Recently, I wrote an article for ConnectedCarTech welcoming the automotive industry to the software world. Given the highly publicized hacks and software-related recalls in the industry, my article might seem a little outdated at first-glance. The sad fact is that it’s far from it.
We constantly see headlines about hacks, panics, patches, and fixes in the connected car, but a recent reveal has made me wonder if that situation is the less likely scenario. It apparently took GM five years to fix a hack in their software – and presumably because the software flaw wasn’t publicly known.
According to WIRED, the researchers that found the hack alerted GM and the National Highway Traffic Safety Administration in the spring of 2010. This means that millions of cars were driving around, maybe even right next to you, with the very real possibility that someone could hack into its OnStar dashboard and could engage or disable the brakes of the car.
Why was such a dangerous flaw so downplayed and sidelined for five years?
The answer’s simple. The automotive industry has a knowledge gap when it comes to software development. As I stated in my article:
The expertise in the traditional automotive supply chain was different – you needed experts in manufacturing and software, not experts in networking, wireless technologies, big data, and all the other trappings of modern vehicles. This is a knowledge gap that many companies in the supply chain are scrambling to bridge.
What’s worse? The automotive industry completely agrees.
GM’s chief product cybersecurity officer Jeff Massimilla admitted to WIRED that GM failed to fix the issue back in 2010 because it wasn’t ready. Coincidentally, a recent survey done by Ponemon Institute on behalf of Rogue Wave and Security Innovation revealed that 72% of automotive developers think that automakers are not as knowledgeable about secure software development as other industries.
So what can we do?
As I’ve previously mentioned, we can’t put all the blame on the automotive industry. The high tech world needs to step up and help automotive developers figure this out. We’ve been here before. We know the ropes. We know the fallout (and to be fair, we still fight it ourselves). But we’ve learned. We’re leaps and bounds ahead of them when it comes to fully understanding the repercussions of a data breach. And we’re trying to make things easier – for all industries.
It’s time we work together to fill the knowledge gap. It starts by understanding where a company’s weaknesses lie.