3. Where current cybersecurity guidelines fall short
Amidst legislative stalling, a consortium of 12 manufacturers has developed a framework for automotive cybersecurity best practices, Yossi Vardi writes for Axios Expert Voices.
The big picture: At first glance, their guidelines hit the right points — incorporating security into design, developing risk assessment and incident response strategies — but current security solutions are not sufficient against increasingly sophisticated threats.
Background: The Self-Drive Act, a bill that didn't make it through Congress, required "manufacturers of highly automated vehicles to develop written cybersecurity and privacy plans for such vehicles prior to offering them for sale."
- However, it fell short of prescribing specific guidelines for how security systems will ensure those objectives.
- In developing their own safety and cybersecurity guidelines, automakers were trying to keep drivers and passengers safe — and also aiming to satisfy regulators who, in the absence of industry action or input, could impose rules that may be less favorable to companies.
What's happening: Today, most security solutions rely on rules, logic and signatures to detect threats, but this means they can only detect known threats. Contemporary security systems essentially do the bare minimum to comply with security guidances.
- This is one reason current security measures are not the best place to start in designing a framework. Any time hackers develop new viruses or malware, cybersecurity programs play catch-up.
What's needed: To go beyond compliance and prevent hackers before they compromise security measures, manufacturers need to develop systems that will enable them to meet these still-unknown threats.
Yossi Vardi is the CEO of SafeRide Technologies, an automotive cybersecurity startup.