Post on 15-Apr-2017
The New Assembly Line 3 BEST PRACTICES FOR BUILDING
(SECURE) CONNECTED CARS
Connected cars are about to change the auto industry’s assembly line.
Vehicles are becoming computers on wheels and now have more in common with your
laptop than they do the Model T.
Just as smartphones have supplanted non-Internet-connected phones, connected cars will supplant non-Internet-connected cars.
Auto manufacturers need to become software companies if they want to
survive into the 21st century.
The auto industry must now consider cybersecurity as an integral part to how cars are built, just as
physical safety became a critical part of how cars were built in the late 20th century.
When an industry without experience from the front lines of Internet security begins connecting its products, one of two outcomes often occurs.
When an industry without experience from the front lines of Internet security begins connecting its products, one of two outcomes often occurs.
If there are clear security best practices, then most companies will (hopefully)
implement those best practices.
When an industry without experience from the front lines of Internet security begins connecting its products, one of two outcomes often occurs.
If there are no clear best
practices, companies will likely make a lot of security mistakes, resulting in major cybersecurity
problems down the road.
How do we make cars resilient in the face of
cyberattacks?
How do we make cars resilient in the face of
cyberattacks?
In our research, we have found that if the auto industry is to build vehicles that are resistant to cyberattack, they must
implement three important measures.
An over-the-air update process: Ideally without the owner having to subscribe to a separate service.
Isolation of vehicle and infotainment systems: With this in place, it’s important that any gateway systems receive an extreme amount of security scrutiny.
Hardening each individual component: A resilient automotive cybersecurity architecture should assume that attackers will compromise some component (e.g. the web browser). That single component compromise should not affect the functionality of the system as a whole.
1
An over-the-air update process: Ideally without the owner having to subscribe to a separate service.
Isolation of vehicle and infotainment systems: With this in place, it’s important that any gateway systems receive an extreme amount of security scrutiny.
Hardening each individual component: A resilient automotive cybersecurity architecture should assume that attackers will compromise some component (e.g. the web browser). That single component compromise should not affect the functionality of the system as a whole.
2
An over-the-air update process: Ideally without the owner having to subscribe to a separate service.
Isolation of vehicle and infotainment systems: With this in place, it’s important that any gateway systems receive an extreme amount of security scrutiny.
Hardening each individual component: A resilient automotive cybersecurity architecture should assume that attackers will compromise some component (e.g. the web browser). That single component compromise should not affect the functionality of the system as a whole.
3
Read Hacking a Tesla Model S: What we found and what we learned