In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections.
[Video Podcast] | [MP3] | [Transcript]
Almost from the get-go, automobiles symbolized a kind of dynamic and restless American identity. The auto industry epitomized U.S.’s vibrant and innovative economy. With the help of some serious federal dollars, they also became indispensable parts of 20th century American life. By the 1950s, accepted wisdom was that automobiles and the automotive industry were inextricably linked to the well being of the U.S. – what’s good for GM is good for the United States, and vice versa – as the saying went.
Dennis Kengo Oka is a senior principal automotive security strategist.
But all that romanticizing of cars and the cheerleading of the powerful and influential auto industry forestalled much-needed oversight of vehicles. The auto industry fought calls for federal auto safety rules and requirements for decades, arguing that driver error and unsafe roads were responsible for accidents, not their vehicles.
A four decade delay in vehicle safety regulation
It wasn’t until the mid 1960s that Congress got around to passing the National Traffic and Motor Vehicle Safety Act in the wake of the publication of Ralph Nader’s Unsafe at Any Speed – an expose of how the auto industry prioritized style and features over safety. By that time, automobile accidents were responsible for 49,000 deaths, 1.8 million minor injuries, and $8.5 billion in damages, lost wages, and medical expenses annually. (By comparison, 46,980 people died in auto accidents in the U.S. in 2021, despite the fact that the number of registered vehicles on the roads has more than tripled in the intervening years, from around 90 million vehicles in 1965 to more than 280 million in 2021.)
Since then, the auto industry’s tune on vehicle safety has done a 180 degree turn. Safety features -like airbags and collision avoidance – and vehicle safety ratings are, today, a key selling point for cars. But that focus on safety doesn’t extend to the software that increasingly runs our vehicles.
Vehicle safety? Critical! Vehicle software safety…umm….
As with the advent of the automobile in the first decades of the 20th century, the arrival of the “smart car” in the first decades of the 21st century has transpired as an industry-led initiative transpiring in a vacuum of government oversight, regulation and guidance. The result: exploitable cyber-physical software flaws were documented starting as early as 2011, with a dramatic display of the potential to use software...