On the road to security
Like many other sectors, the automotive industry is one that has been invigorated by incredible advances in technology. The autonomous car, in particular, is set to entirely change the driving experience for motorists across the globe.
There are a whole host of benefits from this evolutionary step in automotive manufacturing; journey times will be reduced, faults can be diagnosed remotely, and accidents can be prevented before they even occur.
The good news is that we’ll be able to get behind the wheel of the autonomous car much sooner than we think – the Government has already pledged to introduce these intuitive vehicles to the UK’s roads by 2020, Google is in testing phases in California, and a multitude of manufacturers are introducing concept models, says Christine Caviglioli, vice president Automotive, M2M at Gemalto.
With Ford pledging to sell driverless cars by 2025, Uber’s recently launched fleet of driverless cars, and Tesla autonomous range of electric vehicles – there are a number of manufacturers competing to win the driverless car race.
However, advances in technology don’t come without concerns, and what we’re increasingly seeing today is that cyber threats that were once exclusive to the world of computing are now very much a concern for the automotive world, too. Any aspect of the connected car that is ‘connected’, so to speak, comes with its own vulnerabilities that hackers could exploit.
This might be an in-car radio, or a vehicle’s air-conditioning, but it could be something much more catastrophic. 2016’s infamous Jeep hack, in which cyber hackers were able to remotely control the vehicle, had consumers questioning – what could happen if a cyber hacker could control your breaks, or unlock your car remotely?
It’s an important question that must be addressed, for these connected cars could be susceptible to theft, or put lives at risk.
In the same way that manufacturers address the safety elements of cars by advancing the hardware with crumple zones, airbags and seat belts, digital security will prove to be just as effective in improving the safety of passengers and pedestrians alike. To ensure vehicles are safe, security must be baked into the design of the car, and shouldn’t be bolted on retrospectively.
According to Gartner, there’ll be 250 million cars on the world’s roads in 2020. With just four years to go, it’s time that connected car manufacturers start thinking about this now. Here are our guiding principles for ensuring the autonomous driving experience is as safe as possible:
1. Risk evaluation
It’s important that developers know and understand all of the potential system vulnerabilities a connected car could face. Originals Equipment Manufacturers (OEMs) should look to carry out a comprehensive risk evaluation so that they can implement security architecture across the entire connected car ecosystem. This ranges from the hardware components, the software running the device, to the communication channels the vehicle uses.
In fact, a recent report from Juniper Research revealed that connected car infotainment, such as your in-car stereo, is predicted to account for 98% of all M2M data traffic by 2021. That’s a whole lot of data, and presents a multitude of avenues that hackers could infiltrate that OEMs must keep in mind.
2. Make sure it’s tamper proof
It’s essential that OEMs protect the device with tamper-proof hardware and software. As an example, embedded secure elements can be implemented to add an extra layer of digital and physical protection from intrusion, and can store credentials and data in a dedicated, secure platform.
It’s imperative that OEMs encrypt and sign the operating software to protect against attack. Without the encryption keys, encrypted software is useless, and the electronic signature will ensure that only validated software is running on the vehicle. What’s more, encryption keys should be securely managed to protect data and manage access to connected systems, and should be stored in the vehicle’s hardware.
OEM’s should implement strong authentication solutions. Two-factor authentication, in particular, is very effective and involves something that you know (such as a password) and something that you have (such as a finger print, or voice recognition). This adds that extra layer of protection by ensuring that only authorised people and applications are granted access to the vehicle’s connected infrastructure.
5. Lifecycle management
Connected car systems need to be protected from attack over the long life of cars and devices – which could be up to 15 years! OEMs need to design an interoperable, dedicated platform to deploy security updates and launch new applications over the air, without impacting other embedded software.
If OEMs can look to embed these security measures into the very design of their vehicles, they can ensure that safety lies at the heart of the car. Safety has been front of mind in the automotive industry for over a century now, but whilst this has traditionally focused on the hardware of the vehicle, cybersecurity is increasingly proving to be just as important in keeping our roads safe.
The author of this blog is Christine Caviglioli, vice president Automotive, M2M at Gemalto.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow