The invention of the automobile created a quantum leap in productivity and lifestyle improvements for people around the world. The development of smart cars that can monitor surrounding traffic and, ultimately, that can drive themselves with no human interaction, promises to be the next quantum leap if developers can insulate smart cars from inevitable scourge of hackers. Smart car technology developments have mostly ignored cybersecurity, but if smart cars are to take hold in society, manufacturers will need to provide assurances that this technology is safe and secure.
Automobile companies are no strangers to cyberattacks. Several of those companies have experienced data breaches over the past several years, and many industry watchers believe that those breaches are only the tip of the iceberg. The cyberattack risk that smart car developers are facing was highlighted in a controlled experiment in 2015, when hackers assumed control of an internet-enabled Jeep Cherokee through its dashboard entertainment system. The Jeep had been travelling at highway speeds when hired hackers first remotely took control of its sound system and environmental controls, and then shut the vehicle down altogether by cutting power to its electronic transmission.
The prospect of a hacker’s assumption of control over a smart car is only one of the significant risks that smart car developers must address. Smart cars necessarily collect information about a passenger’s transportation habits and the locations that he routinely visits, as well as more personal information such as contact lists and personal and financial data. Even without taking control of a smart car, hackers can target smart cars that have weaker cybersecurity systems to steal a treasure trove of information that can be used for identity theft. A more libertarian mindset might also argue that smart car data is ripe for improper cyber surveillance and violations of personal privacy by intrusive government authorities.
No easy solution is available to the smart car cybersecurity problem. Multiple different electronic control modules in smart cars include hundreds of millions of lines of embedded computer code. Hundreds of different manufacturers and developers are making parts and components for smart cars, all with little or no coordination of cybersecurity efforts and with no single entity that has knowledge of how those components interact. As technology improves, existing smart cars will continue to utilize legacy embedded code without being upgraded or patched to fix known cybersecurity risks. These risks are common to other Internet of Things (IoT) technologies, but the automobile’s central role in society exacerbates this risk where smart cars are concerned.
In their more than one-hundred-year history, automobiles have become safer and more secure through design and manufacturing improvements and regulatory requirements that have all but eliminated the more egregious risks of driving a car. The smart car industry will likely follow this trend with cybersecurity improvements and universal regulations that define a minimum strong cybersecurity standard for all smart cars and systems. The development of those improvements and regulations, however, will likely take time and in the interim, smart cars will continue to pose a higher cybersecurity risk.
All states require drivers to carry some form of automobile property and liability insurance. Cyber insurance is the logical extension of that property and liability insurance for smart cars and all other vehicles that are equipped with internet-enabled technology. A good cyber insurance policy can protect a smart car owner against direct property losses that are related to damages caused by hackers who, for example, assume control of a smart car while it is on the road. That cyber insurance can also cover indirect, third-party losses associated with theft of personal or financial information from a smart car’s electronic pathway to that information.
Consumer awareness of smart car cyber insecurity will be a driving force to improve the technology’s defenses against hackers and cyberthieves. Cyber insurance will be a necessary protective mechanisms that will complement those improvements.