Pali Surdhar, Product Security Engineer, Thales e-Security
Previously, when considering the safety of automotive systems, we’ve instantly turned our thoughts to the physical, protective measures of vehicles such as seatbelts, air bags and child locks. Now, however, our minds race to a number of alternatives, all driven by the digital eclipse that is casting itself over the automotive industry.
Connected cars are, and will no doubt continue to be, a major talking point around the world. Not only are manufacturers focusing more efforts than ever before on the software-driven aspect of vehicles, even companies such as Microsoft are turning their heads to get involved in the next big thing.
While this is, of course, an exciting time for the consumers and suppliers of today, it’s also brought with it a number of concerns over safety and security. The diverse range of applications now available to us, along with the exposure and increasing frequency of connected devices being breached, has left individuals worried about the consequences of a hack.
So, how can we sort the real threats from the noise, and ensure we’re best protecting ourselves against attacks on the cars of the future?
Back to basics
The first step to understanding how to secure automotive systems is to understand the systems themselves. As new technologies continue to evolve, and systems become increasingly interconnected (and reliant on each other), security becomes a shared responsibility, and one we all need to take seriously.
This includes considering how the system is built, how it operates, and finally, how to maintain it. The last point isn’t to say you need to cover your car in bubble wrap; physical wear and tear is inevitable, but we must also consider the software running on and around the vehicle and take appropriate measures to keep it functioning correctly and safe from being hacked.
With cars sometimes taking up to ten years to go from paper to product, the software that has been included isn’t always the most up-to-date. This makes it even more essential to develop an understanding of the specifications you are working with, regardless of how long they’ve been around.
Once you know exactly what the system is, you can consider the key pain-points and risks it might be vulnerable to, and put the appropriate preventative measures in place.
An integrated approach
Traditional approaches to security have attempted to secure software in a bastion-like manner, but this is no longer enough. In today’s environment, threats can come from any location and any angle; there is no longer a well-defined security boundary. Connectivity is now making it extremely attractive for consumers to embrace the changes across the industry. Manufacturers themselves, however, don’t necessarily have the knowledge or tools to focus on security.
By aligning system modelling with security modelling, we are able to understand functional and operational processes and to identify and resolve any design flaws that will impact security either immediately or further down the line. Not only is this less costly than addressing vulnerabilities as and when they occur, it means they’re less likely to happen in the first place – an obvious win-win.
As we continue to develop more software, the automotive landscape is only going to grow in complexity, bringing with it a wealth of opportunities, but also challenges. Delivering automotive products and systems that provide the level of security required by customers from the outset will mean a greater overall buy-in.
For more on automotive security, take a look at our connected vehicle solutions:
The post A systematic approach to securing automotive systems appeared first on Data Security Blog | Thales e-Security.
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales e-Security authored by Pali Surdhar. Read the original post at: https://blog.thalesesecurity.com/2017/09/27/systematic-approach-securing-automotive-systems/