Securing the Connected Vehicle

There has been widespread discussion about connected vehicle security, enough material on this is available on the web. Attacks on vehicle has huge implications but if we look around, only top few vehicles are connected and it will take long before all vehicles on the road become part of the connected caravan. This because of the cost associated and average lifetime of a vehicle. Still, any attack on vehicle is of major concern as it relates directly to the human life. Thus vehicle security has to be taken seriously. 

There are several opinion out there in security, some referring to a vehicle as a Internet of things (IOT) device but vehicle should not be bunched in the IOT lot. Vehicle is a collection of IOT devices with different services and deserves a different angle for security considerations. 

There are several angles from which connected vehicle security should be considered so as to provide a holistic solution:

  • Inside vehicle
    • Securing of sensing, computing and communications centers as well as systems of vehicle, i.e. various endpoints
    • Communication security between these endpoints
  • Interface to outside
    • Security of communication from/to vehicle 
    • Management related security 
    • Servicing and operations security 
  • Privacy and government 
    • Privacy of the user, usage etc.
    • Lawful (legal implications), regulatory (compliance) and interception(LI) aspects
  • Service
    • Health and insurance 
    • Service type (car sharing, vehicle as a service, media)related security 
  • Enterprise
    • A vehicle is a platform that allows many different services or components to be deployed. Thus security of enterprise providing the services or components and related communication is required. 

Designing of secure connected vehicle will require wide range of expertise and thus activities in several fields is needed, leading towards a secure connected vehicle:

  • Telecommunications security
  • IT security
  • Standardization
  • Secure design
  • Secure development of SW, HW, FW, applications, services and network
  • Network design
  • Operations 
  • Regulations and other legal aspects 
  • Cyber security

Once a secure vehicle is designed, we will still need means to identify threats, which can be achieved by monitoring and analysis followed by actions based on identified threats. These actions can be based on fixed policy or can be dynamic in nature that would use advanced technologies to learn and adapt. 

The above gives a quick holistic view on all that is required to secure a connected vehicle. Lot’s remains to be done. 

Last but not least, connected vehicle requires continuous secure life-cycle management with long life of vehicle in mind. This is especially necessary as we move towards the era of secure autonomous vehicle!

Anand R. Prasad
Chief Information Security Officer at Rakuten Mobile Network | LinkedIn Profile

Anand is Chief Information Security Officer of Rakuten Mobile Network responsible of 4G, 5G and network security. Prior to joining Rakuten, Anand has over 20 years of experience in the mobile and wireless networking industry with key roles in NEC Corporation, NTT DOCOMO, Genista Corporation, Lucent Technologies and Uniden Corporation. Anand is an innovator with over 50 patents, a recognized keynote speaker (RSA, Global Wireless Summit (GWS), MWC, ICT etc.) and a prolific writer with 6 books & over 50 peer reviewed publications.

Anand is the Chairman of 3GPP SA3 -the mobile communications security and privacy group-, was governing council member of TSDSI, governing body member of GISFI, Fellow of IET, Fellow of IETE and Certified Information Systems Security Professional (CISSP).

Leave a Reply

Your email address will not be published. Required fields are marked *