Cybersecurity must be future-proof to match car life

More connectivity means more attack-surfaces for cyber criminals.

So, as vehicles continue their rapid evolution toward rolling, four-wheeled connected devices, there is a growing call for automakers, their Tier 1 and Tier 2 suppliers and other stakeholders to more seriously consider deep integration of security measures to ensure over-the-air (OTA) software updates remain secure from malicious actors.

Beyond the exact security specifications and approaches to securing vehicles, the industry is being urged to adopt a more cohesive strategy towards cyber-security in self-updating vehicles. That’s the perspective of Jeff Davis, Blackberry’s senior director of government affairs and public policy, who said the auto industry is still lagging behind other sectors in understanding that the security threat to connected vehicles is not a looming issue but one that needs to be addressed here and now.

“There is no perfect engineering solution for cyber-security because it changes faster than the updates can change,” he noted. “In automotive, it seems, we have a tough time accepting that reality.” Davis said some automakers appear to be tackling the subject of security vulnerabilities more seriously than others, which can be shown by their willingness to partner with software security specialists, for example.

“Those who are doing well are making it a part of their product development, as an issue that begins with the supply chain, and into where the user interface is,” he said. “Those automakers are looking at everything from the chip level through the software level all the way up to where it gets to the consumer and their ability to control whether or not they take an update, ensuring there’s an authentication process going into the update, so you’re not just getting an update from a man in the middle source.”

Davis explained it’s possible to tell “very quickly” tell from the effort they’re put in, because it’s evident in the way they’re developing the car. “As you start to see more electronics put in there, when we get our first real incident of people stealing info from an automobile, or people in injecting viruses into a car, you will see consumers get nervous and OEMs respond in kind,” he said.

Davis said the biggest change the industry needs to make is a move towards broader partnerships to foster a culture where zero-trust architecture is the standard. What that means is everyone in the network is constantly being authenticated and every time a signal is sent between vehicles, or from a roadside point to a vehicle, all those things must be authenticated.

To read the complete article, visit TU-Automotive.