Are We Prepared for Cyberthreats in the New Era of Transportation?
By Hassan Triqui
Ensuring vehicle cybersecurity is a multifaceted challenge that encompasses aspects of software development, cryptography, operating systems and life-cycle management.
The automotive user experience has evolved dramatically, and the trend is accelerating, driven by advances in vehicle connectivity and autonomy. Connectivity makes it possible for the car to be safer and more aware, thanks to vehicle-to-everything technologies. Autonomy enables the car to behave more intelligently, thanks to advanced driver-assistance systems (ADAS).
The downside of these technology enhancements is the increased exposure to attacks. Connectivity can be leveraged as an attack vector, and autonomy can drastically augment an attack’s impact. In practice, the scary scenario is that of a remote attacker infecting a car through its wireless interface and taking control of the vehicle by abusing its ADAS capabilities.
Trust in hardware and software is key in the realm of connected vehicles. Security-by-design principles must be ingrained into the very foundation of electronic control units (ECUs). Safety and security considerations are pivotal, with tailored security levels adapted to each ECU. This approach ensures that every component of the vehicle’s hardware contributes to its overall security posture, laying a solid foundation for trustworthy automotive systems.
Imagine a scenario in which a hostile state or a rogue hacker group gains access to the control systems of connected vehicles. The consequences could be catastrophic: widespread accidents, traffic gridlock and even deliberate targeting of individuals or critical infrastructure.
The challenges of connected-vehicle cybersecurity
Ensuring vehicle cybersecurity is a multifaceted challenge that encompasses aspects of software development, cryptography, operating systems and life-cycle management. One significant hurdle lies in implementing safe and secure coding practices tailored for automotive environments. Adherence to stringent standards helps to ensure that the software running in connected vehicles is robust and resilient against potential attacks and exploits.
Integrating artificial intelligence into automotive systems complicates cybersecurity efforts. AI-driven functionalities, such as autonomous driving and ADAS capabilities, introduce new attack vectors and complexities in securing connected vehicles. Essential protections, including secure boot mechanisms, communication protocols, fault and intrusion-detection mechanisms and memory protection, are paramount to safeguarding AI-driven functions from exploitation by malicious actors.
The adoption of post-quantum cryptography will likewise be crucial for safeguarding communications and data exchange within vehicles in the near future. With the advent of quantum computing, some of the traditional cryptographic algorithms will become vulnerable to brute-force attacks, necessitating the deployment of quantum-resistant cryptographic algorithms to maintain vehicle security.
Secure operating systems are required that enable secure applications to run in an isolated manner within software-defined vehicles. By compartmentalizing critical functions and services, these operating systems mitigate the risk of unauthorized access and tampering. Managing the security life cycle of connected vehicles is also fundamental to ensure that security measures are maintained from IC manufacturing to decommissioning.
The commitment to cybersecurity doesn’t end with the development and deployment of vehicles; it extends throughout their life cycle. ISO/SAE 21434 and the European Cyber Resilience Act underscore the importance of life-cycle cybersecurity management. Such approaches to cybersecurity ensure that vehicles remain resilient to evolving threats and vulnerabilities throughout their operational lifespan, including the integration of secure-firmware-update over-the-air capabilities. By integrating life-cycle cybersecurity management practices through product-security incident-response-team services, the automotive industry can further enhance the security and trustworthiness of connected vehicles, safeguarding them against emerging cyberthreats.
Security certification is mandatory in building trust at every level of the autonomous-vehicle ecosystem. Each component must undergo rigorous certification processes to validate its security measures and ensure its trustworthiness. From individual ECUs to complex vehicle systems, robust security certification protocols are necessary for instilling confidence in the hardware components that power self-driving capabilities. This includes obtaining ISO 26262 ASIL-D certification, implementing robust security measures and adhering to industry standards to fortify the resilience of automotive systems against cyberthreats throughout their operational lifespan.
Collaborative efforts to secure the future of mobility
In addressing the challenges of securing autonomous vehicles, embedded cybersecurity emerges as an indispensable cornerstone of automotive innovation. Through a concerted effort to prioritize cybersecurity measures, adopt best practices and deploy advanced solutions for cyberthreat detection and monitoring, we can fully embrace the transformative potential of connected vehicles while effectively mitigating risk.
However, the responsibility for ensuring robustness in autonomous vehicles extends beyond manufacturers and developers. Collaboration among governments, academia and industry stakeholders is essential to anticipate emerging threats and mitigate risk effectively. Moreover, public awareness and education campaigns are needed to foster a culture of cybersecurity consciousness among users of connected vehicles.
Collaborative security management across the value chain is crucial in securing connected vehicles. It requires collaboration and accountability on the part of manufacturers, suppliers, service providers and regulators. Each player must attest to its commitment to security management and implement robust measures accordingly. By working together to uphold cybersecurity standards and practices, the automotive industry can build a foundation of trust and reliability in vehicle technology.
By addressing these challenges head-on and fostering collaboration across borders, we can ensure that the promise of autonomous vehicles is not overshadowed by the dark cloud of cyber insecurity. As we navigate the road ahead, let us ensure that embedded cybersecurity serves as the bedrock upon which a safer, more secure automotive future is built.
Moreover, this new paradigm paves the way for new services and business models to monetize security. While there are indeed challenges, there is also a space of opportunities awaiting exploration and innovation.
https://www.eetimes.eu/are-we-prepared-for-cyberthreats-in-the-new-era-of-transportation/a>