This topic is touched on in the article. The problem is that many non-critical systems need information from the critical systems in order to function properly and/or safely. For example, automatic door locking depends on knowing something about the state of the car- different makers choose to lock when the engine is started, the car is put in gear, or when it exceeds a threshold speed- to operate properly. OTOH, the locks need to be connected to insecure systems that take remote information, like the keyless entry or remote assistance systems. So the locks now need to communicate with both the critical driving systems and the communications systems. Putting an air gap in place will disable some useful feature of the car.
You can't even fix the problem with one-way information flow between critical and non-critical components, because there are valid reasons for wanting to send information the other way. Many security features require sending information from the outside world to the engine computer. For example, my car has a feature that disables the ignition if the doors are locked using the keyless entry system. That's a very desirable feature, but it means giving control over the engine to a system that has to talk to the outside world.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds