Winning Manufacturing Strategies

« Telematics driven parts supply chain | Main

Is Your Vehicle Secure - Cyber Security of Vehicles

Introduction

"On 24th July 2015, Chrysler announced that they will be recalling 1.4 million vehicles which they suspect of software vulnerability in the Uconnect dashboard computed[1] and is a potential threat for hacking.  Two Security researchers Charlie Miller and Chris Valasek hacked the car's entertainment system which was connected to the mobile data network and controlled the car remotely. They showed that Cyber security is a real treat to vehicles.

These days it is often talked and written about connected cars and how it is going to disrupt the industry. The demand for connected cars globally is growing at a fast pace. Customers wants to be connected always and the experts predict that digital disruption in automobiles have already begun. Projection shows up to 15 percent of new cars sold in 2030 could be fully autonomous[2].

Traditionally automobile manufactured have focused on passenger safety and quality of the product as their top priorities. During manufacturing process, the plant operators have always identified component and process which will directly impact the safety of the passengers. However, increasing use of advanced technologies like telematics, autonomous vehicles, IoT have increased the risk of cyber-attacks. Automobiles are as vulnerable as one's laptop or mobile as it is increasingly getting connected to other IT devices.

When someone hacks a vehicle of perform a cyber-attack, the hackers get into the vehicles' networks and controls the electronic control units (ECU). This not only puts the drivers' personal data on risk but also risks the passengers' life and safety.  

In comparison to other industries, automobile industries are way behind on the maturity curve in terms of its preparation towards cyber defense capabilities[3]. According to Professor Andry Rakotonirainy from Queensland University of Technology's Centre for Accident Research & Road Safety[4] ; the security protection on cars is virtually non-existent and one can compare its level of protection to that of a computer way back in 1980s.

But they have started understanding the importance of cyber security. In 2014 Jeff Massimilla was named chief product cybersecurity officer of General Motors; a position never heard of in an automobile industry.[5] With increasing threat and risk, other OEMs will follow suit and recognize the importance of cyber security as their vehicles become more connected and more vulnerable.

Sources of Vulnerability


It is very clear that the future automobiles are going to be more vulnerable to cyber-attacks, in order to address this issue, first we have to check on the source of vulnerability

Vehicle engineering

More complex the product, more is the vulnerability. In some of the high end models, it has become a combination of laptop and mobile with multiple microprocessors[6] and each will have its own software's with millions of lines of code. Each node will be a point of vulnerability and a path for the hackers to get in and take control of the vehicle.

Suppliers

As per a McKinsey report only 10 percent of the automotive suppliers say cyber security ranks high on top management's agenda compared to 35 percent of OEMs. This data clearly shows the low importance and that the suppliers are least prepared to adopt security measures in the product. Each supplier has to adopt cyber security measure to protect the vehicle as whole. Even if a single electronic component is vulnerable, the vehicle will get affected since all are interconnected.

Users

Finally, just like any other electronic device, ignorance of users is also an easy path for hackers to get into the network. As vehicles become more compatible and get connected to other devices, more entry points are created. The kind of care that users take for online banking, similar protections are required for vehicles in future.

 

Actions to Prevent Cyber Attach on Vehicles


In order to prevent attacks there are actions that everyone has to take up similar to the actions that we take on our enterprise infrastructure or personal electronic devices.

Reduce points of entry for a hacker

As the OEM designs & engineers the vehicle, the should take care of reducing the points by which a hacker can enter the network. This can be done by securing the critical safety and control systems. This is called Air gapping. Here, to ensure network security the computers will be physically isolated from un secured networks like public Internet or an unsecured local area network[7]. So in automobiles one could separate the passenger infotainment system from other critical control system like brakes, steering etc.

Intruder detection

The vehicle network system should have detection and alert mechanism to inform the driver about a potential intruder into the system early on so that the driver can take necessary action to stop the entry of a hacker.

Authentication and Authorization

Authentication and authorization is another area that needs to be addressed in increasing the security. Online banking applications has been widely using it, however adoption in automotive industry is still at a very nascent stage. Using encryption and cryptography is the way forward to address the risk arising due to access breach. Blockchain is an upcoming technology in encryption and cryptography and several use cases will evolve in cyber security area and automotive industry should keep a watch on its evolution.

Alternate mechanical fall back option

While OEM designs electronic system, a manual override system should also be designed for critical systems like Steering, Brakes etc. In case of any hacking, there should be an alternate mechanical system which can come into play during such scenario. The passenger or driver can switch to a mechanical system whenever any suspicious activities is detected in the network.

Conclusion

 

Connectivity is a necessity for any device an individual owns in this era of technology revoution and convergence.  Automobiles is no different as it gets connected to multiple other devices and networks. This technological disruption is inevitable and it is every OEM's responsibility to ensure safety of the drivers and passengers who are using their product. Here, we are not just talking about data theft, but a threat on the life of an individual. We see that every company is investing heavily in latest technologies like telematics, autonomous vehicles etc. However, its adoption will depend on the customer's confidence in its safety and security features. OEMs have to collaboratively find ways to set up security standards which can be adopted across the supply chain. OEMs and suppliers have to establish partnership with software vendors and experts in cyber security to ensure security of their products and keep the product up to date with respect to its security.



[1] http://www.bbc.com/news/technology-33650491

[2] Automotive revolution -perspective towards 2030 by McKinsey -Jan 2016

[3] Shifting gears in cyber security for connected cars by McKinsey - Feb 2017

[4] https://www.sciencedaily.com/releases/2014/09/140917120705.htm

[5] http://www.automotiveit.com/my-role-is-to-protect-the-cars-ecosystem/news/id-0051475

[6] http://www.newelectronics.co.uk/electronics-technology/growing-number-of-ecus-forces-new-approach-to-car-electrical-architecture/45039/

[7] https://en.wikipedia.org/wiki/Air_gap_(networking)

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter