Today’s connected car is not so much a smartphone on wheels; with so many microprocessors chatting with one another across and beyond the vehicle, it is now more aptly described as a data center on wheels.
A tremendous influx of software content, connectivity, entertainment services and autonomy functionality is transforming vehicles. We are rapidly approaching a point in which the automobile will be built around the software, as opposed to the other way around.
Tesla recently made the first deliveries of its mass market “Model 3” electric vehicle. Controls are focused around a large touch screen and the shifter adds “Autopilot” to the traditional “Park”, “Reverse”, “Neutral” and “Drive” options. Full self-driving capability is promised for a later date with simply an Over-the-Air (OTA) software update.
This generalized shift to software, in turn, means the opportunity for a cyber-attack is growing rapidly. Even with the larger potential attack surface, and while cybersecurity threats will never be eliminated altogether, it is also true that substantial work is taking place to engineer tomorrow’s vehicles to be systematically more able to deal with those threats in a safe and predictable manner.
Vehicle manufacturers have announced these important vehicle cybersecurity enhancements:
- Building-in security features to protect safety critical systems,
- Isolation of control systems from communications systems,
- Leveraging security techniques to limit unauthorized access to software and updates,
- Use of threat modeling and simulated attacks to inform design decisions and
- Creation of the Auto ISAC to enhance cybersecurity awareness and collaboration across the industry.
Cybersecurity is being moved to the vehicle’s design foundation, thanks to increased coordination across the broadening, diversifying automotive ecosystem. We are seeing the industry move away from the traditional point-to-point approach to automotive security and coalesce around key best practices including:
- SAE’s “Cybersecurity guidebook for cyber-physical vehicle Systems”
- NHTSA “Cybersecurity guidelines for vehicles”
- FASTR’s own “Manifesto - toward tomorrow’s organically secure vehicle”
The effect is the emergence of a holistic, systems-level approach to building organically secure vehicles that are ultimately capable of self-healing. Self-healing means responding to the inevitable cybersecurity threats in a safe and predictable manner. For example, in detecting and suppressing the introduction of malware or anomalous instructions in the auto ecosystem from manufacturers and suppliers, to communication and control systems throughout vehicle lifetimes.
Security by Design
Security simply can no longer be an afterthought. Security must be a foundational consideration throughout the entire software-development flow for automobiles, from design to delivery. Original equipment manufacturers (OEMs), Tier 1 suppliers and other industry stakeholders must all start wearing their Chief Security Officer hat.
The industry has always had a strong emphasis on physical security; security processes for brakes, steering and other physical components have long been intensely codified. So sudden has been the surge toward software in vehicles, however, that it has somewhat crept up on the industry. Cybersecurity has effectively been stapled on top of more and more sophisticated services leveraging increased Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communications.
There have been some limited-in-scope efforts to move toward an approach of security by design and establish shared guidelines. For example, the U.S. Department of Transportation (DoT) set up the Public Key Infrastructure (PKI) and its certification process that ensures trust and security in the building of V2V and V2I systems.
There is now recognition growing across the industry that the collaboration must be significantly more inclusive in order to sufficiently address the challenges. In the last two years, cybersecurity incidents have been reported broadly across the industry at Chrysler, Ford, GM and Tesla, as well as in commercial vehicles. High tech car thieves today are leveraging laptops and potentially even smartphone apps to steal vehicles.
Security by design must be shared across transportation-network companies, Tier-1 and 2 supply-chain providers, autonomous-vehicle specialists, system-on-chip (SoC) providers, hardware and software suppliers and specialist automotive-security companies, as well as the industry’s OEMs.
Risk Management
There is a bit of sensational hysteria growing around the global security conversation with automobiles becoming more and more connected and autonomous. The truth is that the global, increasingly broad automotive ecosystem is working more collaboratively to architect vehicles with cybersecurity as their foundation, and risk management is a primary area where we can work together to be successful.
Risk based approaches such as NIST’s Cybersecurity Framework (CsF) are already mandatory for government agencies and recommended for critical infrastructure such as transportation.
It’s not a complex point. You don’t attempt to “boil the ocean”, solving every problem everywhere. Problems are triaged from the biggest to smallest, mostly annoying ones. Physical safety is the No. 1 priority.
Reporting, Sharing and Training
While the automotive industry has a very mature approach to reporting, information sharing and training when it comes to physical issues with the car—well-defined reporting and recall processes around a problem with the brake or accelerator, etc.—the model around software and cybersecurity is not nearly as formalized.
Regardless of whatever competitive impulse exists in the industry, the more intelligence and best practices that are shared across the growing automotive ecosystem, the better off that we all are—industry and consumers alike.
The drive toward more sophisticated automotive-security training flows from the larger trend around systematic coordination of cybersecurity across the entire supply chain. Such best practices stand to help automakers reduce risks and liabilities and foster popular trust in tomorrow’s vehicles, accelerating realization of the revolutionary safety and quality-of-life benefits that they offer.
Anything that’s connected across and beyond the vehicle is vulnerable to attack, so, without question, the challenges faced by the automotive ecosystem are considerable.
The good news is that new technologies such as automotive Intrusion Prevention Systems (IPS) and Runtime App Self Protection (RASP) are emerging to limit the scale of harm that can be unleashed by any single attack, to reduce attack surfaces and to harden cybersecurity capabilities. Especially key is that coordination is increasing across the ecosystem toward a system-of-systems approach to automotive security.