The connected car is rapidly reshaping the automotive landscape, turning drivers into subscribers and presenting all sorts of exciting new revenue-generating and subscriber-satisfaction opportunities. But to take advantage of the vast potential just down the road, recognition that connected car cybersecurity as the enabler is urgently called for. OEMs and Tier 1s need to make a sharp turn in their approach to connected vehicle vulnerabilities and security.
Vehicles as Specialized Endpoints
GuardKnox concurs with the Alliance for Telecommunications Industry Solutions (ATIS) that a connected-vehicle platform can be regarded as an “endpoint connected to various networks to receive and send communication, infotainment and control data”. But we must not draw the mistaken conclusion that security mechanisms that are applied to endpoints in an Information and Communication Technology (ICT) network are acceptable for connected car data protection within the connected vehicle. The stakes and constraints are quite different. Thus, appropriate security mechanisms for ICT networks are inappropriate for connected car data protection and passenger safety within a vehicle. How so?
There is a certain resilience level in the ICT network that doesn’t exist in the world of intelligent transportation. In the former, most problems can be solved with a quick install, update or configuration change. In cases where data is lost or corrupted, it can be restored from a backup. Even in the worst-case scenario of total system failure, automatic failover to a disaster recovery site is available.
Not so with connected vehicles. While an input error on an ICT endpoint might result in the storage of an incorrect address or an error in payment amount, a simple mistake in a command in one of a vehicle’s ECUs could cause a dangerous system failure and result in a collision or worse. In case of total system failure, a car can’t “fail over” to another car. Passengers don’t enjoy the luxury of a “do-over” when the brakes go out!
Security within the Vehicle - The Layer that Affects Us the Most
To guarantee the proper and safe function of the connected car data protection and privacy it generates, every layer in the value chain must be secure. From in-vehicle chipsets, devices, buses and applications to communications with cloud services, telemetry and other external platforms, each packet of information and every command must be verified and authenticated.
However, the most critical layer is within the vehicle itself. Our physical safety as well as the dependable performance of the vehicle that transports us depend on reliable instructions between ECUs and sensors, across ECUs and over myriad data buses. GuardKnox’s patented Communication Lockdown™ technology guarantees the security of data transmissions and guards the confidentiality and integrity of the growing accumulation of performance and personal data generated by the connected vehicle. Unlike ICT cybersecurity, Communication Lockdown™ is deterministic and attack-agnostic—well-suited to connected vehicles.
Threat Intelligence, Heuristics, Machine Learning – Always a Step Behind
To combat hackers, ICT cyberssecurity services rely on the collection of threat intelligence, a growing compendium of past and current cyberattacks (already hundreds of millions). A threat-intelligence feed enables endpoints to compare files and messages with known attacks to identify and, if necessary, to thwart them.
Threat intelligence, however it is constructed and disseminated, deals with known past and current attacks, not new, innovative ones. It is through heuristics and machine learning that cyber-defense mechanisms learn about new attacks and how to combat them. But who has time in a traveling vehicle to undertake a learning exercise?
Communication Lockdown Methodology
A vehicle-specific approach to cyber security is necessary: a deterministic methodology that ascertains that all ECUs within the car behave within acceptable parameters at all times. A methodology that does not embark on belated attempts to identify and mitigate attacks, but that is agnostic to attack.
Bringing innovative knowledge and experience from the military where Communication Lockdown™ methodology is employed to protect F35 fighter jets and anti-missile systems, GuardKnox applies this methodology to the connected vehicle. Creating a formal and mathematically verifiable model of the execution of the ECUs within the vehicle, GuardKnox has crafted comprehensive state machines for the ECUs in the car (today, there can be more than 150), providing the ultimate protection within the vehicle.
ECU modules typically perform predictable functions, so they should always be in a known state, with known acceptable behaviors. Any attempt to cause an ECU, for any reason whatsoever, to execute a faulty instruction that produces an unacceptable behavior is disallowed. The vehicle always operates within its prescribed behavior at every state.
Because it provides these advantages:
- One central lockdown security device can manage the security for the entire vehicle
- A dedicated lockdown device can be easily installed for any segment or ECU
- Validation and authentication occur on all ECU-to-ECU and ECU-to-HEU traffic
- Enforcement of the proper behavior of the vehicle within acceptable limits
- Performance and user data are protected within the vehicle and transmitted securely
Clearly, Communication Lockdown™ is the most appropriate approach to cybersecurity for the in-vehicle layer.
To learn more about how GuardKnox’s technology uniquely delivers Communication Lockdown™ and guarantees the proper and safe function of the connected vehicle and protection of its data, contact us today using the form at the bottom of the page.