Cars and Infosec – I should have been a lawyer…

Publish date:

Capgemini’s cars online survey 2015 describes what customers are looking for when they buy a new car.  Increasingly, manufacturers will need to deploy information, and IT, to satisfy the market’s expectations.  This creates an increased need for security.  I will describe some interesting aspects below.  In-car features: customers want IT in many aspects of their […]

Capgemini’s cars online survey 2015 describes what customers are looking for when they buy a new car.  Increasingly, manufacturers will need to deploy information, and IT, to satisfy the market’s expectations.  This creates an increased need for security.  I will describe some interesting aspects below.
 
In-car features: customers want IT in many aspects of their car.  This includes entertainment, navigation, communication, security, and vehicle management.  Some of these are safety critical, some aren’t.  The critical aspects must be rigorously engineered, and protected from interference.  It is unlikely that the less critical aspects can be engineered to the same standard, so a vehicle will have to separate these out so that they cannot be a source of risk.
 
Many manufacturers seem to be failing to provide this separation adequately, judging by the analyses performed by security specialists in this space.
 
This type of problem is best addressed early on in a car’s lifecycle: rigorous assurance and testing work is expensive, but recalling millions of cars to correct a security flaw is even more expensive!
 
Talking of recalls: wouldn’t it be better to update vehicle software remotely over the air?  Perhaps – but how will manufacturers contact the owners?  What happens if an owner forgets to perform an update?  Will drivers need a cyber security qualification before they are allowed to have a driving a license?
 
Ecosystem: a manufacturer will have to collaborate with customers during the purchase and fulfilment process.  It must also collaborate with the supply chain (OEMs, dealers, after-market manufacturers etc).  This will involve passing around personal information (people’s contact details and preferences), commercially sensitive information, payment information, and intellectual property. 
 
Players in this market will need to be able to register many different types of user with many different levels of IT capability.  Players must be able to authenticate their users, control their access, keep appropriate records, and detect cyber attacks and other misbehaviour.
 
Modern identity management tools can facilitate this through single sign-on, federation and business-focussed access policies.  A Security Operations Centre (SoC) is important for maintaining security situational awareness.
 
Big Data: as cars become more instrumented, opportunities will arise to start gathering data about them.  Insurance companies, for instance, are starting to offer drivers a discount if they will allow their driving style to be monitored.  This has obvious benefits, but drivers have to think about the consequences for their privacy: are they happy for so much information about them to be made available?
 
Self-driving cars: this is something of a wild card.  Self-driving cars have gone from a nerdy experiment to a whole collection of commercial ventures.  Obviously, a self driving car needs to be able to navigate the world’s roads safely.  Many common driving self-driving scenarios require the cars to communicate, not just with each other, but with the surrounding environment.  This creates new routes for cyber-attack.
 
Liability: if a car crashes after it’s been hacked, who’s liable – the driver, the manufacturer, the software developer, or the test house that assured it?  I should have been a lawyer…
 
Capgemini has a huge global security practice with deep experience of the automotive industry.  Capgemini has specialist practices in risk analysis, application security testing, identity management, SoC and end point security.

Related Posts

agile

SAS Analytics Experience 2018: What to expect?

Monish Suri
Date icon October 22, 2018

Capgemini is a Diamond Sponsor of the SAS Analytics Experience 2018, which is scheduled to...

Augmented Reality

Where’s the Value? Smart, Connected Products and Augmented Reality

Guy Williamson
Date icon September 27, 2018

Why organisations are adopting to the “Mixed reality” technology which is either...

automotive

Industry 4.0 and Automotive

Nick Gill
Date icon September 20, 2018

Automotive companies are coming forward with industry 4.0 rollouts. But is it yielding good...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information