What will protect our software-enabled cars?

From advanced navigation systems to entertainment, new cars come with an array of computer processors, sensors, and software. No longer closed systems, connected vehicles must recognize and build a robust cyber security infrastructure.

Why secure the entire automotive ecosystem

Vehicles contain many interconnected components with hundreds of Electronic Control Units or ECUs, often developed by multiple suppliers, which make them a hotbed for cyber-attacks. The vehicle comprising of these assorted electrical parts when ideally connected through an internal network is well accessible to hackers. A hacker might take control of safety-critical parts like engines or brakes by gaining access to a tangential electronic management unit. Vehicle’s infotainment system, Tire Pressure Monitoring Systems or TPMS, remote keys, GPS, USB, lighting system, OBD-II, and Advanced Driver Assistance Systems or ADAS, can all potentially serve as entry points.

Regulatory attention

As cars evolve faster in terms of technology, legislation is starting to take notice. For instance, the UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) announced that cybersecurity would now be a prerequisite before going on the market. Multiple regulatory agencies have recognized requirements within newly published standards as the basis for certification starting in 2022, and corporations are required to demonstrate a Cybersecurity Management System (CSMS) and a Software Update Management System (SUMS) to maintain the right to sell vehicles in those countries.

Over-the-air

Over-the-air or OTA updates have become part of today’s connected devices, and the same functionalities naturally extend to connected vehicles as well. Most cars today become gradually less advanced as new models are launched with the latest and improved technologies. OTA updates are a bid to counter this. Through OTA updates, the software that runs the vehicle can continue to evolve and improve throughout its lifecycle, ensuring that cars can remain relevant and offer improved functionality.

Autonomous driving

Autonomous technology is growing at an incredible pace, which means that apart from general testing, external and internal safety issues like hacking, malfunctioning must be solved. The amount of data that autonomous vehicles gather, analyze, and the process has increased dramatically and will continue to do so in the coming years.

Shaping automotive cybersecurity

  • Cybersecurity has to be baked into a company’s processes right from the very beginning — from design and development through manufacturing.
  • An ‘assume harm’ posture will serve the industry well, and guide both software and hardware developers to create systems with cybersecurity built into them, at all levels.
  • As automotive ecosystems grow and evolve, software could come from multiple suppliers and run on the same hardware platform. All software must be analyzed for threats and common vulnerabilities, through software composition analysis, penetration testing and periodic risk assessments.
  • Such an environment requires defense-in-depth strategies, which include secure updates, secure boot, identity access management, isolation-through-virtualization techniques etc.
  • The microchips used within a vehicle’s ECUs must be secured. Secure hardware capabilities include secure storage, tamper detection, hardware acceleration for crypto-algorithms, secure firmware upgrades, secure key updates, secure boot, secure debug and other features.

Insurance made simple. www.roadzen.io