Getting Started with a Connected Vehicle Cybersecurity Solution
May 31, 2019The automotive industry has arguably seen one of the biggest transformations in the digital age as the paradigm has shifted: vehicles are no longer solely used for getting from point A to B, but rather are becoming more and more like computing devices on wheels with millions of lines of code (about 1,000x more than the Apollo mission needed to put Neil Armstrong to the moon!) and applications – mission critical or not - from engine performance to infotainment. Many have come to think of our vehicles as smartphones on wheels.
Communication is not only with in-vehicle, but outside the vehicle as well: remote keyless entry fobs, service center computers, over-the-air updates from OEMs, infotainment vendors and much more. To protect personal data and sensitive information--or even the vehicle itself-- communication between the vehicle and external third-parties must be secured from end to end, from within the vehicle itself to the cloud and OEM operation centers. Each time a driver gets into a car, they need to know and feel that they are not only secure but also safe.
The GuardKnox - Palo Alto Networks™ End-to-End Joint Solution
The joint GuardKnox – Palo Alto Networks™ solution provides end-to-end cybersecurity for connected vehicles with in-vehicle security, channel security that protects data in-transit from manipulation, and a secure, scalable cloud.
The GuardKnox solution is available as a hardware and complete software stack device that sits in the vehicle and locks all communication inside the vehicle. Every bit and every field in every message is scrutinized in real-time for compliance with a set of rules developed by GuardKnox with the individual OEM specifications. These rules cover three layers of communication:
- The physical separation between networks
- The locking down of every bit of every field and message
- A unique “state machine” that compares the state of the network with what the car is doing.
These actions prevent unauthorized manipulation of data and ensure that only vetted communication is passed onto the in-vehicle network, bringing proven techniques for protecting connected fighter jets into the automotive world.
In addition, GuardKnox provides a Service-Oriented Architecture that securely hosts different applications. Every application lies in its own compartment, with a hypervisor to protect the applications from each other, and enabling a variety of operating systems with different capabilities to co-exist without endangering each other should any application be compromised. This allows multiple types of data to be sent from the vehicle to different service providers in real-time.
Outside the vehicle, Palo Alto Networks GlobalProtect™ network security for the connected car extends the Palo Alto Networks™ Next-Generation Security Platform to the connected car by leveraging a firewall-as-a-service to establish a secure channel from the vehicle to the cloud where the OEM can offload their data. All data is inspected in-transit, so it is protected from ransomware and malicious activities. In addition, the Palo Alto Networks™’s secure cloud allows OEMs to securely move data to their private data center or to another cloud without the risk of having data breached or stolen.
The use of firewall-as-a-service ensures that the solution is sufficiently scalable for the expected rapid growth of connected cars on the road—and the 11 petabytes of data that will be produced annually by 2025.
The Benefits of an End-to-End Solution
In the automotive market, industry standards are critically important due to government regulations and the physical risks of operating a vehicle. When GuardKnox and Palo Alto Networks™ provide a solution that meets established safety and cybersecurity standards, this assures OEMs and other customers that the solution is secure according to safety and criteria generally accepted across the industry—without relying on just the say-so of GuardKnox and Palo Alto Networks™.
The use of strict methodologies such as SSL encryption also enables the inspection of data in fundamentally different ways.
By combining the two solutions from GuardKnox and Palo Alto Networks™, OEMs can receive a holistic solution with protection from inside the vehicle, through the channel and into the data center of the OEM. This solution will enable OEMs to take advantage of one-stop-shopping for their vehicle cybersecurity. In addition, because of the trust between the origin and destination for the information, all data can also be encrypted and decrypted using a shared key.
As the connected vehicle becomes increasingly regarded as a smartphone on wheels, consumers will be able to buy and rent applications and store them in a secure manner. The end-to-end solution from GuardKnox and Palo Alto Networks™ offers security across each component of the communication channel that can affect or protect the data: inside the vehicle, the transmission channel, and the OEM cloud itself—offering the maximum security for the passengers in the connected vehicles.