Security Brief for Connected Automotives
Introduction
The question of which companies will dominate the automotive industry in coming years is being decided in the contest to produce Internet-connected cars. Intel predicts 120 million vehicles with varying degrees of automation will be on our roads by 2030. (Shot, 2016).The development and popular adoption of automotive data connectivity and autonomous navigation will have major consequences for IT professionals in many industries who will be expected to provide a variety of IT services to consumers and employees through cars that in themselves are mobile computing platforms.
Automotive Security Issues
Because connected cars intersect the categories of Internet-of-things consumer products and critical transportation infrastructure, they are prime targets for attack methods consistent with several types of threat actors. One can easily imagine criminals adapting ransomware to lock passengers in a vehicle until a ransom is paid. Or, a hostile nation-state or terrorist group planting malware in cars causing multiple accidents that paralyze a major city. Car data might be used in surveillance to locate high value individuals for corporate and nation-based espionage. In addition, using the Internet, attackers could infect cars’ computers with bots to use in DDoS attacks, phishing and other cybercrimes. Given the growing number and sophistication of cyber-attacks, preventing attacks on the systems and data in cars must be a primary concern for everyone involved in information technology.
Although today we see only the tip of the connected-car iceberg, new cars already carry the computing power of 20 personal computers and process roughly 100 million lines of software code. (Company, 2014). In the rush to deliver first, it is safe to assume that all this software has not been thoroughly examined and emended for exploitable zero-day vulnerabilities. Compounding the issue of software vulnerabilities is the difference in product lifecycles between the automotive industry and the mobile device industry. Mobile device manufacturers continuously release new operating system upgrades, applications and security software patches for smartphones and tablets. Car manufacturers work on five-year cycles (Forbes) and will likely require a culture change to provide timely security patches for automotive software, leaving cars vulnerable to malware for extended periods of time.
HDBaseT Alliance for Automotive Security
Spearheading initiatives for connected automotive security is the HDBase T alliance. This industry group advances and promotes the adoption of HDBaseT technology as the global standard for ultra-high-definition, digital connectivity. Members include LG Electronics, Samsung Electronics, Sony Pictures Entertainment, and Valens. Recently Check Point Software Technologies joined the HDBase Alliance as an associate member. Check Point is well positioned to lead the alliance’s Cyber Security subgroup of the Automotive Working Group as Check Point security engineers can provide expert guidance in the areas of advanced threat prevention against multiple attack vectors, mobile security, virtual patching and other issues critical for automotive manufacturers to provide connected cars that are safe from malware and other threats to user safety and privacy.
Works Cited
Forbes.com. [Online] [Cited: December 16, 2016.] http://www.forbes.com/pictures/mkk45ihlk/cars-take-longer-to-develop-than-smartphones/#6ea68a2c7a98.
Company, McKinsey &. 2014. What’s driving the Connected Car. McKinsey & Company. [Online] September 2014. [Cited: December 16, 2016.] http://www.mckinsey.com/industries/automotive-and-assembly/our-insights/whats-driving-the-connected-car.
Shot, Chip. 2016. Intel Accelerates Autonomous Driving Vision at IDF Investor Day. Intel.com. [Online] August 18, 2016. [Cited: December 16, 2016.] https://newsroom.intel.com/chip-shots/intel-accelerates-autonomous-driving-vision-idf-investor-day/.