Cyber security in automotive is about the protection of the software running in the vehicle, as well as the communication between vehicles, smart devices, and the cloud. It is about protecting the vehicle from being taken over by an attacker. Cyber security is also about helping our customers, for example by providing information on how to improve the security of their solutions.
What is the specific challenge of cyber security in automotive?
There are three main challenges.
It is diverse.
The first one is that the automotive domain is very diverse. There are many different types of cars and many different applications that run inside a car. Many different suppliers produce solutions for the car. So security has to be understood and managed from a very large set of components and suppliers.
Cars are evolving.
The second challenge is that the car has evolved. Whereas the first cars were just able to move, today’s cars can do much more things. For example, it can communicate with other cars and with smart devices over the internet. This means that the car is now much more attractive for attackers than it was before.
New features are hard to manage by new users.
The third challenge is that many of these features are new and people don’t necessarily understand how to manage security for them.
The most important thing is to remember that a car is a very complex system with a lot of different pieces and parts. A car is not a single piece of software but many different pieces of software working together to achieve the behavior that the driver expects from the car.
There will always be vulnerabilities.
It is important to understand that no matter what you do from a cyber security point of view, there will always be vulnerabilities. And because there are so many different parts in a car, there will always be many different ways for an attacker to get in and do something bad. This means that we have to have a defense-in-depth approach to be able to provide security in the automotive domain.
So what does a defense-in-depth approach mean?
It means having multiple layers of protection in place to prevent an attack. For instance, from succeeding or mitigate the effects of an attack when it does succeed. In the automotive domain, the hardware must be protected from malicious code running on it.
The software running on top of it must also be protected against attacks both from malicious code running inside the car and from code running outside of it over the internet (for example by updating regularly). And finally, we must make sure that all components work together; and communicate securely with each other (for example by using encryption).
All these protections need to be managed and monitored. Besides, we also need tools and processes in place for them to work correctly and efficiently.
Cyber security in automotive is a complex and evolving domain. We need to study and understand it and we also need to work together with other companies to make sure that we can provide the best solutions we can.