Internet-connected and driverless cars will be targets for hackers — including terrorists and hostile nations — so the automotive industry must ensure vehicles have built-in cybersecurity protection, a top U.S. Justice Department official said.
"There is no Internet-connected system where you can build a wall that's high enough or deep enough to keep a dedicated nation-state adversary or a sophisticated criminal group out of the system," John Carlin, U.S. assistant attorney general for national security, said Tuesday in Detroit.
The burgeoning market for cars connected to the Internet is expected to be valued about $42 billion by 2025, with more than 220 million vehicles on the roads.
U.S. agencies and regulators are trying to make the auto industry more aware of cyberthreats and quicker in acting to plug security gaps, Carlin said, and agencies can share information about threats with companies.
"This will be the next battlefront," Carlin told reporters after his keynote speech at the SAE 2016 World Congress. "Right now what we have is this combination of carrots and sticks, and there's not a one-size-fits-all protocol that's been mandated by statute."
Carlin said government agencies and companies across different industries are in the "early days" of dealing with rapid technological change and with laws and regulations on cybersecurity that are "very unsettled." For the most part, the government encourages companies to take steps voluntarily to secure their products and services.
Hackers of all varieties could try to do harm through connected cars, Carlin said.
