Securing the Connected Vehicle

There has been widespread discussion about connected vehicle security, enough material on this is available on the web. Attacks on vehicle has huge implications but if we look around, only top few vehicles are connected and it will take long before all vehicles on the road become part of the connected caravan. This because of the cost associated and average lifetime of a vehicle. Still, any attack on vehicle is of major concern as it relates directly to the human life. Thus vehicle security has to be taken seriously. 

There are several opinion out there in security, some referring to a vehicle as a Internet of things (IOT) device but vehicle should not be bunched in the IOT lot. Vehicle is a collection of IOT devices with different services and deserves a different angle for security considerations. 

There are several angles from which connected vehicle security should be considered so as to provide a holistic solution:

  • Inside vehicle
    • Securing of sensing, computing and communications centers as well as systems of vehicle, i.e. various endpoints
    • Communication security between these endpoints
  • Interface to outside
    • Security of communication from/to vehicle 
    • Management related security 
    • Servicing and operations security 
  • Privacy and government 
    • Privacy of the user, usage etc.
    • Lawful (legal implications), regulatory (compliance) and interception(LI) aspects
  • Service
    • Health and insurance 
    • Service type (car sharing, vehicle as a service, media)related security 
  • Enterprise
    • A vehicle is a platform that allows many different services or components to be deployed. Thus security of enterprise providing the services or components and related communication is required. 
POP

Designing of secure connected vehicle will require wide range of expertise and thus activities in several fields is needed, leading towards a secure connected vehicle:

  • Telecommunications security
  • IT security
  • Standardization
  • Secure design
  • Secure development of SW, HW, FW, applications, services and network
  • Network design
  • Operations 
  • Regulations and other legal aspects 
  • Cyber security

Once a secure vehicle is designed, we will still need means to identify threats, which can be achieved by monitoring and analysis followed by actions based on identified threats. These actions can be based on fixed policy or can be dynamic in nature that would use advanced technologies to learn and adapt. 

The above gives a quick holistic view on all that is required to secure a connected vehicle. Lot’s remains to be done. 

Last but not least, connected vehicle requires continuous secure life-cycle management with long life of vehicle in mind. This is especially necessary as we move towards the era of secure autonomous vehicle!

Print Friendly, PDF & Email
Anand R. Prasad
CEO and Founder at wenovator LLC

Dr. ir. Anand R. Prasad is a global leader & expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, WiFi, mobile devices, enterprise and built GRC processes from scratch. Anand has globally propagated the concept of security as the business driver with security being holistic as well as inherent to a system while considering business and architectural implications.

Anand is Founder and CEO of wenovator while he heads Rakuten Mobile’s network security and enterprise security as CISO. Anand has over 20 years of experience in the mobile and wireless networking industry with key roles in NEC Corporation, NTT DOCOMO, Genista Corporation, Lucent Technologies and Uniden Corporation. Anand is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books & over 50 peer reviewed publications.

Anand was the Chairman of 3GPP SA3 where, among others, he led the standardisation of 5G security. He was governing council member of TSDSI, is governing body member of GISFI, Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of the Cybersecurity Magazine. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands.

 

Leave a Reply

Your email address will not be published. Required fields are marked *