Illustration: Aïda Amer/Axios

Amidst legislative stalling, a consortium of twelve manufacturers has developed a framework for automotive cybersecurity best practices.

The big picture: At first glance, their guidelines hit the right points — incorporating security into design, developing risk assessment and incident response strategies — but current security solutions are not sufficient against increasingly sophisticated threats.

Background: The Self-Drive Act, a bill that didn't make it through Congress, required “manufacturers of highly automated vehicles to develop written cybersecurity and privacy plans for such vehicles prior to offering them for sale.”

  • However, it fell short of prescribing specific guidelines for how security systems will ensure those objectives.
  • In developing their own safety and cybersecurity guidelines, automakers were trying to keep drivers and passengers safe — and also aiming to satisfy regulators who, in the absence of industry action or input, could impose rules that may be less favorable to companies.

What's happening: Today, most security solutions rely on rules, logic and signatures to detect threats, but this means they can only detect known threats. Contemporary security systems essentially do the bare minimum to comply with security guidances.

  • This is one reason current security measures are not the best place to start in designing a framework. Any time hackers develop new viruses or malware, cybersecurity programs play catch-up.

What's needed: To go beyond compliance and prevent hackers before they compromise security measures, manufacturers need to develop systems that will enable them to meet these still-unknown threats.

  • Examination of vehicle system behavior anomalies could be a solution. If a hacker tries to install malware into a vehicle's ECU, the system would detect activity in the ECU that should not be taking place.
  • In another scenario, if a vehicle's ECU is acting in an irregular manner, that could mean that malware is present. The system could be programmed to block vehicle operations until the threat is addressed, preventing the malware from acting.

The bottom line: Cyber threats are increasing as more vehicles become connected, and as connected vehicles become more sophisticated. Current solutions are not advanced enough to satisfy the spirit of even the strictest security and privacy guidelines. Updating the solutions and frameworks should go hand in hand.

Yossi Vardi is the CEO of SafeRide Technologies, an automotive cybersecurity startup.

Go deeper

Twitter launches warnings on election misinformation and delays

Photo: courtesy of Twitter

Twitter will start pinning notices to the top of all U.S. Twitter users’ timelines warning that results in next week’s election may be delayed and that they may encounter misinformation on mail-in voting.

Why it matters: Delayed election results are expected across many states that are handling unprecedented amounts of absentee and mailed ballots, which President Trump has baselessly called "very dangerous" and "corrupt."

Miriam Kramer, author of Space
2 hours ago - Science

NASA confirms water exists on sunny parts of the Moon

Photo: NASA/JPL/USGS

Water on the Moon might be more easily accessible than previously thought, opening up new possible avenues for future human exploration, according to a new study.

Why it matters: NASA is aiming to send people back to the Moon as part of its Artemis program by 2024, with plans to eventually create a sustainable presence on the lunar surface. That sustainability relies on mining the moon for its resources, like water.

Updated 2 hours ago - Politics & Policy

Pence no longer expected at Amy Coney Barrett's final confirmation vote

Photo: Ben Hasty/MediaNews Group/Reading Eagle via Getty Images

Vice President Mike Pence no longer plans to attend the Senate's final confirmation vote for Judge Amy Coney Barrett, a Pence aide confirmed to CNN and Politico on Monday. On Sunday, Senate Democrats claimed that his presence after possible exposure to the coronavirus would be a "violation of common decency."

Driving the news: Five of Pence's aides were recently diagnosed with COVID-19, including his chief of staff, who is currently quarantining. Pence has continued his campaign travel despite his possible exposure, which goes against CDC guidelines.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!