Things everywhere are getting smarter—and increasingly connected. There are refrigerators that can order groceries. There are prescription drug caps that glow when it’s time to take the medicine inside.
And, of course, there are cars that can drive themselves.
But the more connected things are, the more hackable they become. So far, connectivity is outpacing cybersafety, according to Joshua Corman, chief security officer at PTC and the most recent speaker in Volpe’s 2017 series, The Ongoing Transformation of the Transportation System.
“I like to think...not that software is always good, or software is always bad,” Corman said. “Clearly we adopt this software and connectivity for the immediate and obvious benefits. We just seldom do the real cost-benefit analysis, to ask ourselves, ‘Are the consequences of failure acceptable?’”
Establishing Boundaries to Protect Public Safety
The world of computer coding is very much an open source one, with a landscape that renounces rules in favor of unbridled innovation. Yet the public expects rules when safety comes into play, Corman said.
“You can’t open a restaurant if you can’t provide minimum hygiene standards,” Corman said. “You can’t take a home-built car on the road unless you can demonstrate it’s roadworthy. You can’t take an airplane into the air if it can’t pass safety checks. These technologies and these industries with the potential to affect public safety eventually and appropriately get some level of scrutiny.”
The Five-Star Cybersafety Framework for Cars
Just as the National Highway Traffic Safety Administration’s five-star ratings assesses the physical safety of cars, Corman and his colleagues at the cybersecurity research organization I Am the Cavalry developed a five-star automotive cybersafety program.
“If you’re a car company, and you want to be this tall to ride the Internet of Cars, since all systems fail, tell us how you avoid failure,” Corman said. “Take help avoiding failure without suing the helper. Capture, study, and learn from failure. Have a prompt and agile response to failure. And contain and isolate failure.”
The five-star framework for automotive cybersafety is not meant to be a regulatory regime or international compliance statute, Corman said. His research organization developed it to provide a common language for carmakers, regulators, insurers, and others to begin a constructive conversation on ensuring automotive cybersafety.
“What I’d like us to think about is, with great connectivity comes great responsibility,” Corman said. “We should only add that connectivity when we are certain we can rise to the level of commensurate care.”