We don’t know what the world will look like when everybody drives a ‘connected car.’ But that shouldn’t keep us from making it clear who is responsible for the integrity of the software they run.
Some of the biggest and most exciting technological transformations anywhere are taking place in the auto industry. Long a technology laggard, automobiles are starting to make use of recent advances in wireless technology and remote sensing in ways that are mind blowing.
Automakers are already tearing a page out of the book of smartphone makers: porting mobile operating systems like Google’s Android to vehicles in order to offer modular, expandable entertainment systems that can accommodate ‘apps’ and other features drivers have become accustomed to. As this recent New York Times article makes clear, automakers are taking things a step further: experimenting with ‘predictive’ features that allow automobiles to anticipate the preferences of drivers by cribbing notes from that driver’s existing car.
And, with software now responsible for most of a car’s critical systems, manufacturers like Tesla are also moving to offering over-the-air (OTA) software updates directly to customer vehicles, saving expensive recalls or trips to the dealer. And, in the near future, carmakers are looking to leverage ubiquitous 4G connectivity and vehicle-to-vehicle communications to provide real-time crash avoidance and smart driver features.
But the shift to ‘smart’ and ‘connected’ vehicles also brings challenges. First and foremost: who is responsible for the maintenance of the software? If cars are running Android, does that mean Google will be sending your car service updates? Beyond that, will car owners be limited to approved applications – or will we see a subculture of owners who ‘jailbreak’ their vehicle in order to customize it in ways that manufacturers or dealers do not condone? Already, groups like OpenGarages.org are looking to democratize knowledge about the operation of connected vehicles – empowering a new generation of car hackers to experiment and innovate.
What about when things go wrong – including software errors, malicious software or online attacks against connected vehicles? For some, connected vehicles are just PCs in a different kind of package. Speaking with ReadWriteWeb, Judith Bitterli, chief marketing officer at AVG, an antivirus software maker, predicted that connected vehicle drivers will soon need to “be aware of hackers in your own car, like passengers who haven't secured their own devices.”
Drivers of connected cars will need to “become smarter about security, and sometimes rely on car manufacturers and dealerships to educate them before they drive off the lot,” Bitterli predicted. At the same time, dealerships will need to have “GeekSquad”-like teams of techies to troubleshoot software problems with vehicles.
But will they? I think there are lots of reasons to be wary of modeling our connected future – with hundreds of billions of Internet connected devices – too much in recent history. The decentralized and (frankly) chaotic world of the PC hasn’t proven very effective at discouraging attacks and other malicious activity. The stakes in securing connected vehicles – capable of hurtling down public thoroughfares at more than 120 mph – are much, much higher.
In this instance, as with others, I think it falls to the government and regulators to set high standards for automakers who are exploring connected vehicle features. Just as manufacturers of medical devices or airplanes must meet exacting design and safety standards for their products, so too should vehicle makers who are designing more interactive features into their cars.
Asking consumer-drivers to attend to pop-up warnings on their windshield is simply asking too much. So to is asking drivers to remember to install the latest malware signature update before hitting the road, and setting a strong password to access their car system. The GAO has already warned about this, issuing a report in January saying that leading automakers are often not following industry-recommended privacy practices with their connected vehicles.
Cars, its true, will become much more like computers in the years ahead, but that doesn’t mean that cars shouldn’t be secured against attacks and tampering in the same way. Security, when well designed and implemented, should be seamless – the auto industry has to have that as its standard when designing security for connected cars.