Vehicle Security Guidance Releases

Tuesday, May 30, 2017 @ 12:05 PM gHale

As vehicles get more connected each model year, a first ever research and guidance report on vehicle security ended up released by the Cloud Security Alliance (CSA).

Headlines covering stories like the Jeep hack and the Tesla hack show how critical it is to ensure the security of connected vehicles. Hackers’ ability to hijack control of connected vehicles is now proven very real.

Connected Car: Start Thinking Security
Tesla Fixes Gateway ECU Issue
Drawing Up Plans for Auto Security
VW Starts Security Firm

“Observations and Recommendations on Connected Vehicle Security,” was put together by the CSA’s Internet of Things (IoT) Working Group.

The report provides a comprehensive perspective on vehicle security connectivity design, possible attack vectors of concern, and recommendations for securing the connected vehicle environment.

“In the near future, connected vehicles will operate in a complex ecosystem that connecting vehicles not only with each other and the traffic infrastructure, but also with new forms of connectivity and relationships to cloud-based services, smart homes, and even smart cites,” said Brian Russell, chair of the CSA IoT Working Group. “For a safe and secure transportation system, the community must take a fresh look at the larger picture, and develop the policies, designs, and operations that incorporate security throughout the development.”

Automobile connectivity today continues to evolve.

Platforms designed in the pre-connected era are now being connected in multiple ways. This has allowed security researchers to gain access to sensitive vehicles.

Sensitive functions can end up compromised via direct access, such as with USB and the On Board Diagnostic (OBD-II) port, or by remote access such as infotainment consoles, Bluetooth, WiFi and cellular devices.

“There are a number of motivations for bad actors to compromise connected vehicle components and technologies, ranging from curious hackers attempting to demonstrate weaknesses, to malicious entities attempting to cause harm, on both small and large scales,” said John Yeoh, senior research analyst at the CSA. “Only through the thoughtful use of disruptive technologies such as big data, machine learning and artificial intelligence can we help build a better, safer and more secure connected vehicle ecosystem.”

Leave a Reply

You must be logged in to post a comment.