As the auto industry changes rapidly and cars get smarter, cybercriminals are also getting more sophisticated, constantly finding new ways to compromise connected vehicles.
Besides the possibility of being stolen, there is an even greater threat, which involves the vehicle being controlled by hackers thus putting human lives at risk.
To select a suitable automotive IoT security solution, you need to consider a number of factors. We spoke to several industry professionals to get their perspective on the subject.
Asaf Ashkenazi, President and Chief Operating Officer, Verimatrix
A modern vehicle is no longer an independent system, but a component of a much larger connected ecosystem. This ecosystem includes smartphones connected to the car for infotainment and remote management, autonomous driving infrastructure and cloud services.
This large ecosystem runs millions of lines of code provided by many different software vendors. Like all software, these millions of lines of code contain many vulnerabilities that can be exploited.
Finding out and eliminating all of these vulnerabilities is unrealistic. Therefore, the main goal should be to minimize the ability of hackers to find these vulnerabilities and prevent them from creating exploits in the event that they manage to discover a vulnerability, and to detect hackers’ attempts so that a patch can be made. be deployed before damage is caused. This can be achieved by protecting the code that runs vehicles, but also the code that runs the connected ecosystem.
The code itself is always assumed to have vulnerabilities. Automakers should not rely on their code vendors to deliver vulnerability-free code. Instead, they need to take matters into their own hands and protect the code that runs the car and connected smartphone apps.
Grant Courville, Vice-President, Products and Strategy, BlackBerry QNX
A best practice for vehicle cybersecurity is an approach originally designed by the NSA called “defense in depth,” which uses multiple layers of security to defend against potential hackers. This is essential for the growing number of connected and electric vehicles given the large number of systems and connections they use – starting with home and public charging stations, to switchboard electronics and telematics. connected board and GPS communication with external data sources.
As connected and electric vehicles become mainstream, it will be important for automakers, their supply chains and leading cybersecurity organizations to work collaboratively on holistic approaches and align with safety and security standards. emerging security such as WP.29 to face the ever-changing threat landscape.
The rapid and widespread deployment of electric vehicles, as envisioned by many governments today, must involve a resolute focus on safety from the start – both for vehicles and infrastructure, or we risk doing so. even more compelling is our electrical infrastructure, and the vehicles connected to it. target for those who wish to harm us, our society and our economy.
We firmly believe that security cannot be an afterthought. For automakers and the entire automotive supply chain, safety must be a part of the entire product lifecycle.
Moshe Shlisel, CEO, GuardKnox
Increasing vehicle connectivity poses the biggest cybersecurity challenge in the industry. Yet rapidly changing consumer demands and emerging technologies require this increased connectivity to deliver better in-vehicle experiences. This means that OEMs and Tier 1 suppliers face a major challenge: To meet market expectations, they must integrate platforms that enable high performance capabilities, additional services and equipment, while ensuring their security.
When selecting an automotive IoT security solution, it is essential to ensure that the solution is secure by design. A deterministic and secure approach from the design of cybersecurity to the safety critical level is essential for the safety of passengers and vehicles. Here, we cannot rely on the post-event remediation methods of computer cybersecurity. False positives and false negatives are not an option when lives are on the line.
Deterministic security requires that all potential operational permutations be exhaustively modeled and that any communication or process execution be unable to move the subsystem out of the realm of acceptable behavior. Security mechanism threat agnosticism means that attacks of any type (intended or not) and from any source cannot compromise any security critical ECUs or communications.
Safety can never and should never be an afterthought. Secure by design solutions enable OEMs to deliver an advanced driving experience without compromising automotive cybersecurity.