How to Ensure Automotive Cybersecurity in the Next-Gen Vehicles [Part 2]
In this final part, we will describe best practices and solutions to ensure a better level of cybersecurity in the next-generation vehicles. Additionally, we will discuss ways to implement these practices based on the experience of world-famous security companies and round-the-clock approach to incident management utilized by Infopulse cybersecurity experts.
Automotive Cybersecurity Standards and Best Practices
Although there is a bundle of world security standards, e.g. ISO, IEEE, IEC, IETF, SAE, TCG, CERT C, MISRA C, and others that can be applied to automotive niche as well, the industry still lags behind considering the level of connected vehicle security.
Automotive cybersecurity standards are only emerging, whereas the development of mandatory standards is still in its initial stage. The existing standards are mostly established as guidelines to follow. For instance, SAE J3061 standard is defined as a “recommended practice” in “Cybersecurity Guidebook for Cyber-Physical Vehicle Systems” document. However, even the government-issued “Cybersecurity Best Practices for Modern Vehicles” document carries only clearly a voluntary character, serving “as a resource to supplement existing voluntary vehicle cybersecurity standards”.
Today, the most comprehensive series of all combined standards, principles, frameworks and guidelines are listed in Auto-ISAC’s Automotive Cybersecurity Best Practices. This guidance document consolidates main concepts of documents generated by government and non-governmental organizations such as NHTSA, Auto Alliance, NIST, ISO and SAE International.
The aforementioned practices focus on seven main factors that influence the vehicle cybersecurity.
Security by design.Hardware and software cybersecurity features should be integrated during design and product development stages by identifying and addressing the potential threats, enabling security design reviews, limiting interaction of networks, performing vulnerability and integrations testing, etc.Risk assessment and management.To reduce the impact of cybersecurity vulnerabilities, all potential risks must be identified, categorized, prioritized and assessed at the first development stage and reassessed at all the subsequent vehicle lifecycle stages.Threat detection and protection.The consistent process of identifying security threats and incidents should involve monitoring of current and emerging threats, daily scanning and testing of top risk areas, detecting anomalies in vehicle operations systems, services and disperse connected functions, etc.Incident response and recovery.A dedicated incident response and recovery team should document the lifecycle of an incident at the stages of identifying, containing, remediating and recovering. The team should also perform periodic testing and imitation of incidents. As experience has shown, a nice way to manage the incident lifecycle is to apply a round-the-clock See an example of such approach utilized by Infopulse monitoring team as illustrated in the diagram below:
Collaboration and engagement with third parties.To improve cyber threat awareness and respond properly, automakers should collaborate with different stakeholders and third parties including other carmakers, cybersecurity researchers, suppliers, government agencies, etc.Governance.It is crucial to determine the organization executive responsibilities clearly, as well as the roles of all team members. The manufacturer must allocate necessary resources to ensure the high-level of cybersecurity.Training and awareness.Establishing internal programs for employees and stakeholders, an organization strengthens understanding of cybersecurity risks, as well as IT, mobile, vehicle-specific cybersecurity awareness.
The lack of uniform mandatory standards, on the one hand, allows the industry leaders utilize best practices and develop individual approaches to the connected car cybersecurity solutions. On the other hand, as Security Innovation expert points out, if an automaker operating with thin margins has to choose between profitability and security, the latter is never prioritized with non-binding standards.
Automotive Cybersecurity Solutions
There are many approaches and ways to implement automotive cybersecurity practices. In search of all-encompassing solutions, automakers should focus on the proactive approach and provide end-to-end protection. In this case, the distributed security architecture described in a McAfee white paper covers three essential layers of defense-in-depth: hardware security modules, software security services, and hardware services. See the illustration below:
However, alongside hardware and software protection cybersecurity experts also include network monitoring and strengthening outside and inside the vehicle, as well as cloud security services. The building blocks of each layer are those required solutions implemented by the collaborative cybersecurity team:
- Hardware-based protection.
Serving to protect ECUs and buses, this layer covers secure booting and software attestation functions, cryptographic techniques to identify unmatched code, protecting data from tampering and reverse engineering, enhancing cryptographic performance, embedding pointer-checking functionality to eliminate code vulnerabilities and protect active memory, ensuring secure identification and preventing unapproved access by other devices.
- Software-based protection.
This layer ensures the validity of loaded software components, isolates disperse processes/functions of operating systems, manages and authorizes electronic keys, biometrics, passwords with an access to personal data such as locations, financial transactions, and detects malicious or accidental threats.
- Network protection.
An important layer of protection, required to verify the approved source of communications, defend authentications from spoofing, restrict network communications, limit abnormal types of messages and their number, and permit messages and communications solely between approved sensors and systems.
- Cloud-based protection.
Going cloud may be beneficial for authenticating and securing a channel to the cloud, applying privacy constraints to spot anomalous behavior, filtering and deleting malware, as well as ensuring secure over-the-air (OTA) updates and enabling easy but secure management of account data and user profile.
Blockchain as Future of Cybersecurity
According to SEI technical review, the main automotive cybersecurity threat stems from the message spoofing in the CAN network by the connected unauthorized devices. Thus, an in-vehicle network requires strengthening by the means of the technology that can protect from the hacker’s access and data tampering. One of such is Blockchain, a distributed ledger of any transactions programmed to record any kind of information. The ledger is based on the consensus mechanism, ensuring secure data storage as well as its exchange. The data is encrypted and hashed in the blocks, thus, it is close to impossible to change even one data unit in the whole network since it requires immense computing power.
Potentially, any industry, including automotive, can adopt Blockchain technology to optimize business processes ensuring security, immutability, transparency of all records and their transactions.
Infopulse, as a provider of Blockchain related solutions, contributes to the Ukrainian start-up REMME that has developed a Blockchain solution to protect the vehicle’s network from an unauthorized access. A passwordless user authentication system, REMME eliminates such attack vectors as fishing, keylogging as well as the need for a centralized database storing user credentials. It also removes the human factor since social engineering is no longer possible. Furthermore, with the help of REMME platform, managing access and entitlements will change in future.
Generally, REMME Blockchain-based solution allows a car owner to securely share an access to the vehicle with any family member, another driver, a technician, etc. for a certain period of time in particular area or distance. In detail, the access is safeguarded by a certificate in the hardware key, obtained by the owner. The hardware key can create the mesh connection to a car to control it remotely with the help of SSL/TLS connection. Upon creating such connection, the car can check the revoked state of the certificate key with the Blockchain internal light node.
Thus, automotive cybersecurity experts should adopt not only new-age connectivity features but also such innovative technologies like Blockchain ensuring the highest level of the modern vehicle cybersecurity.
In this article, we aimed to describe main cybersecurity concerns, standards, practices and solutions that can considerably transform all automotive industry. At the moment, automotive cybersecurity is vulnerable to many attack vectors arising from the complicated connected car infrastructure and a variety of car automation trends. Surprisingly, but technologies like ADAS and IVIS, designed to improve safety on the road, conversely decrease the level of security creating multiple attack surfaces. The vulnerable car network, drivers’ concerns and already compromised car brands have induced automakers and cybersecurity companies to develop best practices described in the article. Consequently, automotive cybersecurity requires a significant allocation of resources and assets to patch threatening vulnerabilities of the connected and autonomous vehicles. Keeping abreast of emerging standards and innovative solutions will also help solidify automotive cybersecurity.