Cybersecurity jumped to the top of the auto industry's agenda last year when two professional hackers took control of a 2014 Jeep Cherokee as it was driven by a journalist. The hackers exploited a vulnerability in some versions of Fiat Chrysler Automobiles' Uconnect infotainment system.
The incident has left automakers wondering what to do about their product exposure -- but the problem becomes the task of suppliers.
Lear Corp. created the position of vice president in charge of cybersecurity for electronic systems, responsible for global cybersecurity technology strategy and implementation. Last month, it appointed Andre Weimerskirch to take on the role.
Weimerskirch, 41, was previously an associate research scientist in the University of Michigan Transportation Research Institute's Engineering Systems Group, where he led cybersecurity and privacy activities. He spoke last month with Special Correspondent Jim Henry.
Q: Why did cybersecurity become such a hot-button issue?
A: There are several reasons. The first one is the Jeep Cherokee -- that somebody, over the air, was able to take over the vehicle electronics and manipulate the vehicle's behavior.
Through the lane-keeping assist feature, they were able to affect the steering. If you can manipulate that feature to steer the car, you could steer it off the road. They also figured out how to brake the car, not by applying the brakes as you would normally do, but by applying the electronic emergency brake.
But there are many other scenarios, right?
I would argue there's more to it. Look at theft protection in cars. A lot of cars are stolen by stealing the signal from a remote, where you open the car by pushing a key. And once you get in the car, the "start engine" is a push button, too. So you can compromise it, open the door and start the engine, all without a key.
What about protecting privacy?
That should be a concern. As cars become part of the Internet of Things, they can talk to each other, talk to the infrastructure, talk to the OEM, talk to the cloud. We really want to make sure that it's not easy, say, to learn more about the passenger than is really necessary.
Do you approach cybersecurity by trying to hack your own systems?
Most security hacks happen because the instrumentation has a flaw. You want to test solutions, test the physical unit, and one of those tests is penetration testing. You give a product you designed to an internal team that was not involved in the development process. If they find a flaw, that weakness shouldn't have been there in the first place.
How safe is safe?
If you are designing a telematic gateway for a car, you want to properly understand what the risks are and make a risk assessment, knowing there's really no such thing as 100 percent security. A bank makes an assessment of who to protect against. They have figured out that that kind of door, this kind of safe, that type of access control is adequate protection.
In the electronics world, you want to understand who are your attackers. Also, it really has to be economically feasible. You don't overprotect and come up with the maximum system, and make it so expensive no one can afford the car.