There has been widespread discussion about connected vehicle security, enough material on this is available on the web. Attacks on vehicle has huge implications but if we look around, only top few vehicles are connected and it will take long before all vehicles on the road become part of the connected caravan. This because of the cost associated and average lifetime of a vehicle. Still, any attack on vehicle is of major concern as it relates directly to the human life. Thus vehicle security has to be taken seriously.
There are several opinion out there in security, some referring to a vehicle as a Internet of things (IOT) device but vehicle should not be bunched in the IOT lot. Vehicle is a collection of IOT devices with different services and deserves a different angle for security considerations.
There are several angles from which connected vehicle security should be considered so as to provide a holistic solution:
- Inside vehicle
- Securing of sensing, computing and communications centers as well as systems of vehicle, i.e. various endpoints
- Communication security between these endpoints
- Interface to outside
- Security of communication from/to vehicle
- Management related security
- Servicing and operations security
- Privacy and government
- Privacy of the user, usage etc.
- Lawful (legal implications), regulatory (compliance) and interception(LI) aspects
- Health and insurance
- Service type (car sharing, vehicle as a service, media)related security
- A vehicle is a platform that allows many different services or components to be deployed. Thus security of enterprise providing the services or components and related communication is required.
Designing of secure connected vehicle will require wide range of expertise and thus activities in several fields is needed, leading towards a secure connected vehicle:
- Telecommunications security
- IT security
- Secure design
- Secure development of SW, HW, FW, applications, services and network
- Network design
- Regulations and other legal aspects
- Cyber security
Once a secure vehicle is designed, we will still need means to identify threats, which can be achieved by monitoring and analysis followed by actions based on identified threats. These actions can be based on fixed policy or can be dynamic in nature that would use advanced technologies to learn and adapt.
The above gives a quick holistic view on all that is required to secure a connected vehicle. Lot’s remains to be done.
Last but not least, connected vehicle requires continuous secure life-cycle management with long life of vehicle in mind. This is especially necessary as we move towards the era of secure autonomous vehicle!