REGISTER | LOGIN
Breaking News
News & Analysis

Auto Cybersecurity Dissected: Who, Where & What

8/25/2016 07:01 PM EDT
3 comments
NO RATINGS
1 saves
Page 1 / 5 Next >
More Related Links
View Comments: Newest First | Oldest First | Threaded View
KurtShuler
User Rank
Author
We need security standards like we have for functional safety (ISO 26262)
KurtShuler   8/30/2016 3:00:00 PM
NO RATINGS
Junko, great article!

One of the elephants in the room is that there are really no system-level security standards for autos. There are voluntary standards, and reuse of existing standards in the PC/enterprise space (TPM, encryption, etc.), but nobody is tasked to look at the complete system as a whole for security vulnerabilities.

With regards to safety, the industry has really evangalized the ISO 26262 efforts in functional safety. One of the issues we deal with at the SAE / ISO working group level is that we don't know how much security use cases should be considered in our functional safety work.

Functional safety faults are initiated by random chance, design flaws, manufacturing flows and non-intentional/intended human acts. Our focus is on events resulting from these initiators (I'm simplifying here, but bear with me). We generally do not focus on how to address faults/failures/behaviors that are intentionaly created by one or more human beings with evil intent.

The industry generally sees security as a separate domain than functional safety, while acknowledging that faults in security can lead to functional safety failures. They are currently different domains with a different set of experts who don't work together much. Should ISO 26262 tackle this issue? Or should there be separate international mandatory standards for safety? Or none/voluntary standards?

My concern is that failure to have an international standard for security will open up all automobiles and electronic driving infrastructure to hackers, resulting in all kinds of safety issues and slowing down adoption of new technologies. The weakest link determines the strength of the chain.

After all, all it takes is one compromised attack surface, like an automotive Bluetooth or stoplight wireless connection, to open up the entire system to malfeasance. With the new technology coming online, the "entire system" can be EVERYTHING on the road (and beside it).

 

DrewTech
User Rank
Author
The only REAL security
DrewTech   8/29/2016 10:50:41 AM
NO RATINGS
No matter what anyone says, the only sure way to secure the critical safety systems of the vehicle from the infotainment systems is to "air gap" them. They should not be connected in any way. Looks like a bunch of snake oil salesmen are going to try and make a quick buck by convincing OEMs to use their cyber security software. What a joke. As long as these systems are connected they will remain vulnerable. Maybe the government needs to step in and make sure tthat these systems are kept apart? 

Don Herres
User Rank
Author
What is the cost of not spending on this?
Don Herres   8/26/2016 12:46:56 PM
NO RATINGS
From the article, "In a report entitled "Automotive Cybersecurity and Connected Car" just released, IHS Markit's Juliussen projects the size of the market for cybersecurity software in 2016 at $11 million."

Chrysler had to recall 1.4 million vehicles last year.  That is a spend of <$10 per vehicle to prevent another recall with far more cost if there is liability litigation.

Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed