Automotive IT security is a topic that has received a lot of attention in the public’s mind. Well-publicized hacking incidents of automobiles, as well as the potentially deadly nature of driving cars have contributed to the consumer public demanding cyber security for cars, as well as manufacturers and their suppliers moving quickly to foresee what the car industry will look like in the future. But what does all this mean for us now in 2017?
As a Chief Security Evangelist, I have the opportunity to talk to a lot of different people all over the world. I address their concerns, while trying my best to give an informed perspective on the topics that matter most to them. In the automotive industry, most people talk about cars of the future, like extensive connections to smart highways and cities, or self-driving cars that will change how we look at automobiles in the first place. But how do those companies and individuals currently producing cars feel about the issue of cyber security?
Through a series of recent meetings, I have had some very interesting conversations with executives from Japan’s top automotive manufacturers and suppliers about car security. Specifically, the conversations centered on a question of balance between achieving security, and what’s essential for security right now. These individuals certainly understand the need for car security and how crucial it is to safety; they also understand that as cars get more connected to different entities, the points of vulnerability that affect safety and customer privacy need to be addressed to stay in business. After even a short discussion, I was left with a deep impression that these top automotive players think about cyber security as a key component to staying relevant and competitive in the industry.
But even with the best of intentions about security, bottom line issues that have a profound effect on profitability cannot be ignored. As such, implementing “auto security” into all makes and models at this point in time would be highly impractical for most companies. A high-end vehicle, for instance, has many more sensor chips compared to lower-end models. Perhaps high-end services could bring in revenues to justify the higher-cost chips for fancy cars; but for economy models, implementing security at the chip level would increase their costs significantly to the point where it would significantly affect profitability.
Then it became clear to me. These individuals defined “automotive security” as having state-of-the-art chips that include encryption features. They were being told by chip producers that they need to update all their chips to handle encryption, one of the main pillars of cyber security. But just because you have secure chips does not mean that you have security. Furthermore, if chips themselves do not result in security, then it is not essential at this very moment. So then these automotive executives asked me, “How then can security be deployed practically in the connected cars of today?”
There are a number of reasons why expensive chips are unnecessary at this moment for all parts of the connected car. The CAN bus, the platform on which chips communicate with one another, cannot support any sort of communications between the chips in the car, thereby making encryption modules for this purpose completely unnecessary. In fact, CAN bus cannot even support all encrypted traffic between today’s car and external entities like cloud services or smart highway infrastructure. Nonetheless, chips that can handle encrypted communications are now available on the market, and chip makers are doing all they can to sell the newer and more expensive chips. While using state-of-the-art chips inside a vehicle can have some benefits, having them in place does not necessarily promote security in any significant way.
What is essential, however, is blocking external attacks on automobiles, regardless of make, model or cost. A secure external gateway that promotes safe external communications with devices, infrastructure, other vehicles, the Cloud, diagnostics, etc., is crucial. Indeed, any components in the connected car that are linked to any external parties need to be secured. This can be accomplished by monitoring the traffic coming into the gateway to control traffic flow, detect malicious traffic, and to preserve data security and privacy.
I believe that having security modules on each component of each car will not be necessary for the foreseeable future. Having encryption on each chip will require faster communications than what is available, as well as advancements on all the services and products, to which the future car will need to connect.
But the limited number of components that do connect to external parties needs to be monitored to protect the driver and everything around his or her automobile. The good news is that, for now, this would allow all vehicles to be safe, regardless of class, make or model. And this level of controlling traffic and detecting attacks from outside the car will not be a significant increase in cost, because for the most part, all of the internal components can remain as they are.
There’s little doubt that a time will come when each component will need to support encrypted communications and PKI authentication, because internal components will communicate outside of the car as well as amongst themselves inside the car. Such sophisticated levels of IT security can be made available in luxury high-end vehicles now; but when looking at all vehicles and their security needs at this moment, perhaps we can limit security to those components in the connected car that faces the outside, and communicates with the outside.
This is a short-term perspective that takes into consideration the most essential components that need to be secured in the cars being rolled out in the next few years. This perspective also takes into consideration the bottom-line realities facing auto manufacturers today: massive changes to their business models that seem both imminent and inevitable. At the same time, we are not compromising on the importance of safety for cars, drivers, and their surroundings. As connected cars come to offer more features and services in the future, there will come a day when we will need comprehensive security in all models, regardless of how much they sell for.
This day may come sooner than anyone may think. It’s just not today.