Connected cars have developed new features to create even better experiences for travelers on the road. Think internet connectivity, infotainment systems, intelligent V2X communication and more. But, care must be taken to prevent hackers from breaking into these systems. Enter: automotive cybersecurity.
Vehicles have tons of data being generated, exchanged, and analyzed that needs to be protected. If a cyber attacker were to get control of such data, it could potentially put the lives of drivers and passengers at risk. The goal, then, is to protect automobiles from unauthorized access, manipulation, or damage. That means helping car manufacturers find better ways to protect the algorithms, networks, and systems of the vehicles they produce. As Dan Sahar, Vice President of Product at Upstream Security, states, protecting road travelers takes proactive measures.
“By having vehicle data, OEMs are able to distill a lot of insights through analytics that can be used in cybersecurity for proactive threat hunting, and on the operations side to run their cars more efficiently,” says Dan Sahar.
The Growing Role of IoT in Vehicles
Vehicles are increasingly becoming more connected to the Internet. In fact, there will be an estimated 64 million connected cars shipped around the world in 2019 alone. That means more software being used for infotainment and navigation systems. More code to develop advanced driver assistance and life-saving car safety features. It even means more onboard computing to manage vehicle services, fleets, electronic tolling, and much more.
However, such connectivity could leave the door open for hackers. After all, connected cars use both software and hardware in an advanced platform powered by the Internet of Things. Tampered messages or unauthorized accesses from third parties could put drivers and passengers at risk. To monitor such situations, some companies are using machine learning in their automotive cybersecurity operations. “A connected car is like a very complex, IoT platform,” describes Dan Sahar. “We use machine learning to aggregate all the data feeds… to establish profiles of the normal behavior of vehicles and groups of vehicle applications. Ultimately, our goal is to discover anomalies.”
Data Challenges to Automotive Cybersecurity
That’s not to say that these connections to the Internet are always smooth. Take smartphones, for example. Poor network coverage can lead to fuzzy communication, unsent messages and dropped calls. In the same way, vehicle-to-vehicle and vehicle-to-infrastructure communication need to be robust to deliver quality services to travelers.
One set of issues deals with data volume, variety, and velocity. Vehicle safety systems need real-time data collection and processing to inform split-second driving decisions. As cars become more connected and autonomous, massive driving data is being generated by cameras, LIDAR, radar, and other sensors. Add to this number nearly 100 million electronic control units in today’s vehicles and the storage challenges of smart driving become clear. Finding the key signals within this data could lead to safer driving that saves passenger and driver lives.
Another big challenge to automotive cybersecurity is cost. Installing new security hardware into automobiles could create longer manufacturing cycles, leading to higher labor costs. In turn, these expenses might be passed down to consumers in the form of higher vehicle retail prices. To help with this issue, some companies are turning to software-as-a-service solutions. “When you want to protect not just the car, but the services around it, the only way to do that in vehicles on the road today is through the cloud,” says Dan Sahar. Using cloud-enabled, automotive cybersecurity helps secure vehicle data at scale. Upstream Security also maintains a robust application for its users to gain real-time alerts, reporting, and visibility into the full automotive stack.
Current Approaches to Protect Vehicles from Hackers
Both individual vehicles and fleets of automobiles have cybersecurity risks to address. Consider this idea: a fence is only as strong as its weakest link. The same concept holds for vehicle fleet cybersecurity — securing telematics communications between vehicles and a central command and control server. Since these systems are linked, there is a general framework that takes into account different security scenarios.
The first level is proactive threat detection and response. This involves ideas such as anomaly detection to understand typical driver behaviors. By creating a real-time investigative workbench, risky driving actions can be more efficiently identified and resolved. In the event that an attack has taken place or is underway, the next step is to have a resilient defense system. Upstream allows its users to customize their policy actions and violations, automating cybersecurity workflows. On a larger scale, creating standard automotive cybersecurity processes can help automakers across the industry more rapidly adopt best practices.
Multiple Layers Needed in Automotive Cybersecurity
So, what does protecting fleets of vehicles from cyber threats look like in practice? Artificial intelligence and machine learning are helping make sense of the data. After being encrypted by a central server, data about driving actions are sent to the Upstream Cybersecurity Platform for analysis, normalization, and anonymization. This workflow helps prevent breaches, Denial of Service attacks, ransomware, and theft of intellectual property.
“Now, car manufacturers are building something called a ‘mobility SOC’ or ‘vehicle SOC’,” explains Dan Sahar. “This is a ‘Security Operations Center’ designed to detect and respond to incidents in vehicles… It’s a new approach to products with connectivity and making sure they are secure and safe.”
SOCs are purpose-built to protect drivers and passengers during travel. The architecture starts with a detection system to capture in-vehicle cybersecurity events. Then, these data points are fed to a mobility SIEM (Security Incident and Event Management) application to create a contextualized incident report. Finally, the incident is fed to an enterprise’s workflow to trigger a proper response and triage by one or more security analysts. By investing in automotive cybersecurity, the automotive industry can help make driving an even safer experience for drivers and passengers alike.