Automotive Cybersecurity - Are we ready yet?

             Automotive Cybersecurity - Why and How?

Cybersecurity in automobiles is emerging as the new measure of quality standard, as the relative frequency of the vulnerabilities related to connected smarter devices are increasing continuously. In recent times, security researchers clearly understood the technical susceptibilities of connected cars, everything from infotainment systems, safety systems, and more. Countless software finds use in cars of today to get the wheels moving, placing added importance for enhanced automotive cybersecurity.

At present, only narrow guidelines and standards exist for precise technical procedures to secure software and hardware in vehicles, like secure communication or hardware encryption standards, among the electronic control units (ECUs). Further, the consequences of failure for the systems controlling the related vehicle-connected devices can be catastrophic as the potential targets are high in number. Automobile manufacturers must increasingly implement improved cybersecurity measures blurring the line between software and transportation to counter cybersecurity threats.

Radical Transformation in the Automotive Industry- Increasing Vulnerabilities in Connected Cars

The accelerated market requirements are triggering the complexities of the electronic systems for cars to meet the increased need for occupants' safety and accident prevention. Such objectives get achieved through electronic driver assistance systems like speed regulation, parking, lane detection, pre-collision. Further, more comfort from the cars like memory seat adjustments, automatic cooling, performance control, and automated tailgate opening, and more, along with improved infotainment systems like voice assistant, Bluetooth, navigation, audio, is expected.

Moreover, in modern vehicles, the growing numbers of electrical components with ADAS features are reasons for further technological advancements around automotive applications like chassis electronics and engine transmission. Car manufacturers are also coming up with more value-added services which require network connections like remote support, remote diagnostics, emergency calls, concierge, and internet browsers. Such a large number of connected electronic components come with increased network connectivity among the electronic components, raising cyber-attack chances.

Modern cars need to offer a continuum to users meeting people’s needs to remain connected for obtaining various information and interacting with the professional and social ecosystems. Rapid growth in the electronic architectures of automotive, faster than other industries, is taking place to meet such requirements. 

The software in the average high-end cars of today comes with 100 million code lines, higher than Boeing 787 or Windows 7. Such a vast line of code leads to higher chances of vulnerabilities and increased security issues that need to be dealt with by the car manufacturers. The global market is experiencing rapid growth of connected cars per year, and the amount is likely to grow further soon, increasing the hacking chances.

There are diverse reasons for software vulnerabilities, and it seems that big automotive project management is not fully aware of the graveness and specifics of cybersecurity. Moreover, it appears that software developers in the automotive sectors do not consider security issues from the start of such a project. The top management of the automotive industry needs to be aware of the importance of security and actively manage security policy, which poses a challenge for the automobile industry to overcome cybersecurity threats.

Staying Ahead of the Cybersecurity Threats in Automotive

A robust security strategy across the globe requires an implementation to mitigate the challenges, vulnerabilities, and threats. The process may not be easy, as the cybersecurity issue is not an old problem in the automotive industry. However, since the technologies are maturing, and with the availability of improved tools and the lessons learned, it can be easier to take proper measures to implement cybersecurity measures in automotive industries also, like other industries.

Although reinventing the wheel is not necessary, a few unique characteristics of automotive industry products need consideration. Unlike personal or commercial computers or IT networks, the automotive industry requires vehicle operation and system and data components protection. Further, car lifecycles are reasonably longer than conventional computer products that can impact the security processes like software update strategies.

Therefore, it is imperative to establish a pertinent list indicating the best practices that automotive industries need to respect, ensuring a secure design over a long period. Such best practices will reinforce the complete security aspects keeping the final products safer. Implementation of multilayered security measures can restrict the impact of malicious intrusion, and in the case of connected cars, such security measures can mitigate cybersecurity risks to a large extent.

In order to thwart the surface attack and protect the most crucial assets of a connected car against various kinds of threats, a few critical steps necessary are as follows:

Ø  Use of COTS cryptographic mature products for segregating onboard network, data filtering, and intrusion detection.

Ø  ECUs hardening implementing the best practices like detecting services and interfaces used for developing, during the car release or tradeoff between the software and hardware security leveraging the defense-in-depth.

Ø  Conducting regular cybersecurity evolution surveys in identical intelligent transportation systems like the Aeronautics.

Ø  Relying on diverse technologies to mitigate security monoculture through the proper application of various measures to thwart propagation of attacks in critical components.

Ø  Use of surveillance techniques towards maintaining security over time, like continuous vulnerability management.

Standards

Some of the standards that comes out like ISO 21434, WP.29 and ISO 27001 for Information security are released making it difficult for OEMs / Tier 1s difficult for implementing security and comply to one Industry standard.

Conclusion

Concept of Cyber security for Automotive is still too early and we need to wait and see the Industry standards that will be adopted not just at the product level but at the organization level. This requires a mindset change to allow the practices to evolve at the organization level. Let's keep our ECU's Secure shall we.....?

Do you need Consulting support for ASPICE / Functional Safety & Cybersecurity?. Then contact us - ram@knot-tek.com or visit Knot-Tek.com

Do you share your thoughts or comments below and let's talk...