Changes to training and education are the first step in protecting consumers against future cyber attacks as mobility industries, such as the automotive industry, increase the use of software, according to a recent SAE International discussion. 

Threats to consumer privacy and safety are a concern for the auto industry as connectivity and autonomous driving features increase.

Training and education for those in the auto industry should focus on creating better communication between the mechanical and software departments, according to SAE.

Bart Kemper, Kemper Engineering Services principal engineer, said mechanical engineers can no longer focus on their project and ignore the software component. 

“This is now everyone’s problem and we have to be aware of our role in the solution and our role in causing problems,” Kemper said. 

He has been a part of an industry team that’s developed a certification for the role of System Software Integrator (SSI). A Systems Integrator builds computing systems for clients by combining hardware, software, networking, and storage products. The SSI role typically has a background in software and is trained in how to communicate with the mechanical side, Kemper said. 

The SSI can help set safety and privacy requirements for the software, along with testing requirements early in the project, he said. 

Kemper said the SSI also can help communicate specifics of mechanics to the software team and specifics of the software to the project manager. 

Cybersecurity is more difficult because it must predict what another person could do, Kemper said. 

Qadeer Ahmed, assistant professor with the Department of Mechanical and Aerospace Engineering at Ohio State University, said students in his department are being taught how to work with software teams from the start of a project. 

“We are essentially educating students that hardware and software students need to listen to each other,” Ahmed said. 

Sometimes, engineers and developers are just focused on getting the project up and running, Ahmed said. He said they aren’t thinking about the add-ons, backcodes, or external devices that will be working with their project. 

Ahmed said the future generation will be more prepared to handle software challenges. He also said it’s becoming more valuable to employ people who understand both the mechanical and software sides. 

A panel at the Consumer Technology Association’s show in January highlighted the need for OEMs to focus on cybersecurity. 

“Everybody, every organization, and every client that we work with is experimenting with AI right now,” said Gillian Crossan, Deloitte principal in cyber and strategic risk. “As are bad actors experimenting with AI.”

AI has made it easier for attackers to build malware code and phishing scams, Crossan said.

“If you think about phishing, often the way that we can identify phishing is with poor grammar or wrong cultural context,” Crossan said. “There are technologies available for $100 a month that will help you with phishing in 27 languages and use AI to really improve that cultural connection. Things like that are impacting the threat landscape, in that it’s getting harder and harder to detect.”

Rex Booth, Sailpoint chief information security officer, said the global threat also is growing as technology advances.

“Ten years ago, we were very focused, at least in the U.S., on about four countries that had what we considered offensive cyber capabilities,” Booth said. “Over time that’s changed. And now there are many more countries that are considered to be capable and have offensive cyber capabilities.”

IMAGES

Photo courtesy of BeeBright/iStock