In a recent survey of software decision-makers in many of the top 20 automakers, the issue of vehicle security was repeatedly mentioned as a growing challenge. Clearly, as the car becomes more connected to itself, to other vehicles, to intelligent infrastructure, and to the automaker’s own data cloud, the security challenge mushrooms into a nontrivial problem to be solved.
Or does it? Can’t automakers just inherit the “state-of-the-art” security in standard IT environments where connected servers are already dealing with similar issues introduced by expanding connectivity? After all, aren’t vehicles these days just like “connected computers” with wheels?
Certainly, there is much to learn from current threat models available from a variety of sources both inside and outside of the automotive industry. The GENIVI Alliance Security Team has collaborated with US- and Europe-based organizations to leverage both general and automotive-specific threat definitions to build out the Alliance’s own Threat Model. But are there inherent challenges to vehicle security that makes GENIVI’s job of defining a secure architecture for in-vehicle systems a really difficult job? Let’s explore a few.
Vehicles are different from standard IT servers in many ways and also differ from consumer electronic (CE) devices. First, vehicles are required to simultaneously support multiple connection methodologies that each represent a unique channel for breach – such as Bluetooth, Wi-Fi, GSM, and NFC – and do all of that both natively and via a connected smartphone. Second, the CPU power, available memory, and power consumption of a vehicle head unit (computer) is optimized for a vehicle environment that severely limits the applicability of strong algorithms and complex cybersecurity programs that are typically executed on servers. Third, most vehicles today must provide server functions (e.g., mirroring, USB master, Bluetooth server, etc.) and, like CE devices, be a client of services provided both inside and outside the vehicle. Fourth, because of certain safety requirements (e.g., availability of a rearview camera display), vehicles have a “fast boot” requirement that hinders standard IT approaches such as “start-up” security scans. And finally, because of the 10-plus year lifecycle of a vehicle, automakers must create a secure approach for repeated software updates, most of which must be done securely over the air.
As you can see from just a few of the long list of unique characteristics, securing a connected vehicle is not a simple task. While general security approaches are available in standard IT and other industries, a significant amount of work is needed to apply those general approaches to the unique and ever-changing context of a connected vehicle. The GENIVI Alliance has accepted the challenge and welcomes additional collaboration on this topic in the context of its Security Team. To get involved with securing the connected car, email.