Rick Richardson's Views On Technology
  • Home
  • Blog

Securing the Data Center on Wheels

9/17/2017

0 Comments

 
Picture
Today’s connected car is not so much a smartphone on wheels; with so many microprocessors chatting with one another across and beyond the vehicle, it is now more aptly described as a data center on wheels.
A tremendous influx of software content, connectivity, entertainment services and autonomy functionality is transforming vehicles. We are rapidly approaching a point in which the automobile will be built around the software, as opposed to the other way around.

Tesla recently made the first deliveries of its mass market “Model 3” electric vehicle. Controls are focused around a large touch screen and the shifter adds “Autopilot” to the traditional “Park”, “Reverse”, “Neutral” and “Drive” options. Full self-driving capability is promised for a later date with simply an Over-the-Air software update.

This generalized shift to software, in turn, means the opportunity for a cyber-attack is growing rapidly. Even with the larger potential attack surface, and while cybersecurity threats will never be eliminated altogether, it is also true that substantial work is taking place to engineer tomorrow’s vehicles to be systematically more able to deal with those threats in a safe and predictable manner.

Vehicle manufacturers have announced these important vehicle cybersecurity enhancements:
     •  Building-in security features to protect safety critical systems,
     •  Isolation of control systems from communications systems,
     •  Leveraging security techniques to limit unauthorized access to software and updates,
     •  Use of threat modeling and simulated attacks to inform design decisions and
   • Creation of the  Auto ISAC (Automotive Information Sharing and Analysis Center) to enhance cybersecurity awareness and collaboration across the industry.

Cybersecurity is being moved to the vehicle’s design foundation, thanks to increased coordination across the broadening, diversifying automotive ecosystem. We are seeing the industry move away from the traditional point-to-point approach to self-healing systems.

The effect is the emergence of a holistic, systems-level approach to building organically secure vehicles that are ultimately capable of self-healing. Self-healing means responding to the inevitable cybersecurity threats in a safe and predictable manner. For example, in detecting and suppressing the introduction of malware or anomalous instructions in the auto ecosystem from manufacturers and suppliers, to communication and control systems throughout vehicle lifetimes.

Security by Design. Security simply can no longer be an afterthought. Security must be a foundational consideration throughout the entire software-development flow for automobiles, from design to delivery. Original equipment manufacturers (OEMs), Tier 1 suppliers and other industry stakeholders must all start wearing their Chief Security Officer hat.

The industry has always had a strong emphasis on physical security; security processes for brakes, steering and other physical components have long been intensely codified. So sudden has been the surge toward software in vehicles, however, that it has somewhat crept up on the industry. Cybersecurity has effectively been stapled on top of more and more sophisticated services leveraging increased Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communications. 

There have been some limited-in-scope efforts to move toward an approach of security by design and establish shared guidelines. For example, the U.S. Department of Transportation (DoT) set up the Public Key Infrastructure (PKI) and its certification process that ensures trust and security in the building of V2V and V2I systems.

There is now recognition growing across the industry that the collaboration must be significantly more inclusive in order to sufficiently address the challenges. In the last two years, cybersecurity incidents have been reported broadly across the industry at Chrysler, Ford, GM and Tesla, as well as in commercial vehicles. High tech car thieves today are leveraging laptops and potentially even smartphone apps to steal vehicles.
Risk Management. There is a bit of sensational hysteria growing around the global security conversation with automobiles becoming more and more connected and autonomous. The truth is that the global, increasingly broad automotive ecosystem is working more collaboratively to architect vehicles with cybersecurity at their foundation.

Risk based approaches such as NIST’s Cybersecurity Framework (CsF) are already mandatory for government agencies and recommended for critical infrastructure such as transportation.

Reporting, Sharing and Training. While the automotive industry has a very mature approach to reporting, information sharing and training when it comes to physical issues with the car—well-defined reporting and recall processes around a problem with the brake or accelerator, etc.—the model around software and cybersecurity is not nearly as formalized.
​
The good news is that new technologies such as automotive Intrusion Prevention Systems (IPS) and Runtime App Self Protection (RASP) are emerging to limit the scale of harm that can be unleashed by any single attack, to reduce attack surfaces and to harden cybersecurity capabilities. Because coordination is increasing, the ecosystem is moving toward a system-of-systems approach to automotive security.
0 Comments



Leave a Reply.

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.