Security landscape: Vehicle protection from factory to backend
When it comes to IT security for connected and automated vehicles, weaknesses cannot be tolerated. But such weaknesses do not lurk just in the vehicle itself. Attackers could gain access to vehicle data or cryptographic keys during the manufacturing process. Or cyberattacks could spread beyond the vehicle into the associated backend systems and mobility services. That’s why integrated automotive security must unite manufacturing IT security, embedded IT security, and enterprise IT security.
Automotive security starts in production
IT security for vehicles is effective only when it is an integral part of their development and manufacture. In the same vein, production of vehicles and their individual components must be protected against cyberattacks and data theft. Should attackers infect the ECUs with malware during production, for instance, or gain access to their cryptographic material, the results would be disastrous. To avoid such a scenario, automotive security must be factored in right from the start – in the connected manufacturing processes used in the automotive industry. This entails protecting the production facilities and processes themselves against unauthorized access. And in ECU production, for example, key material provided by automakers must be distributed as needed among production sites, where it is stored on production key servers before being introduced into the ECUs during the manufacturing process. This technique ensures that the ECUs can perform IT-secured data exchange once installed in the vehicle.
Protecting the vehicle using embedded security components
In addition, various security components are required to protect vehicles in road traffic across all functional levels, depending on the degree of connectivity and automation. It starts with the processor of an individual ECU, extends to protecting on-board communication and the E/E architecture, and continues through to specific security solutions for V2X communication and vehicle IT infrastructure. This approach calls for embedded automotive security solutions that interact according to the individual security approach of each vehicle platform: HSM firmware, ASPICE-compliant cryptographic library, automotive ethernet firewall, intrusion detection system (IDS), protection of keyless locking systems, SDK for secure V2X communication and protection of the V2X infrastructure, and solutions for secure over-the-air data transmission.
All the way to the backend: Concerted security measures across the board
Security-specific backend services are indispensable in maintaining the IT security of vehicles over their entire life cycle, and throughout many development cycles of cyberattacks. In the Security Operations Center, cyberattacks on the vehicle fleet are aggregated, evaluated with self-learning analysis tools, and forensically evaluated, so that security updates can be rolled out. It is also essential to protect the operating backend systems, hosting systems, and data streams for the vehicle’s connected online services (e.g. for map updates) or mobility services (e.g. car sharing or ride hailing) at all times. Demand is as high for automotive-specific security expertise as it is for traditional enterprise IT security tools – for example, big data analysis systems for the security backend as well as consulting and security services for vulnerability management and incident response.
Summary: With increasingly connected manufacturing, connected vehicles on the road, and connected backend services, the automotive industry must coordinate its IT security measures across the board. Covering the development, production, marketing, and operation of vehicles and mobility services as well as the protection of data and know-how, in the future IT security must be thoroughly embedded in automakers’ DNA.
You can find an overview of ESCRYPT’s automotive security portfolio here.