Cyber security battle between cyber criminals and business community is not new. Businesses are natural choice for crackers as it is businesses where money can be made by them. However, business community is not very keen in adopting best cyber security practices for their products.
Take the example of automated cars or vehicles made by automobile manufactures and companies. Majority of automobile manufacturers have for long either ignored or dismissed cyber security research exposing cyber security gaps in the automated and networked features in their vehicles.
But Takuya Yoshida, a member of Toyota’s InfoTechnology Center, along with his Toyota colleague Tsuyoshi Toyama, have developed a new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform for researchers and budding car hacking experts. Now automakers including Toyota are preparing for next-generation attacks, but there remains a lack of security engineers that understand auto technology.
There is also a lack of regulatory norms and techno legal standards that can govern automated cars/vehicles issues. Recently UK released new cyber security standards for self driving vehicles. This follows the government’s publication last year which set out key principles of cyber security for automated vehicles, such as the expectation that systems should be designed to be resilient to attacks and respond appropriately when its defences fail.
These are good developments and more techno legal research and development is needed in this regard by national and international stakeholders.