This blog was updated in July 2021
Vehicles today are defined by their software, but are they designed for the complexity and challenges associated with their software? With so much connectivity on the road, vehicles must be secure by design just like laptops and desktops on a private network.
With over 100 ECUs in each vehicle and 100s of millions of lines of code, the overwhelming amount of software can cause engineers to spend weeks trying to find a single bug that is compromising or damaging vehicle safety, performance, and/or functionality.
Some of the greatest advances in vehicle connectivity are quickly becoming the biggest threats to automotive cybersecurity and the traditional IT cybersecurity methods will just not cut it.
If we compare vehicles to traditional IT networks, each vehicle is a virtual local area network with numerous endpoints (every ECU can be considered an endpoint). Just like IT local area networks and endpoints, they are subject to cyberattacks.
Manufacturers must implement powerful automotive cybersecurity mechanisms even more extensive than those used for IT cybersecurity. Approaches used for IT cybersecurity are relevant for certain subsystems of a connected vehicle, but for others a vehicle-specific approach to connected car data and safety protection is required.
The connected vehicle ecosystem can be split into five interlinked subsystems:
So what is automotive cybersecurity and what makes it different from IT security?
The connected vehicle requires enormous processing power, vast data storage and numerous communication channels. Virtually all of the vehicle’s functional subsystems participate in the layered network shown above and all of them have been subject to attacks by white-hat and black-hat hackers.
Traditional IPS and IDS technologies provide adequate safeguards and reporting for the non-safety-related, open subsystems in layers 3-5 and depend on heuristics, machine learning and other reactive methods to identify and deal with attacks.
However, as we move to Safety-Critical operations in layers 1 & 2, connected cars must be maintained as closed systems with a deterministic capability that is preventative as opposed to reactive. It is after all, a matter of life and death!
While losing use of the radio or suffering data leakage, while unpleasant or somewhat damaging, do not endanger the safety of passengers. However, the same cannot be said for layer 1 & 2 Sensors and V2V Communication as well as all Safety Critical functions. Here, we need perfect, deterministic cybersecurity in real-time.
Relevant sensors and gateways include:
Safety Critical Subsystems include:
In this case, we are ultimately concerned with the kinds of attacks that can endanger life and property and which explains the importance of automotive cybersecurity:
A deterministic approach to cybersecurity at the Safety Critical level is mandatory for passenger and vehicle safety. Here, we cannot rely on the post-event remediation methods of IT cybersecurity. False positives and false negatives are not an option when lives are on the line.
The components of the Safety Critical Subsystem play a crucial role in preserving the safety of the vehicle, its driver and passengers. In this case, implementation of the cybersecurity solution has to comply with very strict requirements as our lives depend on it:
Driver preferences and desires have changed dramatically. Consumers want customized experiences and the industry is adapting to answer those needs. Increased personalization and connectivity mean more software, but that does not need to mean greater vulnerability.
Deterministic security (or secure by design) demands that all potential operating permutations must be modeled comprehensively and that any communication or process execution is unable to take the subsystem out of the realm of acceptable behavior. The security mechanism’s threat-agnosticism means that attacks of any type (foreseen or not) and from any source cannot compromise any safety-critical ECU or communication.
Secure by design vehicles enable OEMs to provide an advanced driver experience without compromising on automotive cybersecurity.
GuardKnox’s deterministic cybersecurity methodology, Communication Lockdown™, answers the requirements of the Safety Critical Subsystem for the connected car. Its fully deterministic, closed-system approach does not look for attacks but ensures that the vehicle continues to function as it was designed. The security design has no need for cloud connectivity nor for ongoing updates so no malware can sneak in and corrupt the safety requirements of the vehicle.