Re: smart cars
Information Technology does not change simply because it takes the form of automobile systems. There is no reason why car IT systems should be treated differently than business IT systems. From the different reports I've read regarding automobile IT, the one most glaring mistakes is the lack of proper segmentation between critical systems and convenience functions. These advanced IT systems in automobiles are being developed at a time when breaches of business IT systems are almost an everyday occurrence. That is completely inexcusable.
What comes to mind is the rush to delivery, to be the first one to implement the latest and greatest whiz bang technology designed to enhance the comfort level of the automobile occupants. While that's all fine and dandy, it should not come at the expense of security. In everyday news, we often hear about terrorist activities, of mass bombings, massacres, etc. Imagine a two ton vehicle whose IT systems have been compromised and controlled remotely, hurtling towards a crowded plaza, or a building in the downtown area of any city. A guided missile, if you will. Or maybe just some hacker who gets a thrill from simply taking over an IT system, controlling an automobile to fulfill whatever whim they have, whether or not they can see the vehicle they are controlling.
While organizations work hard to implement proper IT security, automobile manufacturers should take note and follow suit. Vehicle IT systems are no different at the core; both rely on computer and networking technology governed by operating systems and software applications, and therefore share the same fundamental vulnerabilities. IT security should be built in during the entire life cycle, and not patched in as an afterthought.