The fundamental challenge of cybersecurity is not new. They have existed as long as computers have been used in sensitive applications in various industries. Industries face these issues following their level of dependency on computer technology on different timescales and context. Likewise in the automotive sector, the potential capabilities fueled by connected technology offer a multitude of features and services, but with them arises the threat of spiteful attacks. For critical systems security is highly relevant and cannot be compromised. As no solution is foolproof against hackers and abuse, a strong security culture where security is specified across functions, systematically developed and continuously verified and validated is a need of the hour
Higher complexity of vehicle’s electronic system and increasing vehicle volume worldwide are continually on rising which is driven by the acceleration of market requirements. Users expect the car to be safe, which is achieved by electronic driver assistance systems including parking, speed regulation, blind-spot detection, pre-collision and many more. The vehicle is expected to be more comfortable in the aspects including automatic cooling, seat adjustment, performance control, a complete infotainment system and so on.
For reducing the attack surface and protecting critical assets against a variety of threats specific security countermeasures should be applied. Well crafted strategies with best practices and guidelines are always a guarantee. Critical assets need to be protected using a multilayered security approach to reduce the impact of an intrusion. A security framework should be built-upon a defense strategy including a secure interface with the external world, secure network architecture, hardware security modules, reliable supply chain and end-to-end security strategy protecting the chain of loyalty. The countermeasures applied can be:
- Secure in-vehicle communication using mature commercial-off-the-shell cryptographic products for functions such as onboard network segregation, intrusion detection or data filtering.
- Electronic control units hardening by deleting interfaces and services used for development when the vehicle is prepared for release.
- Performing regular survey on cybersecurity evolution, from an intrusion and defense point of view.
- To counter security mono-culture rely on technology diversity
- Maintain security surveillance techniques such as firmware, software updates, and continuous vulnerability management. Maintainability is a significant enabler for extended cryptographic-based protection