Security Innovation Confirms That the Gap Still Exists in Automotive Cybersecurity
Wilmington, MA – December 21, 2016 – Sponsored by Security Innovation and INTEGRITY Security Services, a Green Hills Software company, the Ponemon Institute has conducted their second annual cybersecurity survey of over 500 automotive developers, engineers, and executives.
“The cybersecurity of connected vehicles is one of the most important challenges for the automotive industry,” says Pete Samson, Senior Vice President and General Manager of Security Innovation’s embedded systems team. “Our second annual Ponemon survey represents an important step toward understanding and therefore improving the safety, security and privacy of the global transportation system.”
The survey results provide valuable insights on the mindset of over 500 key people in the automotive software ecosystem regarding the state of cybersecurity readiness within their industry. The results are alarming although they do show cause for optimism when compared to last year’s survey.
Some key findings include:
- There is a growing concern that hackers are actively targeting automobiles.
- Car manufacturers are more concerned about automobiles being hacked than their major electronics suppliers.
- The lack of skilled personnel and requirements, and pressure to meet release dates are the main impediments to secure software development.
- Cryptography is not being used as much as needed.
- Legacy technology is hindering the ability to make vehicles more secure.
- There is little clarity or consensus regarding a single point of responsibility for a secure development process.
- Senior management have a rosier view of their company’s cybersecurity readiness than the people actually doing the work.
- However, there is a small but statistically significant trend toward a more mature approach to securing vehicles.
”While study results show there is still work to be done to secure connected vehicles, there are many things that can be started today,” said Gregory Rudy, Director of Business Development at INTEGRITY Security Service, a Green Hills Software Company. ”Automotive executives must champion this change by promoting secure system design by allocating requirements, properly training, and looking to outside security suppliers for help. Automotive security starts with the ECU and must extend throughout the manufacturing supply chain.”
About INTEGRITY Security Services
INTEGRITY Security Services was established in 2009 by Green Hills Software to provide best-in-class embedded security solutions. ISS products and services secure devices, software, networks, and data—from the smallest embedded component to the largest data center—throughout the product lifecycles. Comprehensive solutions include cryptographic toolkits and high-availability enterprise PKI systems to provide absolute end-to-end security. Learn more about ISS at www.ghsiss.com.
About The Ponemon Institute
Ponemon Institute conducts independent research on privacy, data protection and information security policy. Our goal is to enable organizations in both the private and public sectors to have a clearer understanding of the trends in practices, perceptions and potential threats that will affect the collection, management and safeguarding of personal and confidential information about individuals and organizations. Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise. For more information, please visit http://www.ponemon.org/.
About Security Innovation
Since 2002, organizations have relied on Security Innovation for their unique software and application security expertise to help secure and protect sensitive data in the most challenging environments - automobiles, desktops, web applications, mobile devices and in the cloud. Recognized as a Leader in the Gartner Magic Quadrant for Security Awareness for the third year in a row, Security Innovation is dedicated to making the world (and your organization) a safer place, one employee and one application at a time. Security Innovation is privately held and headquartered in Wilmington, MA USA. For more information, visit www.securityinnovation.com.