The Society for Automotive Engineers (SAE), the industry's premier standardization group, is in the process of trying to set security baselines "based on our work," says Savage. "But it will take a while because there's so many different components involved."
Roesner's research pointed to diagnostic tools used by service personnel as a potential source of attacks, she says. "These tools can be used to exploit vulnerabilities in automobiles," so owners need to be careful about who is permitted to access the OBD-II diagnostic ports of their cars, Roesner says.
Beyond individual auto companies, the U.S. Department of Transportation has "shown interest," she explains. The United States Council for Automotive Research (USCAR) and the SAE have both created tasks forces focused on computer security for automobiles.
Now is a good time to look at this and start thinking of possible solutions, when automakers and fleet owners are not in panic mode, says Savage. "We're working with the car industry to get ahead of it. In five to 10 years, it may be more of an issue."
See related stories:
Linda Melone is a freelance writer based in Orange County, Calif. She specializes in consumer topics ranging from health and technology to business. Contact her at Linda@LindaMelone.com.
Read more about security in Computerworld's Security Topic Center.