By 2022, some 203 million vehicles on the road will be able to receive over-the-air software upgrades; among those vehicles, at least 22 million will also be able to get firmware upgrades, according a report by ABI Research.
By 2025, nearly half of all global light duty vehicle sales are expected to include telematics capabilities that will enable OTA software updates to address cyber security, functionality, and regulatory compliance issues, according to Navigant.
Sign up for Computerworld eNewsletters.