Miller said he can imagine a more secure method, such as using cryptography or encrypted messaging within a vehicle's CAN, to make it more difficult to hack.
But, if an attacker has physical access to a car, they can get access to the firmware on various computer chips and figure out what the encryption keys are, Miller said. "Every car isn't going to have a different key," he said, referring to the fact that once one car is hacked, all the models are vulnerable.
A detection system versus a better firewall
Instead, both Miller and Juliussen said, car companies could "easily" build a separate computer to detect errant messages. The computer would watch the messages that flow between a vehicle's computers or electronic control units (ECUs), and use a database to determine which messages are authentic.
For example, Isreal-based Argus Cyber Security Ltd. is a start-up that sells detection software for the connected car industry. Argus's Deep Packet Inspection algorithm scans all traffic in a vehicle's network, identifies abnormal transmissions and enables real-time response to threats.
Both Miller and Juliussen believe in a layered approach to security. Hardware-based encryption with cyber attack detection is the most promising for securing the future of the connected automobile, they say.
Yet, much of the auto industry's efforts already underway are around building a more secure bus than today's CAN specification.
Ethernet is joined by about a half-dozen other in-vehicle communication protocols, such as LIN (Local Interconnect Network), MOST (Media Oriented Systems Transport) and FlexRay -- aimed at increasing bandwidth to and from the car as vehicle monitoring systems become more sophisticated.
Vehicle-to-infrastructure (V2I) and vehicle-to-retail (V2R) will be two of the most dominant segments of the connected automobile market over the next decade or more, analysts predict. By 2030, more than 459 million vehicles will support V2I and 406 million will support V2R, according to ABI Research.
Others advocate for different security approaches. Ken Schneider, vice president of technology strategy at software security company Symantec, believes digital certificates -- a digital handshake between computer systems -- will be key to providing privacy while also allowing crucial driving data to be gathered. The data will help local governments and auto manufacturers improve overall traffic conditions; the individual driving experience can use data that comes from a vehicle's internal computers.
Modern vehicles, Schneider said, can have as many as 200 ECUs and multiple communications networks between internal computer systems. While most systems are isolated within the car, others are used to transmit data back to manufacturers, dealers or even the government.
"On the plus side, this data can make the user experience much richer and personalized because from one vehicle to the next, it will know all my settings and [be] able to integrate your car into your digital day," Schneider said. "The flip side of that is it creates risk."
Sign up for CIO Asia eNewsletters.