Enabling Connected Vehicle Services with Palo Alto Networks©
November 29, 2018A key milestone on the way to fully autonomous (self-driving) vehicles is connecting cars to the Internet. These vehicles, also called “connected cars”, offer a variety of operational benefits and cost-savings to OEMs and fleet management companies such as:
-
Upgraded telematics with user functionality
-
Fleet management
-
Driver behaviors and patterns based on in-vehicle data
Although many of the recently publicized car thefts are executed through vulnerabilities of the Remote Keyless Entry (RKE) systems, vehicles are actually at risk during over-the-air (OTA) software updates, data transfer, downloadable service upgrades in which external sources are directly communicating with a variety of a vehicle’s 100-150 computers (ECUs).
The Necessity For End-to-End Security
The potential risks of OTA updates are two-fold:
-
Hackers could access an ECU or any domain controller to perform a variety of malicious actions or to steal the vehicle
-
Hackers could manipulate data during transfer in order to steal personal information, overcome a vehicle’s security mechanisms or even take control of the car.
As such it is imperative to have an end-to-end cybersecurity system that can ensure the integrity and security of both the internal and external vehicle networks.
The Palo Alto Networks® – GuardKnox Partnership
The Palo Alto Networks® and GuardKnox partnership creates an end-to-end cybersecurity solution that combines secure in-vehicle communication lockdown with a secure communication channel between the vehicle and remote databases at OEMs, fleet management companies, car dealerships and mobile app stores.
External network security between the vehicle and the OEM cloud is provided by the Palo Alto Networks® GlobalProtect™ secure communication channel while in-vehicle network security is provided by the GuardKnox product line. Palo Alto Networks®’s shared network ownership model reduces the operational burden of deploying its GlobalProtect security to connected cars. Palo Alto Networks® manages the cloud network infrastructure, ensuring reliability, scalability and availability while the OEM, fleet management company or dealership focuses their efforts on deploying their OTA updates.
GuardKnox's Communication Lockdown™ methodology provides the highest level of in-vehicle security by permitting only authorized communication, examining their routing, content, and contextual layers and locking every field in every message within the vehicle to prevent unauthorized manipulation. By utilizing these strict rule sets, only vetted communication is passed onto the in-vehicle network.
Securing OTA Updates for the Future — and Today
OEMs, fleet management companies, and providers of ride-sharing applications (to name a few examples) can save time and earn more money by integrating the combined Palo Alto Networks®-GuardKnox end-to-end solution to provide cybersecurity for:
-
Periodic OTA maintenance and new feature updates
-
Generating new revenues from downloadable premium configurations or personalized functionality including engine tuning, gear shifting, suspension performance and more.
-
Scheduling proactive maintenance at services centers
-
Gathering data about driving habits
-
Storing driving preferences of multiple drivers of the same vehicle
If you’d like to learn more about how you can mitigate cybersecurity risks, ransomware attempts, and cyber hacks to connected vehicles, download our eBook here.