Onlinefähige Fahrzeuge haben eine große Herausforderung beim Schutz vor Hackern, müssen aber gleichzeitig für online Updates vorbereitet sein. Im Stand vermutlich kein Problem, was passiert aber während der Fahrt?
Chris Thomas, a founder and partner in the venture investment firm Fontinalis Partners said: "Now, cyber security is not a choice. It's a must-have. There's been a huge paradigm change in how people think about it as an overall component of the system."
Autonomous cars will be even more vulnerable to attack due to their reliance on vehicle-to-vehicle and vehicle-to-infrastructure communications, according to David Barzilai, executive chairman of Karamba Security. While attacks against vehicles usually enter through the infotainment system, he says, an attack against the V2X communications system might compromise safety without being detected in network traffic.
A multi-layered problem
With the complex architectures and complicated supply chains of automotive, even when standards and requirements are delivered to suppliers, it's very difficult to ensure those requirements are being met at the chip level, according to Jonathan Allen, a director of Booz Allen Hamilton.
"Automakers have to assume each one in itself is insecure," he says. The keys are redundancy in design and monitoring to ensure if a part of that system is compromised, it's reported and fixed.
In connected and/or autonomous vehicles, these layers need to be secured:
· Software development among carmakers and suppliers, reducing coding errors that could be exploited and the likelihood of malicious code being introduced
· The factory floor where hardware and software are installed in individual cars
· The transportation system, so that persistently connected cars are not attacked in transit
· The dealership, where software may be installed or updated and connected cars are available for test drives
· The car itself
· Communications to and from the car after it's deployed, including WiFi, cellular, V2V and V2X, and over-the-air updates
· Data produced by the car and stored by carmakers and partners
At the vehicle level, devices, software and communications within the car must be secure:
· The operating system
· Software for different modules and ECUs
· Intra-car networks like the CAN
· Individual control units such as the integrated drive system or telematics control unit
Finally, cyber security should be baked into the company itself, not only in enterprise networks but also into every facet of internal operations.