Clearing Houses

Why more regulation of connected car tech is probably just down the road

We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!

A few months ago, I bought my first new car in years. I had planned to buy a used one, but decided that a shiny new vehicle would be a pandemic treat. I was amazed by connected car technology, all the on-board software programs that basically turned the car into an API on wheels.

I thought about it more in late January when a 19-year-old in Germany made international news with a chilling revelation: he was able to remotely access more than 25 Tesla vehicles and, if he wanted to, could have controlled some of their functions, including unlocking doors, opening windows, and even starting keyless driving.

The story had a happy ending. The teenager, David Colombo, is a white hat hacker who uses his skills to identify security vulnerabilities. That’s how he discovered flaws in a third-party data-logging app available to Tesla owners, TeslaMate, that allowed him to send commands to cars. Colombo notified TeslaMate and Tesla, and a fix was quickly released.

The proliferation of connected cars

But the incident served as a troubling reminder that security vulnerabilities are a clear and present risk to all connected cars that are reshaping the automotive industry, and the very nature of driving, and that better protections must become a higher priority. high.

The technological disruption that is sweeping the automotive sector is accelerating rapidly. In August, President Biden signed an executive order to make half of all new vehicles sold by 2030 zero emissions, including battery-powered, electric, plug-in hybrid or fuel cell electric vehicles. The administration followed that up in February with a plan to allocate $5 billion to states to fund electric vehicle chargers along interstate highways.

The New York Times, in a story [subscription required] titled “Why This Year Could Be a Tipping Point for Electric Cars,” reported in February that “battery-powered cars are experiencing a watershed moment.” The newspaper said a dramatic increase in the number of electric cars sold globally, from 2.5% of all new cars in 2019 to 9% last year, signals that 2022 could be “the year when march of battery-powered cars has become unstoppable, erasing any doubt that the internal combustion engine is heading towards obsolescence.

The proliferation of software in cars

Even before electric vehicles started gaining momentum, the amount of software code in today’s cars had reached around 100 million lines. [subscription required]and many experts expect that number to reach 300 million by 2030. To put that into context, an airliner has about 15 million lines of code, and a modern fighter has about 25 million. .

Many modern vehicles now have more than 100 integrated electronic control units to control everything from seat belts to the infotainment system. Advances in cloud computing and 5G wireless technology will allow vehicles to continue to become smarter and more connected to the world around them, such as networks and services in homes, businesses, infrastructure and other vehicles. If software eats the world, as entrepreneur Marc Andreessen observed [subscription required] in 2011, he absolutely devours the automobile.

These innovations are extremely exciting and are expected to bring a range of societal benefits, including cleaner air, reduced fuel consumption, safer roads and greater economic productivity. However, all this additional connectivity poses security and privacy issues that have yet to be adequately addressed.

Cars as “clearinghouses”

“The influx of digital innovations, from infotainment connectivity to over-the-air software updates, are transforming cars into information clearinghouses,” says a McKinsey report. “While delivering significant customer value, these changes also expose vehicles to the more devious side of the digital revolution. Hackers and other black-hat intruders attempt to gain access to electronic units and critical on-board data, potentially compromising critical security features and customer privacy.

The current lack of security and privacy regulations and standards is a Wild West that will not be enough in the long run. That’s why I think lawmakers at the federal and state levels will soon become more aggressive in considering legislation to strengthen these systems against intrusion.

Deja vu again

We have already seen this film with the rise of new technologies. In the early days of the Internet of Things, the tech industry was slow to focus on security and too often shipped devices with weak password protection and other vulnerabilities.

The automotive industry cannot make the same mistake. The stakes are extremely high: car manufacturers not only have a business logic, but also a legal and ethical logic to ensure that the next generation of vehicles is safe and deserves the trust of consumers.

The discovery of the Tesla vulnerability came six and a half years after security researchers on a laptop 10 miles away caused [subscription required] an SUV from losing power, changing radio stations and turning on the windshield wipers using the vehicle’s entertainment system connected to a mobile data network.

Why this sort of thing still happens is a serious question that needs to be answered.

The need for safety rules not just for self-driving cars, but for everything connected cars

In April 2018, California implemented regulations requiring self-driving vehicles to meet appropriate industry standards for cybersecurity. It’s great, but such thinking must be extended to the much larger universe of connected cars.

The United States requires technological transparency in other areas, such as Centers for Medicare and federal Medicaid Services regulations governing data transfers using application programming interfaces (APIs). It seems inevitable that more stringent oversight will also apply to automotive technology – and not just in security, but in the area of ​​data privacy. Automakers and their third-party partners will collect massive volumes of data in an automotive API ecosystem that will grow exponentially.

The industry would be well advised to buckle up for the action ahead.

Kin Lane is Chief Evangelist at Factoran API-first development platform whose user base recently surpassed 20 million software developers.


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.

If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider writing your own article!

Learn more about DataDecisionMakers