Control the code, control the road: achieving operational resilience
Amid an exponential rise in the complexity of today's vehicles, where more than 40% of vehicle architecture now consists of electronics, cybersecurity is one of the most pressing challenges facing the industry says Anthony Martin, Head of Vehicle Resilience Technologies at HORIBA MIRA. Here, in a guest post for just-auto, he explains why prioritising operational resilience from the design stages of a vehicle is a must for ensuring their safety, security and functionality.
There's no denying that today's vehicles are more complex than ever before. Recent years have seen huge leaps in technologies designed to enable shared, connected, intelligent, automated and electrified solutions. Indeed, a modern car now contains around 100 million lines of software code, and is expected to have around 300 million lines of code by 2030. For comparison, a passenger plane has around 15 million. As we move towards autonomous driving the role of the driver will be progressively removed to increase safety. At the same time, wireless connections between vehicles and external networks such as dedicated cloud servers, the internet and Intelligent Transport Systems (ITS) will not only support autonomous driving features but also open a vast commercial landscape where data is the new currency. Despite the evident long-term socio-economic benefits this presents for the end-user and society, emerging technologies are also driving some of the most pressing challenges our industry has ever faced – the most urgent of which is cybersecurity. Our industry is embarking on a journey that will create the most complex super-systems on the planet. The inherent difficulty is ensuring such systems not only operate reliably, but also improve the safety, convenience and environmental impact of mobility, whilst operating within an IT infrastructure that is under increasing scrutiny for its security risks.
Rapid changes in vehicle architectures and wireless connectivity are increasing the risk of cybercrime within the automotive industry, with the vehicle and back-end systems very real targets for criminals.
" Rapid changes in vehicle architectures and wireless connectivity are increasing the risk of cybercrime within the automotive industry, with the vehicle and back-end systems very real targets for criminals. "
Cybersecurity throughout the lifecycle of the vehicle (from design through to decommissioning) is more important than ever.
Certainly, providing vehicle resilience services is already a burgeoning market and it will grow further.
A major factor in this is public 'trust' – customers expect robust security as a standard and are unlikely to seriously consider adopting connected and autonomous vehicles (CAVs) unless this is publicly proven and monitored regularly.
As vehicle manufacturers face ever-greater pressures to invest in strong cybersecurity measures in their product lines, many are taking a 'safety first' approach to design, one that factors in operational resilience right from the offset.
Risk-based operational resilience
For instance, vehicle development has previously relied on satisfying standards for well-known and basic vehicle technologies. However, it is now widely acknowledged this approach will not adequately reduce the risk of catastrophic failure with the rapid uptake of highly complex new technologies. This is especially true as we move towards the mass deployment of emerging technologies in CAVs.
Instead, prioritising risk-based cybersecurity in the product and service design stages, along with new approaches for operational resilience, are a must for sustainably ensuring the safety, security and functionality of future mobility.
Although many have been vocal about the need for vehicle manufacturers to 'stay one step ahead of the attackers', in reality that is impossible.
This is an asymmetric problem where our adversary is human, unencumbered by rules and in some cases resources, and can exist in overwhelming numbers. Whereas vehicle manufacturers and their suppliers have only finite resources and are limited in their approach so as not to hinder the convenience of the feature they are trying to secure.
For example, let's consider the popular topic of keyless entry. There has always been a longstanding battle between the convenience of not getting your keys out, and the vulnerability of the enabling technology. While the easy answer would be to remove the technology and the feature, you must ask yourself why that is not really an option. Simply put, these features sell cars and the technologies drive economies.
Yet, we need only look at the high-profile attacks and breaches in other sectors to understand the enormity of the task the automotive industry is currently facing. Essentially, we need to accelerate the maturity and sophistication of our cybersecurity solution quickly and effectively.
On the defence
So how do we do this? What we do know is that no silver bullet exists. There isn't a single process, test, or off-the-shelf 'solution' that will instantly transform the situation. Significant work throughout the industry is now converging on the development and implementation of a multifaceted approach that will evolve throughout the entire vehicle life-cycle, from concept through to operation.
A defence in-depth approach must be taken, which involves building in a set of layered security measures aimed at preventing, detecting, understanding and responding to attacks. This method must start at the very beginning of the product lifecycle and be embedded in all stages: from initial concept through development, production, operation, maintenance, and decommissioning.
" A defence in-depth approach must be taken, which involves building in a set of layered security measures aimed at preventing, detecting, understanding and responding to attacks."
Key to the success of this approach is ongoing monitoring during the operation of connected vehicles to ensure that when issues do occur, we can detect them, fully understand them, and react to them in the most effective way.
Operational monitoring also has a fundamental role to play in informing the risk-based approaches used at the design and development stages of our products and services. Related to this is the need to ensure that vehicle architectures are flexible enough to accept both proactive and reactive software updates, and that this engineering effort can provide a measured level of resilience. In this way the cost of cybersecurity can be balanced throughout the entire vehicle life-cycle.
Currently, the industry stands on the precipice of a revolution, seeking assurance about the level of cybersecurity built into their products and services, and second guessing their operational cybersecurity performance. Placing connected vehicles into service without a robust end-to-end operational monitoring solution would be catastrophic for the development of sustainable automotive cybersecurity, for the safety of our industry's products and services, and for understanding the level of cybersecurity built into vehicles and its effectiveness.
While we will never be able to attain zero risk, as an industry we can develop vehicles using the best engineering and test practices, and then we must respond to issues arising in operation as they occur. Of course, we know a significant amount, and we can accelerate our learnings in safe and controlled environments using development Security Operations Centres. These environments need to be designed specifically for vehicles, and must adequately mimic the super-system within which vehicles must operate to ensure real world modes of operation.
In addition, we can develop advanced techniques to support cybersecurity event detection, understanding and response. To this end, having developed risk-based automotive cybersecurity for more than a decade, HORIBA MIRA has been pushing the boundaries of automotive cybersecurity since the EU-supported EVITA project. Building on this experience, we look forward to announcing some exciting projects and collaborations throughout 2020 as we continue to develop solutions to ensure the resilience of future mobility.
A long road ahead
The global automotive industry is in the midst of unprecedented change, the likes of which has never been seen before. Whilst this presents untold opportunities for future mobility, the UK has a critical role to play in building trust in emerging CAV technologies – namely through addressing the rising challenge of cybersecurity.
The good news is that as a nation we have a strong history in cybersecurity, a growing number of state-of-the-art facilities including Testbed UK, the internationally recognised role of the National Cyber Security Centre (NCSC) and world acclaimed academic expertise at our disposal. However, key to the success of this area will be a unified industry-led collaborative approach to tackling the global issue prioritising risk-based cybersecurity from the early development stages of future mobility.