FEATURE: IOT SECURITY
compromise and exploitation. A closer
alliance with the Internet security industry
will benefit everyone. The Automobile ISAC
(information Sharing and Analysis Centre)
is an interesting precedent.
Next, incorporating more and more
technology into a vehicle, whether
for improving the customer’s driving
experience or enhancing the vehicle’s
performance, must be balanced with the
management of their potential threats
and risks. Ensuring that appropriate
and effective security technologies are
implemented within these systems must
be a mandatory objective, even if it’s not
(yet) a regulatory requirement.
THIS IS AN ISSUE
THAT WILL NEED
TO BE ADDRESSED.
SIMILARLY, IF CARS
CONTAIN SOFTWARE
FROM SEVERAL
DIFFERENT PROVIDERS,
AND SPENDS THE
DAY MOVING FROM
ONE NETWORK TO
ANOTHER, WHO
IS ACCOUNTABLE
OR LIABLE FOR A
SECURITY BREECH AND
RESULTING LOSSES OR
DAMAGE?
commonplace in payment cards,
accessing their details through your car
would be another way to capture data
about you and your passengers.
And last but not least, there are legal and
authenticity issues. Can we consider the
location data of the car as authentic?
That is, if your car reports you opened it,
entered it, and travelled to a particular
location at a certain time of the day, can
we really assume everything happened as
recorded? Will such data hold up in court?
Or can this sort of data be manipulated?
This is an issue that will need to be
addressed. Similarly, if cars contain
software from several different providers,
and spends the day moving from one
network to another, who is accountable
or liable for a security breech and
resulting losses or damage? Was it a
software flaw? Was it negligent network
management? Was it on-board usererror or lack of training?
So, the question becomes, how do we
secure autonomous cars? The first step
must be a greater awareness by the
manufacturers of the potential cyber
threats. While manufacturers have vast
experience associated with automotive
safety, it is reasonable to suspect they
have less expertise in the dark arts of cyber
36
INTELLIGENTCIO
Additionally, a growing problem with
many IoT devices is that they use
common communications programs that
have no security built into them at all.
As a direct result, an alarming number
of IoT devices to date have been highly
insecure. We need to achieve better
for autonomous cars than what is the
current IoT benchmark today.
At the same time, manufacturers must
work with their different technology
and communications suppliers,
across all of the territories where their
vehicles are sold, to ensure that any
network connections to the vehicles are
appropriately hardened.
Automotive security can be addressed
as three distinct domains that may
make use of similar techniques in some
instances, and require novel treatments
in others.
1
Intra-vehicle communications.
Smart vehicles will have several
distinct on-board systems, such as
vehicle controls systems, entertainment
systems, passenger networking, and even
third-party systems loaded on-demand
by owners. To a certain extent, these
systems will need to engage in “crosstalk” to bring new services to life, but this
cross-talk needs to be closely monitored
and managed by systems such as
firewalls and Intrusion Prevention
Systems (IPS) that can distinguish
between legitimate and normal
communications and illicit activity in the
car’s area network.
www.intelligentcio.com