The reason several new attack vectors are introduced with every digital feature that is added to a system (whether a vehicle or a smart meter) is twofold. First, manufacturers traditionally have the tendency to choose for functionality over security, because they want to be the first to bring a nice new feature to the market. Second, it is because all these nice features together create an ecosystem of software and hardware components that are somehow connected. In vehicles, most electronic control units are connected to the vehicle’s central controller area network (CAN). This network allows electronic components inside a vehicle (such as electronic driving functions and infotainment systems) to communicate with each other. Of course, this network can also be used to send malicious commands to various systems. For example, what if you can hack into a vehicle’s infotainment system and use it to send malicious commands over the CAN to the vehicle’s driving functions? The consequences could be disastrous.
The world of the ‘connected vehicle’ requires a comprehensive approach to security in which the following aspects are considered:
- Ecosystem Risk – Because modern vehicles consist of an interconnected ecosystem of digital components, risk management efforts should consider the risks to the security of the ecosystem as a whole. This gives a comprehensive overview of the threats and risks to be considered in the next phases of the development process. By considering the ecosystem as a whole, the chances of risks caused by vulnerabilities in other components within the ecosystem to materialize can be reduced.
- Security by Design – In traditional software development efforts, security is considered only after the design of a system is done. The primary focus was on pushing new functionality to the market fast and following up with patches if needed. In systems where information security risks can lead to a physical risks, this is no longer sufficient. Security should be considered right from the start during the development of the requirements for the system.
- Architecture Principles – In addition the considering security from the start, the car manufacturing industry should adopt a generic set of architecture principles that govern the way information technology is implemented in vehicles. This improves interoperability between components from different manufacturers and ensures that components within the vehicle’s ecosystem are built according to the same set of cyber security rules and guidelines.
- Layered Defense - In another blog, I discussed the importance of layering information security controls to protect an organization’s information assets. This is equally important in ecosystems such as today’s connected vehicles. One way to add another layer of security is to compartmentalize the different networks in a vehicle. This means to physically separate the network used by infotainment systems from the network controlling the vehicle’s driving functions. This prevents malicious commands being sent from one network to the other and adds a layer of protection.
- Industry collaboration – Although risks to information security in vehicles is a trend we’ve seen in recent years, information security has been around for a long time. The cyber security industry is maturing and there are a lot of companies that can provide knowledge and experience in the field of information security. It is not necessary for car manufacturers to reinvent the wheel (pun intended). Collaboration with experienced industry partners is key in finding a cost-effective approach to cyber security.
Read more about the trends in the automotive industry in our new Cars Online 2015 report.