Cars and Infosec – I should have been a lawyer…

Capgemini’s cars online survey 2015 describes what customers are looking for when they buy a new car.  Increasingly, manufacturers will need to deploy information, and IT, to satisfy the market’s expectations.  This creates an increased need for security.  I will describe some interesting aspects below.
In-car features: customers want IT in many aspects of their car.  This includes entertainment, navigation, communication, security, and vehicle management.  Some of these are safety critical, some aren’t.  The critical aspects must be rigorously engineered, and protected from interference.  It is unlikely that the less critical aspects can be engineered to the same standard, so a vehicle will have to separate these out so that they cannot be a source of risk.
Many manufacturers seem to be failing to provide this separation adequately, judging by the analyses performed by security specialists in this space.
This type of problem is best addressed early on in a car’s lifecycle: rigorous assurance and testing work is expensive, but recalling millions of cars to correct a security flaw is even more expensive!
Talking of recalls: wouldn’t it be better to update vehicle software remotely over the air?  Perhaps – but how will manufacturers contact the owners?  What happens if an owner forgets to perform an update?  Will drivers need a cyber security qualification before they are allowed to have a driving a license?
Ecosystem: a manufacturer will have to collaborate with customers during the purchase and fulfilment process.  It must also collaborate with the supply chain (OEMs, dealers, after-market manufacturers etc).  This will involve passing around personal information (people’s contact details and preferences), commercially sensitive information, payment information, and intellectual property. 
Players in this market will need to be able to register many different types of user with many different levels of IT capability.  Players must be able to authenticate their users, control their access, keep appropriate records, and detect cyber attacks and other misbehaviour.
Modern identity management tools can facilitate this through single sign-on, federation and business-focussed access policies.  A Security Operations Centre (SoC) is important for maintaining security situational awareness.
Big Data: as cars become more instrumented, opportunities will arise to start gathering data about them.  Insurance companies, for instance, are starting to offer drivers a discount if they will allow their driving style to be monitored.  This has obvious benefits, but drivers have to think about the consequences for their privacy: are they happy for so much information about them to be made available?
Self-driving cars: this is something of a wild card.  Self-driving cars have gone from a nerdy experiment to a whole collection of commercial ventures.  Obviously, a self driving car needs to be able to navigate the world’s roads safely.  Many common driving self-driving scenarios require the cars to communicate, not just with each other, but with the surrounding environment.  This creates new routes for cyber-attack.
Liability: if a car crashes after it’s been hacked, who’s liable – the driver, the manufacturer, the software developer, or the test house that assured it?  I should have been a lawyer…
Capgemini has a huge global security practice with deep experience of the automotive industry.  Capgemini has specialist practices in risk analysis, application security testing, identity management, SoC and end point security.

Related Posts

Cloud Security

Cloud security is not too different

Roy Samson
August 13, 2018

Take a closer look at your current security options before investing in new ones.


IAM DevOps in Capgemini

Terence Stamp
August 10, 2018

The Agile methodology has been gaining traction in its adoption throughout the business world. This...

AI and analytics

Spotlight on Capgemini NA @ Informatica World 2018 | May 21–24 in Las Vegas

Jackson, Dusty
July 10, 2018

Spotlight on Capgemini NA @INFA World 2018 with key representation from Dusty Jackson, Scott Sweet,...


By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information