Automotive Cybersecurity: Honda, Senators & Upstream

In automotive cybersecurity news are Honda, NHTSA and UpStream.

Honda Ransomed

Honda was hit with ransomware and many are concerned about cars being hacked.

Senators Call Automotive Cybersecurity Dangerous

Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, today sent a letter to the National Highway Traffic Safety Administration (NHTSA), calling out the agency’s “dangerously reactive approach to cybersecurity” in Internet connected cars.

Their letter questions NHTSA’s “deafening silence” in response to demonstrated car hacks.

“We are very grateful that Senators Markey and Blumenthal are pressing NHTSA for answers as to why it is not monitoring and protecting against the hacking of Internet connected cars,” said Jamie Court, president of Consumer Watchdog. “Our government needs a pro-active plan for the cybersecurity risks that spring from today’s fleet of connected cars.”

The Senators’ inquiry springs from Consumer Watchdog’s report, “Kill Switch: How Connected Cars Can Be Killing Machines and How To Turn The Off,” which details the cyber security risks of connected cars. C

The Senators’ letters  also follows up on their prior inquiry about the cybersecurity risks of internet-connected cars.

In their original letter, the Senators asked NHTSA to share any information it has on the cyber vulnerabilities of connected cars, as well as any actions it is taking to protect the public from such threats.

In NHTSA’s reply, the agency claimed it is “not aware of any malicious hacking attempts that have created safety concerns for the motoring public.” However, this statement belies examples of demonstrated vulnerabilities in connected-cars and indicates a hands-off approach to this growing threat to public safety, the senators said.

Moreover, NHTSA’s reply revealed that the agency is also neglecting to oversee and keep the public informed about over-the-air (OTA) software updates designed to fix safety defects in cars without a physical recall.

“We are deeply troubled by NHTSA’s deafening silence in response to the repeated reports of vulnerabilities and risks of hacking of internet-connected cars,” write the Senators in their letter to Acting Administrator James Owens. “We believe NHTSA must end its dangerously reactive approach to cybersecurity and do more to protect consumers before a malicious attack leading to a fatality occurs.”

Internet-connected vehicles can potentially be hacked and remotely controlled by malicious actors, creating risks not only to the lives of car drivers and passengers, but also to pedestrians and property along the road.

In today’s letter, Senators Markey and Blumenthal ask questions that include:

  • How is NHTSA proactively protecting the public from cybersecurity threats to internet-connected cars?
  • Is NHTSA monitoring, and does it act, when researchers demonstrate successful hacks on connected cars?
  • How does NHTSA monitor and respond to OTA software updates for internet-connected cars?
  • Does NHTSA have the legal authority to change its regulations to require public disclosure of OTA software updates designed to correct safety-related defects?

Upstream Funding by Alliance Group

Upstream Security announced today that it has secured an expansion of its Series B funding with an investment by Salesforce Ventures. The undisclosed amount is in addition to $30 million previously invested by Alliance Venture Capital (Renault, Nissan, Mitsubishi), Hyundai, Nationwide Insurance, Volvo Group, and others.

Upstream offers specialized cloud-based data services for connected cars, including cybersecurity, quality enhancement, and data monetization opportunities. Salesforce offers its leading CRM platform to automotive OEMs, dealers, suppliers, and mobility services. The partnership between the two companies will bring real-time end-to-end data-driven solutions to the automotive sector.

“Our partnership with Upstream will empower our automotive customers with value-added end-to-end data services,” said Achyut Jajoo, Salesforce’s Vice President and Chief Solutions Officer for Manufacturing Industries. “The fusion between data and customized offerings is integral to the digital transformation of the automotive sector.”

As the automotive industry becomes a smart mobility ecosystem with connectivity at its root, new tools are needed. Utilizing connected car data such as telematics, OTA (over the air updates) and mobility applications opens extensive opportunities for automotive OEMs, dealers, suppliers, and value-added mobility services. A growing number of the world’s largest vehicle OEMs and mobility providers already rely on Upstream’s platform to transform their automotive data into a comprehensive cybersecurity solution utilizing vehicle digital twins and insights.

This new partnership with Salesforce Ventures will enable the digital transformation of smart mobility players by producing an end-to-end automotive data service, beyond cyber capabilities, that will allow additional players in the automotive ecosystem to both understand the connected car data and enact real-time actions based on the insights found within that data.

“Both Salesforce and Upstream have jointly recognized the power in automotive data and the capabilities that it unlocks,” explains Upstream Co-Founder and CEO, Yoav Levy. “Paired with Salesforce’s unparalleled CRM services, Upstream’s field proven automotive-specific machine learning and data analysis tools will be instrumental in helping the automotive realm adapt to the new-age demands of the connected car customer.”