NXP Semiconductors NV : “We need a change in mindset”

Andy Greenberg, Senior Editor Wired, talks about how car companies should increase the security of their vehicles.

You made people aware that cars can be hacked. If you should name one solution to tackle the problem, what would that be?

Andy Greenberg: The most important thing for the automotive industry to catch up on security is to realize that hackers are their allies and not the enemy. This is a realization we saw companies like Microsoft, Google, or Apple come to over the last couple of decades. Hire hackers, embrace them! Also the ones who don't work for you: When they come up with a hacking technique, that is a gift. It is research for free. That is the kind of change in mindset car companies need to make. Chrysler probably saw the Jeep hack as disaster. But it was a breakthrough for them. They were given a whole series of vulnerabilities in their software they could then fix.

When you talk about hiring an army of hackers it is not just a figure of speech?

No. Companies need a standing army of hackers. We are not talking about problems like fixing a bug in your power steering. Security now is a dynamic problem with adversaries. If you make better seatbelts to protect drivers from a collision, for instance, there is nothing that will outsmart you. Hackers do. You will need to play this cat and mouse game with a whole team of security experts who will respond again and again.

Do car companies react to slowly?

They need to have a rapid and dynamic response to these hacking techniques coming out. They need to be able to update their vehicles. It is not enough to put up a notice on your website about a security software update that nobody will see. There are examples where companies were informed about security issues but did not fix them for five years. That is not acceptable. Tech companies like Google and Apple fix things in a matter of days or weeks. That is another part of the shift that needs to happen.

How did car companies react to the hacking story. Did you get many calls?

After the story, Charlie Miller and Chris Valasek, the two hackers who took over the Jeep, became kind of celebrities within the automotive industry. They were hired almost immediately by Uber, which seems to be developing an autonomous vehicle. I would really appreciate a chance to talk more to the automotive industry. I know they are doing really smart things. But they seem to be afraid to talk about it. Despite these vulnerabilities they are aware of the problem and are working on it. They just seem really shy about telling you about the smart security progress they are making.