By: Chris Strohm Bloomberg, Published on Tue Apr 12 2016

Internet-connected and driverless cars will be targets for hackers — including terrorists and hostile nations — so the automotive industry must ensure vehicles have built-in cybersecurity protection, a top U.S. Justice Department official said Tuesday.
“There is no Internet-connected system where you can build a wall that’s high enough or deep enough to keep a dedicated nation-state adversary or a sophisticated criminal group out of the system,” John Carlin, U.S. assistant attorney general for national security, said Tuesday at an auto industry conference in Detroit.
The burgeoning market for cars connected to the Internet is expected to be valued at about $42 billion (U.S.) by 2025, with more than 220 million vehicles on the roads.
U.S. agencies and regulators are trying to make the auto industry more aware of cyber threats and quicker to act in plugging security gaps, Carlin said.
“This will be the next battlefront,” Carlin told reporters after his keynote speech at the SAE 2016 World Congress. “Right now, what we have is this combination of carrots and sticks, and there’s not a one-size-fits-all protocol that’s been mandated by statute.”
Questions about the auto industry’s responsiveness were raised last year when Fiat Chrysler Automobiles waited 18 months to tell federal safety regulators about a security flaw in radios being installed in more than a million vehicles that security researchers exploited in July, seizing control of a Jeep just to show it could be done.
The episode led to the recall of almost 1.5 million vehicles — the first auto recall prompted by cybersecurity concerns.
Carlin said government agencies and companies across different industries are in the “early days” of dealing with rapid technological change and with laws and regulations on cybersecurity that are “very unsettled.” For the most part, the government encourages companies to take steps voluntarily to secure their products and services.

Hackers of all varieties could try to do harm through connected cars, Carlin said.
“If you were able to do something that could affect a large scale of an industry — like 100,000 cars — you could see that being in the arsenal of a nation-state’s tool kit as a new form of warfare,” he said.
“We’ve seen rogue nation states try to assassinate those that do not share their beliefs,” Carlin said. “If they were able to do it remotely through a car, I don’t see why they consider that a safe zone.”