As we build the Internet of Things the race is on to create new products and services. Making them secure costs more and can slow the pace of innovation. But as Car companies are now finding out, this can have a serious impact.
Recently Range Rover recalled 65,000 cars whose doors could fly open due to a software bug. As Graham Cluley explores, this is just one of a series of issues with the security of vehicles that have come to light recently.
The problem is not so much that these companies don’t care about security, but that good security is hard. It is easier to break a system than build a robust system. This does not mean building a secure system is impossible â rather it means it is an expensive and ongoing process, and right now the car suppliers are unable to make the business justification for undertaking that expense.
Security is an ongoing process, because getting it right is hard. There is an inevitable need to update things. But as pointed out in the Graham Cluley’s article even the update process can introduce vulnerabilities, so perhaps the safest thing is a recall. Surely a recall changes the economics to want to do things better in the first place?
Looking at GM Nine-Month Recall Costs Total $2.7 Billion on Repairs and playing with a calculator suggests each recall costs between $50 and $260. So we could speculate the cost of the Range Rover recall is about $16m. That leads to the instinctive reaction “I am sure for $16m we could do security better”. (I am sure you can, but I am also not certain it would eliminate the issue â remember the attackers only has to find one flaw, could you guarantee to find all flaws for $16m?)
The BBC article on the Range Rover story identifies that
“Some newspapers reported that insurers were unwilling to extend cover to Range Rover owners unless they could park in secure, off-street car parks”
Could this be the key to getting more robust security? In essence, unless a manufacturer’s track record shows its cars are secure, their customers will find the practicalities of owning one too hard (unable to get insurance), instead choosing other brands. If the cost of a car recall is not enough to trigger more trustworthy vehicles, maybe people stopping to buy your cars is!
Whether this is the trigger that works or not time will tell. What is inescapable is that a change in the market dynamics is needed if products and services are going to be considered trustworthy.
(Image Copyright BBC)
Once Upon a Camayoc 
Interesting update to this story today…
http://www.theguardian.com/technology/2015/jul/21/jeep-owners-urged-update-car-software-hackers-remote-control
Could this be turned around to “Hey, if you don’t apply this patch – and you crash – you are not insured” ?
LikeLike