Automotive security has rapidly evolved from door locks and remote keyless entry to the complex world of cybersecurity. Top executives and engineering managers must quickly get up to speed so they can help their design teams architect protective strategies that avoid the breaches seen in retail, banking, and other industries.
As automotive connectivity races into the mainstream, hackers will be increasingly setting their sights on cars. If and when they get into vehicle control systems, the consequences will be high, ranging from injuries or death for drivers/occupants to hefty warranty costs and other expenses for OEMs.
Companies that create strong security programs can benefit significantly, while those that can’t stop an attack could suffer significant problems during the spate of bad publicity that’s sure to follow a successful security breach.
Most specialists say the best security programs are built in from the start of conceptual design, not added on late in the game. Often, that requires direction from high in the corporate structure.
That makes corporate governance one of the key aspects of any cyber program. OEMs and suppliers have to drive security from the top down, putting it high on the requirements for new products.
“If there’s buy-in from the top to make sure the system is secure, there’s more leverage than if some security guy in the bowels of the company suggests adding security functions," said Karl Heimer, a founding partner of AutoImmune Inc., a firm established to address the auto industry’s cybersecurity challenge. "If part of the score sheet is to deliver a secure product, managers will get on a security problem as soon as they see it.”
Heimer will explore the challenges in a day-long SAE International course, "Cybersecurity: An Introduction for the Automotive Sector" (http://training.sae.org/seminars/c1619/), which will help executives and managers understand the many elements needed in a good security system. Heimer’s experience in security extends back to Battelle, where he helped found its Center for Advanced Vehicle Environments to focus on cybersecurity practices for cars.
Another AutoImmune founder, Robert Dekelbaum ("Deker"), will also provide insight for attendees. Before starting AutoImmune, Dekelbaum was the operations officer for Battelle’s Center for Advanced Vehicle Environments. Prior to that, he was a mobile security engineer, security Q/A test engineer, and cybersecurity trainer and lab manager for many projects for the U.S. Department of Defense.
The class is scheduled for November 30 in Troy, MI, and on April 3, 2017, in Detroit. They’ll discuss the many different types of attacks that can target connected vehicles, examining the extremely diverse set of defenses that must be deployed.
No single product or technology can thwart all attempts, so many different components must be enlisted to maintain security. Semiconductors with encryption and other security modules are important components, as are secure operating systems.
They’re among many parts of multi-faceted strategies, often called layered security and defense-in-depth. Though they’re often considered to be the same, Heimer cited some differences.
“Layered security uses a set or products and capabilities that are arranged serially; you go to this, if you beat it, you go to the next hurdle,” he said. “Defense-in-depth uses layers, but it also uses things external to the system to enable those obstacles to work. In a military analogy, layers are a bit like barbed wire, ditches, and walls. When you go to defense-in-depth, you’re adding a guard tower so you can do something when someone starts cutting the barbed wire or filling your ditch.”
This multifaceted approach extends to dealings with suppliers. Heimer also noted that companies must look at products that come in from all parties throughout the supply chain. If counterfeit or compromised parts are deployed in networks, serious problems can arise.
When electronic systems in vehicles fail, they must degrade gracefully without impacting other ECUs, or allow vehicles to shut down safely. In networking and connectivity, maintaining availability is a critical requirement. Vehicle networks must be designed to remain active even when problems occur such as denial-of-service attacks or the failure of an electronic control unit.
“If one ECU fails, it can’t compromise the full network,” Heimer said. “Networks must not go down easily.”