I, like most Americans, have a love affair with the automobile. Give me an unlimited budget and I will quickly exceed it, purchasing pretty much every available car, truck and SUV on the market.
That's a big part of the reason why I have been following the cyber story de jour: auto cyber hacks. Each day sees new hacking story about a new technique to penetrate your car's computers, with allegedly harmful results.
The icing on the cake here was the recall of over one million automobiles in order to fix a cybersecurity flaw. Well, what about the fact that hackers would have to have "unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time" in order to actually do anything bad to a car? Pshaw -- the mere existence of the recall was all the cyber-Chicken Littles needed to declare the sky was falling.
Unsurprisingly, Capitol Hill fired up its outrage engine, threating hearings, regulations and legislation to address these "worries." All because a few researchers spent way too much time figuring out how to unlock a car door or play with software.
You want my reaction? It's a big fat "Meh". Let me explain.
First, let's begin with a widely acknowledged fact: the automobile industry is pretty darn sophisticated. It is established, organized and adept at running complex manufacturing operations. More importantly, it knows that its customers REALLY care about safety and security. Put all that together and it is as well positioned as any industry to respond to cyber threats.
Also consider the following:
- Safety and security is a primary concern when it comes to auto design, construction and maintenance. Why? Because automobile customers expect their cars to be safe. It is a primary factor in deciding whether to purchase a specific vehicle. Auto manufacturers know that, and they know that ignoring safety innovations means potential lost sales. It only follows then that addressing cyber security will be a natural course for automobile manufacturers to follow.
The automobile industry is well suited to address software flaws or weaknesses through its strong and proven recall program. Anyone who has ever owned a vehicle is familiar with the relatively smooth recall and fix program. That same process is already used for software issues, and we are moving towards a system where security fixes can automatically be pushed to consumers. All of this means that the automobile industry is likely well ahead of cyber criminals when it comes to correcting security and safety flaws. If there is one thing that the automobile industry knows, it is how to manage a diverse and far flung supply chain, and ensuring quality control amongst its suppliers is a key component of that. Supply chain integrity is a critical component of cybersecurity, as far too often successful cyberattacks have been committed by sneaking in malicious code through a sub-developer or inserting counterfeit products into a larger enterprise system. This is another example of where the automobile industry is ahead of the field and can easily step in as a market leader in security. The automobile sector is likely the only one set up to measure its own cybersecurity, and also mesh well with the insurance industry. First, remember that for years the automobile industry has worked closely with the insurance sector to measure vehicle safety (à la the Insurance Institute for Highway Safety). That forum has become the gold standard for measuring vehicle safety, and there is no reason why the automobile and insurance sectors cannot replicate that success with respect to cyber security. Second, the auto insurance community is well known for incentivizing the use of safety and security features on cars by offering policy discounts for their use. That program should easily be extended to the use of cybersecurity measures in cars ("Your car has non-signature based detonation chambers? Great, that will save you 5 percent a month on policy premiums"). This will be in marked contrast to the difficultly currently being experienced in trying to tie cyber incentives to traditional property or general liability programs.
All of this is of course in addition to the more general notion that hacking into automobiles is a fairly pointless exercise. The idea that someone could remotely control your car (or multiple cars for that matter) and put you in peril sounds scary, and to be fair it is a possible event.
Still, let's be fair and distinguish between "possible" and "probable". Car hacking is possible, but is it probable? Hardly. The return on investment for doing so just isn't there. Remember that most cyber criminals are likely in it for the money, and there are much easier ways to make money than by crashing other people's cars on purpose.
So, I'm back to "meh". I understand why people worry about this issue and that it makes for a good news story. But I also recognize that devoting billions of dollars to create new, immortal, federal bureaucracies that oversee auto cybersecurity is a big waste.
We have better things to focus on like, oh, I don't know, figuring out if foreign hackers are stealing every secret we have from government agencies. Like that would ever happen...
Brian E. Finch (@BrianEFinch) is a partner at Pillsbury Winthrop Shaw Pittman LLP.
Support HuffPost
Our 2024 Coverage Needs You
Your Loyalty Means The World To Us
At HuffPost, we believe that everyone needs high-quality journalism, but we understand that not everyone can afford to pay for expensive news subscriptions. That is why we are committed to providing deeply reported, carefully fact-checked news that is freely accessible to everyone.
Whether you come to HuffPost for updates on the 2024 presidential race, hard-hitting investigations into critical issues facing our country today, or trending stories that make you laugh, we appreciate you. The truth is, news costs money to produce, and we are proud that we have never put our stories behind an expensive paywall.
Would you join us to help keep our stories free for all? Your contribution of as little as $2 will go a long way.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. Would you consider becoming a regular HuffPost contributor?
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. If circumstances have changed since you last contributed, we hope you’ll consider contributing to HuffPost once more.
Already contributed? Log in to hide these messages.