US Wants Cybersecurity Protection Plan For Cars

coondoggie writes "As cars and other forms of transportation increasingly rely on online systems for everything from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased. That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it build a roadmap to build 'motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems.'"

kill switch

[dotmax]

How come the first thing that came to mind was "they want to put a kill switch in my car?" They won't call it that, of course.

Better Idea

[milbournosphere]

Let's stop cramming all this electronic shit into our cars. The wireless capabilities of the newer cars these days is really starting to get scary. The tech is awesome, but the potential for wrong-doing (government, vandals, or otherwise) is just too great. Only so much of the new stuff they're coming out with is actually useful; the rest of it is just junk meant to distract from the actual act of driving, or to add to the billfold of whoever builds the replacements for these in-car computers.

Here is a start:

[MSesow]

As with so many other systems, when it doesn't need to be connected to a network to do what it does and when connecting it to said network opens up the chance for attacks over the network, THEN LEAVE IT OF THE FSCKING NETWORK! Regardless of if it is airplane systems, nuclear centerfuges, general industrial control systems, medical equipment, cars or whatever else, if you leave it completely unconnected from a network then you have removed a very real vector of attack. And that doesn't mean you have to stop paying attention, but it does mean you are off to a good start.

Why so much integration?

[King_TJ]

It seems to me there's really no inherent danger in adding wireless networking and other new electronics technologies to our vehicles. A big part of the potential problem stems from the insistence of auto-makers to integrate everything into ONE common system. For example, my 2007 Jeep Patriot 4x4 uses a CANBUS interface as the central communications bus for practically all of the electronics in the vehicle. If you try to swap out something like the factory headlights with an aftermarket set of HID lamps? You're likely to run into problems, because the system senses less electrical resistance on the headlight circuit than it expects, so it makes lights blink on and off in an "error" pattern. You can't successfully change out the factory stereo with an aftermarket one either, without spending $150+ more for a CANBUS module to plug in behind it, so the computer system communicates with it as it expects to see it. Other factory accessories won't work properly either, until the Jeep is taken in to the dealer and the firmware re-flashed with a version that has those features "enabled" in it.

If things like wi-fi in the car are only interfaced with the stereo/media center, and that system is independent of the computer handling the engine, transmission, etc.? Hackers won't be able to do a single thing that directly affects the safety or performance of the vehicle. They'll only be able to mess up your in-dash entertainment system.