Widespread use of fully automated vehicles may seem like distant future, but the threat of taking over the control of our cars is closer than most people think. The famous Jeep hack (when researchers took control of a production vehicle remotely from their basement) was three years ago (in 2015) and multiple hacks have been published since then.
Security is important for more than personal safety
Security concerns are most obvious for self-driving cars, but all vehicles must be protected. Not only do we want to stop hackers from controlling our cars (especially when we sit in them), we also want our cars to be safe from criminals who are looking for ways to take our money (e.g. by installing ransomware).
Privacy is a growing concern, as more and more sensitive information is stored either in the car itself or in the cloud, connected to the car. We use online services, communicate with each other and pay using our credit cards. Cars have access to information about our location, our driving habits and other sensitive information that must be protected. Governments are already taking actions to protect our privacy – for example, GDPR (General Data Protection Regulation) in the EU, CCPA (California Consumer Privacy Act) in California or the SPY Car Act (Security and Privacy in Your Car Act) – but our cars must be smart and secure enough to protect us.
Vehicles are more than just smartphones on wheels. Tons of steel in the wrong hands could be dangerous, and strong security measures must be in place to stop terrorists from taking over the control of our cars and weaponizing it. Transportation is part of our key infrastructure and protecting it must be part of the national security strategy of every country.
Security is a race between attack and protection methods
There is no perfect security, everything can be broken if you have enough resources (time, money, equipment, etc.). In practice protection must be strong enough to convince attackers that it is not worth trying to gain access to the protected asset.