The consequences of a compromised car can be dire. Financial information, personal contacts and GPS data are all information that can be devastating if put in the wrong hands. The stakes figure to be even higher once self-driving cars are on the road in large numbers, as the prospect of someone hijacking and controlling an autonomous vehicle remotely is utterly terrifying.
These risks have moved beyond theoretical. In 2015, Fiat Chrysler had to recall over 1.4 million Jeeps -- and then 8,000 more -- after it was discovered that a bug in the vehicle would allow someone to remotely control the car. Last year, Volkswagen came under fire for a similar situation. A 14-year-old successfully hacked a Delphi Automotives vehicle with $15 worth of parts.
It's no coincidence, then, that each of those three companies were sponsors of the Car Hacking Village, an event that was a part of this year's cybersecurity conference DEF CON. Alongside other hyper-relevant topics like voting machine security, it's fitting that the Car Hacking Village was one of the most talked about showcases at DEF CON. Presentations at the Village had titles such as "Insecure by Law," "Grand Theft Radio," and "That's no car. It's a network!"
The rise of an event like the Car Hacking Village is a direct result of an increased need for cybersecurity experts in the connected vehicle space. In a matter of years, car manufacturers have gone from being relatively unconcerned with computer technology to relying upon it entirely. As computerized cars become fully connected cars, workers with cybersecurity backgrounds are at a premium for these automakers. In fact, the demand is so great that it is outstripping supply.
Active outreach in the form of events like the Village has become a key tool in helping companies fill essential cybersecurity positions.
"Hacking cars is hard," Casey Ellis, founder of Car Hacking Village sponsor Bugcrowd, told The Hill. "It requires specialized equipment and knowledge, not to mention the car. That's part of the reason [manufacturers] jumped into this. It's a good way to access talent they would otherwise be unable to hire."
"We need to move researchers to automobiles," Tod Beardsley told The Hill. Beardsley is director of research of software security company Rapid7, a sponsor of the Village.
The in-demand skill set is a specific one. The process that cybersecurity experts use to find weaknesses in automotive programs is somewhat counter-intuitive: They try to hack it themselves. By attempting to infiltrate a technology, coders can identify weak points, which is essential knowledge for understanding how to best shore them up. Plus, it gives security specialists insight into the mindset of the hackers they're trying to thwart.
In order to adequately address these issues, the automotive sector needs to undertake a sustained effort to recruit cybersecurity experts over the next several years. Sponsoring events like the Car Hacking Village is a start, but even more will need to be done in the future to grow the talent pool. The future of connected vehicles depends on it.