Safeguarding the connected car – to secure the smart city
With the potential to improve the entire driving experience, as well as advance safety standards across the board, there’s a good reason why many drivers are excited to see what the future of the connected car has in store.
However, alongside this excitement, there have been concerns voiced around the security of the connected car. With examples such as Nissan admitting some of its Leaf cars can be easily hacked, allowing their heating and air-conditioning systems to be hijacked, those concerns would appear valid.
Any concerns certainly would not have been muted by new research by global security consultancy IOActive which recently revealed flaws across virtually every single connected car component or device they tested; at least half of which could be exploited with potentially serious consequences.
So should drivers be worried? Should we perhaps even start considering trading in the latest ‘connected’ model in favour of a trusty early ‘analogue’ model?
Well, before any drivers consider making any such rash decisions, we must consider the fact that being personally targeted by cyber-attackers is extremely unlikely. Rarely will somebody consider any one single person to be interesting or controversial enough to warrant hacking their car directly.
However, we are in no doubt that this is a very serious issue – and one that is bigger than just a cybercriminal hacking into an individual’s CD player. Sophisticated cyber-attackers may not target one user but they may go after one vulnerable car in order to use it as an attack vector to the wider network, such as targeting connected transportation infrastructure or critical transport links, to cause chaos. This threat is very real, very possible and one we mustn’t ignore if we are to avoid the dire consequences that could result from a hacker takeover. So how can automakers safeguard the connected car from this potential threat?
Recognise the car is now more like a computer
With over 100 million lines of code, and the computing power of over 20 PCs combined, today’s vehicles have more in common with an iPhone than they do a mark II Ford Escort.
With that in mind, OEMs must alter their approach to address this changing concept. With more software forming part of the driving experience than ever before, it is vital all code is securely encrypted and safeguarded from hackers.
Ensure rigorous authentication
To help defend against certain cyber-attacks, connected components require clear authentication processes. While vehicle OEMs and their suppliers have recognised that cryptographically-based digital signatures do provide the strongest form of authentication, such processes also require the management and protection of the certificates and the underlying keys. Only by working with those with experience of protecting digital signatures can they achieve this.
Incorporate security-by-design technology to safeguard vehicle-to-infrastructure communications
As vehicle-to-vehicle and vehicle-to-infrastructure communications become the norm, it will be critical that manufacturers identify and implement necessary technologies to protect drivers, passengers and the wider community from hackers.
With Gartner predicting that by 2020, there will be a quarter billion connected vehicles on the road, it is critical that all vehicles are robustly safeguarded from cyber-attackers. Those with malicious intent will view the car as an access-point to the wider transportation infrastructure, and car-manufacturers must play a key role in ensuring this gateway is well and truly blocked.