• The Universal Integrated Circuit Card (UICC), which allows for bi-directional authentication between the endpoint and the network.
• Secure boot capabilities to protect against malware corrupting the operating system.
• Firmware verification using encryption.
• Deep Packet Inspection (DPI) security to identify malicious content before it reaches the vehicle.
• Following the “rule of least privilege” to ensure that each entity only has access to the minimum information and resources needed to perform its function.
• Establishing secure vehicle app stores.
• Providing secure storage in the vehicle to protect keys, firmware updates, certificates and other information.
Because there are so many components involved in vehicle connectivity, a centralized security model could be a good approach. “All communication links would go through a central security module, whether that’s a physical link through a dongle or over the air link through the mobile network,” Gage says. “Everything would cycle through this one module, which would be updated constantly to identify risks.”
What makes this challenging in automotive is that there a number entry points, and there may be multiple networks involved – passengers and the vehicle may be using several different wireless networks at the same time.
ATIS also outlined a proposed engagement model between automotive and telecommunications companies. Those steps would include:
• Create a sub-committee of the Automotive Information Sharing and Analysis Center (Auto-ISAC) including telecom, OEM and other supplier members to address cybersecurity and define connected vehicle use cases.
• ATIS could expand its cybersecurity working group to engage vehicle OEMs and share best practices. Those could include establishing ongoing monitoring of vehicle connectivity by carriers, providing fully managed vehicle connections, and ensure secure, guaranteed delivery of content to vehicles.
• ATIS and Auto-ISAC could reach out to other industry groups to share best practices. Such groups could include the 5G Automotive Association, European Union Agency for Network and Information Security, etc.
Gage says that the federal government can play a role by conducting more research and encouraging adoption of industry best practices. He points to NHTSA’s role in working with industry to accelerate the adoption of automatic braking systems as a good example.
“If we wait for studies to be concluded and data to be certified, we run the risk that we’ll wait too long,” Gage says.
Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.