Tuesday, April 26, 2016

Vehicle Cybersecurity: DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack

April 25, 2016 - Modern vehicles contain multiple interfaces--connections between the vehicle and external networks--that leave vehicle systems, including safety-critical systems, such as braking and steering, vulnerable to cyberattacks. Researchers have shown that these interfaces, if not properly secured, can be exploited through direct, physical access to a vehicle, as well as remotely through short-range and long-range wireless channels. However, the majority of selected industry stakeholders interviewed for this GAO report agreed that wireless attacks, such as those exploiting vulnerabilities in vehicles' built-in cellular-calling capabilities, would pose the largest risk to passenger safety. Such attacks could potentially impact a large number of vehicles and allow an attacker to access targeted vehicles from anywhere in the world. Despite these concerns, some stakeholders pointed out that such attacks remain difficult because of the time and expertise needed to carry them out and thus far have not been reported outside of the research environment.

You may read the full report here.