At the outset, let’s acquiesce to the fact that automobiles are a big force for change and development. Automotive Sector, unlike other sectors, is faced with significant transformational concepts. Global automotive majors as well as economies are re-evaluating their strategies to maximize the use of technology and derive handsome benefits out of it, thereby enhancing customer delight; concurrently be seen as real innovators and disruptors of the domain. Indubitably, more computer systems are being installed in vehicles to help with everything from safety to navigation. The concept of intelligent and smart cars, which drive themselves and let the passenger indulge in other productive tasks, is soon going to be a reality – given the fact that organizations have had real success in putting self-driven cars on roads.
So, while you sip coffee and read blogs on your car’s windscreen, your car manoeuvres around on its own. As exciting this might sound, it’s also possible that your vehicle gets sabotaged and you can’t do a thing. Anything getting online is exposed to the full force of malicious activities surfacing over the Internet. And when something as complex as a modern car or truck is concerned, assessing the scope of threat is an immense job, and an attack surface may be left unprotected unintentionally. A few use cases may help to illustrate potential threats, describe the attackers, and explore general approaches to mitigation.
Many security risks now extend to vehicles—malware, Trojans, buffer overflow exploits, and privilege escalation. The automotive sector is seriously considering securing the in-vehicle IT systems against the cyber security threats that might emerge. Vehicle hardware ought to have built-in security features that help protect safety critical systems, and auto control systems being isolated from communications based functions like navigation and satellite radio.
With cars incorporating up to 100 ECUs (Engine Control Units), they are approaching the upper boundaries of the wiring harness, which is one reason the industry is moving towards greater integration and virtualization, reducing the total number of ECUs but increasing the number of functions and complexity of the software. The resulting attack surface is broad, touching most in-vehicle systems, and an increasingly wide range of external networks; from Wi-Fi, cellular networks, and the Internet to service garages, toll roads, drive-through windows, gas stations, and a rapidly growing list of automotive and aftermarket applications. CAN (Controller Area Network) bus is an important capability when addressing functional safety and security issues. It is essential that any external point of interconnection to the CAN bus is adequately protected. This should include connections to consumer interfaces, such as the vehicle head unit.
The automotive world needs to be cognizant of scenarios including but not limited to Automotive Hacktivism, Immobilisation (Sabotaging of the vehicle), industrial espionage, terrorism, etc.
Automotive innovation is driving the need for built-in security solutions and architectural design to mitigate emerging threats. The goal for automotive security products is to ensure that the new vehicle paradigm is protected and can operate to its full potential, even in a malicious operating environment. Automakers are trying to employ proven security techniques to help prevent unauthorized access to software and software updates, requiring special codes.
Alike other industries, auto engineers use threat modelling and simulated attacks with the latest methods – to test security and help design controls – to enhance data integrity. Security for complex systems like these is a collaborative effort, requiring a holistic approach, with the involvement and contribution of the supply chain and the broader ecosystem. Effective security cannot be achieved by dealing with individual components, threats, or attack points. Unlike traditional computer systems, initiation and consequences in both the cyber and physical world are possible over vehicle attack surfaces, making it more challenging to protect the vehicle’s systems.