Internet-connected cars are tipped to revolutionize the automotive industry. However, according to a high-level US Justice Department official, they may also be used by rogue nation states to commit murder. As a result, the US government is warning that manufacturers of driverless car technology need to prioritize cybersecurity standards or risk coming under attack from cybercriminals and hackers.
"We've seen rogue nation states try to assassinate those that do not share their beliefs," said John Carlin, US assistant attorney general for national security, during a speech at the SAE 2016 World Congress in Detroit on 12 April. "If they were able to do it remotely through a car, I don't see why they consider that a safe zone." He added: "There is no internet-connected system where you can build a wall that's high enough or deep enough to keep a dedicated nation-state adversary or a sophisticated criminal group out of the system."
As reported by Bloomberg, Carlin said government agencies and large firms are still in the "early days" of adapting towards driverless car technology and remain "very unsettled" by the uncertainty these changes are causing.
"This will be the next battlefront," he said. "Right now what we have is this combination of carrots and sticks, and there's not a one-size-fits-all protocol that's been mandated by statute."
In the past 12 months alone there have been a number of notable cybersecurity incidents involving vehicles that rely on the internet to function. In 2015, two security experts were able to hack into the dashboard controls of a Jeep Cherokee and take over functions including locks, brakes, air conditioning and even steering. Fiat Chrysler was forced to issue a formal recall for over 1 million of the impacted vehicles in the US.
In his speech, Carlin indicated the frequency of hackers attempting to attack internet-connected cars is only going to rise and warned that nation states will inevitably be interested in such activity. "If you were able to do something that could affect a large scale of an industry - like 100,000 cars - you could see that being in the arsenal of a nation-state's tool kit as a new form of warfare," he asserted.
A report produced by the International Data Corporation (IDC) and released in March this year found it could take up to three years before driverless car manufacturers start to make vehicles with strong cybersecurity protections built-in as standard. "The industry is just beginning to debate cybersecurity issues surrounding connected cars," the report stated. "The question for manufacturers is whether this is realistically feasible, given the challenges ahead and the rate at which applications are being developed today."
