Product connectivity has become a common feature in the automotive industry. Many cars carry IoT solutions, ranging from real-time traffic data to driver behavior pattern detection. However, more IoT connections also mean a greater potential threat from cyberattacks. How can you use cybersecurity to your advantage to protect your connected car?
Don’t Hack and Drive
In an increasingly tech-heavy world, product connectivity is becoming ever more common. One sector in which connectivity has taken a massive IoT leap forward is the automotive industry. Virtually without exception, car manufacturers are incorporating connectivity into the DNA of their cars. Connectivity ranges from a navigation system showing live traffic data to the integration of advanced driver-assistance systems like adaptive cruise control.
This connectivity brings you not only the ease and comfort of being able to leave the driving work and decision-making to computers but also unique cybersecurity risks. Both for the people steering the manufacturing companies, and for those behind the steering wheel of their connected car.
The Connected Car and Its Risks
The risks linked to the connected car are an unwanted side effect of the wireless connectivity these cars have with external networks, often through a cellular connection. Similarly, modern cars offer passengers the ability to connect wireless devices via tethering or via onboard WIFI systems. These connections form potential entry points for malicious actors and make the connected vehicle vulnerable to hacking. A quarter of a billion connected cars will be on the road by 2020, while 98 percent of newly sold cars will have some form of connectivity in that same year.
Looking at these developments, it makes sense that car manufacturers are buckling down to protect their connected cars against potential cybersecurity risks.
Where to start then? All security efforts should take the design of the vehicle as a starting point, making today’s cars compatible with future innovations. Striving for a secure connected car ‘by design’ should be a top priority for car manufacturers. And the ‘by design’ principle is basically very simple: adding crumple zones or brakes only after the car has been finished will drastically decrease the overall safety of the car and increases the overall complexity of the design. Similarly, adding cybersecurity measures to a vehicles Electronic Control Unit (ECU) only after its installation makes it easier for outsiders to circumvent such measures, increasing the attack surface, and adding layers of complexity to the ECU’s architecture. Incorporating cybersecurity at the drawing board is admissibly key to enhancing the safety of connected cars.
Be aware though! An often-encountered design flaw is the integration of a vehicle’s ECU with its entertainment system. When the infotainment system offers remote access, hackers might be able to hack the ECU through the entertainment system. This is where things get awkward for manufacturers. Hackers showing off with gimmicky features on the navigation screen is not what keeps the manufactures up at night. Hackers having control over throttle, brakes, and steering functionality does, however!
Steering Away from Cybersecurity Risks
A solution to the security risks of connected cars is to air gap the two systems. Air gapping means to physically separate the two systems completely. It’s an architectural concept that allows for greater security, as a breach of one system does not affect the other. The main advantage being that people in the car don’t have to worry as much about external hacking threats. One downside of air gapping is, however, that it is complex and expensive to implement in existing builds and designs with interconnected ECU and entertainment systems. It’s, therefore, not always the best option for manufacturers.
One particularly interesting innovation that could offer a convincing solution to the emerging security risks is the use of Intrusion Detection Systems (IDS) in vehicles. An IDS will monitor a vehicle’s data streams with both internal and external systems, checking it for anomalies and malicious activity, and reporting its findings to an administrator. Then, through big data analysis of the anomalies, the administrator can monitor the constantly changing threat landscape and attack patterns. When installed in a larger fleet of vehicles, this creates a form of ‘swarm intelligence’, ever increasing the cyber-resilience of all the vehicles within the fleet. Using such an anomaly-based IDS will help secure the connected car and keep it secure over time. The big data analysis helps cybersecurity teams develop security countermeasures that can be updated wirelessly to all connected vehicles. This increases overall cybersecurity in connected cars and offers continued protection beyond the gates of the factory.