Beim Thema Connected Car wird es eine der größte Herausforderungen sein, diese vor Hackerangriffen zu schützen. Hier sind 6 Praktiken dazu.
4. Security begins with the design
A product can only be secured if it is designed with security in mind. “Quick fixes” on top of an unsecure product do not only add complexity, cost, and sometimes weight, but can also be easier to circumvent as they may not structurally solve the vulnerability challenge. Conducting so-called “penetration tests” are only a temporary solution.
Because of this, other industries - such as aerospace, railroads, and critical infrastructure providers, have started to adopt a set of different design approaches, not just technologies, as the silver bullet solution simply does not exist. Future car design must be “cyber security native,” integrating security solutions into the earliest stages of product design.
However, secure design, while necessary, is not sufficient to guarantee full product security over time. Solutions are effective only when they are consistently implemented and the components, both software and hardware, used to implement the design conform to recognized standards such as ISO 26262.
In implementing a regular and timeous response to the cyber threats an increasing number of manufacturers are implementing Over-the-air updates that reduce delays and ensure the entire fleet is brought up to date.
5. Staying one step ahead of the hackers with regular software updates
Over-the-air (OTA) updates are currently available on many connected cars (although only for limited sections of their software), allowing for a quick response to attacks which enables manufacturers to eliminate particular vulnerabilities before they are exploited.
One such service, Airbiquity OTAmatic, securely orchestrates and automates multi-ECU OTA campaigns with policy-driven dependency, rollback, and recovery; certification, authentication, and encryption; dynamic data collection and upgradable analytics; intelligent network selection, data caching, and transfer; customized consumer notifications, prompts, and consent; and campaign creation, approval, reporting, and administration.
OTAmatic can also be deployed via Airbiquity's Choreo cloud, leading public clouds like Microsoft Azure or Amazon Web Services, or on-premise data centers to best meet automaker and supplier management, security, and business needs.
However, these benefits come at a price, as OTA implementation costs are high on both the car and the back-end infrastructure. Hence, effectiveness and area of focus need to be carefully traded off, considering the design and the development approaches for each module and at the overall system level.
6. Securing V2X communication against cyber attack
While communication between vehicles, and between vehicles and the infrastructure, hold the potential for significant benefits to safety and traffic management the success of V2X technology depends on cybersecurity and the integrity of the safety messages.
Currently, roadside sensors use short-range wireless technology to transmit information to vehicles, however, this data is lamentably easy to interfere with, and tampering with real-time traffic information could have disastrous effects on autonomous vehicles, which rely on roadside infrastructure to safely navigate the real world.
For V2X to be successful, the system must be designed so hackers are prohibited from modifying messages in transit and sending false messages as a valid end entity (EE).
For this reason the USDOT has partnered with Crash Avoidance Metrics Partners (CAMP), a consortium of seven major automotive manufacturers, to develop the security specifications and proof of concept prototypes behind V2X. The research performed by CAMP and its security industry partners are setting the groundwork for the deployment of the largest public key infrastructure (PKI) in history, once the new proposed rule-making policy (NHTSA-2016-0126) goes into effect.
Notwithstanding CAMP’s efforts, networking specialist, Cisco Systems, believes that blockchain could offer an interesting solution to any cyber threat to V2X.
