Report warns of more malicious security fears in connected cars
A whitepaper from Capgemini argues that, in the connected automotive world, the potential attack surface extends across the entire ecosystem, with autonomous driving increasing the surface even further.
The report, entitled 'Cybersecurity for the Connected Vehicle', asserts that information will become increasingly exposed as it is used in and travels to and from vehicles. Connected cars will be able to connect in a variety of ways; the introduction of telematics services and infotainment, through Bluetooth and Wi-Fi, opens up the network, which backend systems within the OEM organisation will be able to communicate with vehicles remotely.
These backend systems, Capgemini argues, may have been reasonably secure on their own, but if they're part of an ecosystem, the whole ecosystem has to be as strong as possible. A chain is only as strong as its weakest link. In addition, the company warns OEMs may be relying on outdated security approaches, like 'security by obscurity', and urges OEMs to think of security across the whole lifecycle - not just until the car's been sold.
Meeting the IoT challenge head on
Among automotive sector respondents, in a recent study of cybersecurity threats from Capgemini, two thirds (65%) agreed that secuirty concerns would impact customers' purchase decisions for IoT products. Key challenges to securing IoT products include securing access to the endpoint device (60%) and securing the communication channel (55%).
As a result, Capgemini argues OEMs need to take action now and adjust their thinking on cybersecurity sooner rather than later. They should start to build their understanding of connected vehicles as part of an overall system, including sensors, in-vehicle IT, and various networks.
The researchers again stressed the importance of ensuring vehicles in development are secure from the start - taking into account the need for regular patching and updates. Capgemini defined the four key tenets of security as authenticity, integrity, availability, and confidentiality.
You can see the full report here.
If you are interested in IoT, please visit IoT Tech Expo Europe in London's Olympia, December 2-3 2015.