In a late-May vehicle safety review, Consumer Reports noticed a problem with the new Tesla Model 3’s brake performance: It stopped more like a truck than a sedan. Within days Elon Musk’s company was able to identify the issue and resolve it through an over-the-air (OTA) update.
The recent brake fix is a testament to the speed and flexibility Tesla’s OTA model offers. It also demonstrates why more traditional automakers are moving to expand their own OTA programs, with several major U.S. manufacturers planning a roll-out for the 2020 model year. This new paradigm will help lower costs to manufacturers and reduce the burden on consumers to fix problems in cars which are, increasingly, mobile computers. However, automakers must take deliberate steps to ensure consumers are informed about the nature and content of updates, and that both the updates and the cars themselves have robust, sustainable cybersecurity measures in place.
Maintain Transparency and Ensure Availability for Updates
Automakers should focus on transparency. The ability to push updates for most systems, including safety-critical components like brakes and airbags, raises the specter of “silent recalls” – where companies could bury system-critical fixes in generic updates. As with current recalls, OTA updates should come with a notice in advance via mail and/or email, giving the consumer a chance to understand what the update is and what problems it is supposed to resolve. This will help ensure consumers are aware of specific risks, and install safety-critical updates promptly. The update management enterprise should be structured to minimize consumer vulnerability, including unbundling security patches and pushing them independently where appropriate.
Companies should also recognize that OTA updates will often occur under less-than-ideal network conditions. Updates should be designed to roll back easily, so that a car does not “brick” or develop some other flaw if an update is interrupted or corrupted. Existing measures, like running updates at a dealership, should still be available, and companies should explore alternative options – for example, providing a secure download to thumbdrive – which will ensure updates reach all customers. Automakers should also look at making service packs available for those who leave their cars idle for long periods, like long-term overseas travelers or military members on deployment, to minimize the installation time.
Finally, automakers must be willing and able to support system maintenance and upgrades for an extended lifecycle. Mainstream support for a flagship product like Windows 10 can end after only five years. The average car on American roads today is over 11 years old. If current ownership trends continue, automakers will need to provide support to critical systems for significantly longer than other software providers, and may need to license third-parties to support enthusiasts, restorers, and other after-market or cottage industries.
Implement Sustainable Cybersecurity Practices
In the push to be first to market with new technologies, automakers have often sidelined security and reliability. Researchers at DARPA have been sounding off about automobile software vulnerabilities since the early 2000s, demonstrating how flaws in systems as ubiquitous as OnStar could allow someone to control a vehicle. More recently, security researchers at Tencent Keen Security Lab hacked Tesla cars on several occasions, gaining control of a number of functions remotely. Even extravehicular systems can create vulnerabilities: A group of hackers in Norway was able to steal a Tesla by hacking the owner’s phone – used as a key via the Tesla app. To its credit, Tesla’s responses to these hacks have been a model for other companies to follow. After the first Tencent hack, for example, Tesla pushed a firmware update that made it significantly harder to access certain systems, and the company has continued to make security a priority.
Other manufacturers need not start from scratch. Computer security research group The Cavalry has advocated a “Five Star Cyber Safety” program for the automotive industry, which incorporates a number of best practices experienced software companies and security researchers have developed over the years. Automakers can also look to the The Digital Standard for security and privacy best practices being organized by a Consumer Reports-led consortium. And, following the Department of Commerce and Department of Homeland Security’s recently published report on enhancing the internet and communications ecosystem, the Commerce Department announced it will launch an initiative to enhance software component transparency.
Connected cars will likely be one of the largest, most prevalent members of the Internet of Things (IoT) in the foreseeable future. Where other IoT manufacturers may have thus far been able to skimp on security without seriously risking the safety of their customers, for automakers cybersecurity and physical safety go hand-in-hand. They have an opportunity and an obligation to incorporate sustainable cybersecurity practices and ensure that the convenience offered by this connected future does not leave open the door to serious safety issues.
Image credit: Flickr user Ford Europe