There has been widespread discussion about connected vehicle security, enough material on this is available on the web. Attacks on vehicle has huge implications but if we look around, only top few vehicles are connected and it will take long before all vehicles on the road become part of the connected caravan. This because of the cost associated and average lifetime of a vehicle. Still, any attack on vehicle is of major concern as it relates directly to the human life. Thus vehicle security has to be taken seriously.
There are several opinion out there in security, some referring to a vehicle as a Internet of things (IOT) device but vehicle should not be bunched in the IOT lot. Vehicle is a collection of IOT devices with different services and deserves a different angle for security considerations.
There are several angles from which connected vehicle security should be considered so as to provide a holistic solution:
- Inside vehicle
- Securing of sensing, computing and communications centers as well as systems of vehicle, i.e. various endpoints
- Communication security between these endpoints
- Interface to outside
- Security of communication from/to vehicle
- Management related security
- Servicing and operations security
- Privacy and government
- Privacy of the user, usage etc.
- Lawful (legal implications), regulatory (compliance) and interception(LI) aspects
- Health and insurance
- Service type (car sharing, vehicle as a service, media)related security
- A vehicle is a platform that allows many different services or components to be deployed. Thus security of enterprise providing the services or components and related communication is required.
Designing of secure connected vehicle will require wide range of expertise and thus activities in several fields is needed, leading towards a secure connected vehicle:
- Telecommunications security
- IT security
- Secure design
- Secure development of SW, HW, FW, applications, services and network
- Network design
- Regulations and other legal aspects
- Cyber security
Once a secure vehicle is designed, we will still need means to identify threats, which can be achieved by monitoring and analysis followed by actions based on identified threats. These actions can be based on fixed policy or can be dynamic in nature that would use advanced technologies to learn and adapt.
The above gives a quick holistic view on all that is required to secure a connected vehicle. Lot’s remains to be done.
Last but not least, connected vehicle requires continuous secure life-cycle management with long life of vehicle in mind. This is especially necessary as we move towards the era of secure autonomous vehicle!
Anand R. Prasad
Dr. Anand R. Prasad is a global leader and expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, SOC, Wi-Fi, mobile devices, enterprise and built GRC processes from scratch.
Anand is Founder and CEO of wenovator LLC, a global provider of cybersecurity services and consulting with top-tier clients right across the telecommunications industry. Dr. Prasad is also a Senior Security Advisor of NTT DOCOMO, providing advise on all aspects of cybersecurity for the company, Advisor to CTIF and Advisory to GuardRails. Prior to which he was Chief Information Security Officer of Rakuten Mobile, the world's leading MNO with the very first cloud-native 4G / 5G network implementation. As CISO of Rakuten Mobile Anand led all aspects of enterprise and mobile network security from design, deployment to operations.
With over 20 years of experience, Anand has also held key roles in NEC, Genista, Lucent Technologies and Uniden. He is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books and over 50 peer reviewed publications. Anand was the Chairman of 3GPP SA3 where he led the standardization of 5G security. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands. He is a Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of Cybersecurity Magazine.