Did you know that the automotive industry is still “ill equipped” to protect connected vehicles from hackers due to lagging security standards? Indeed, industry leaders have only begun to seriously explore more effective methods of securing a new wave of smart, semi autonomous vehicles.
“Modern vehicles are essentially a network of networks – equipped with a range of embedded communication methods and capabilities,” said Joe Gullo, the senior director for Rambus Ecosystem strategy and development. “As such, there is broad consensus that vehicle cyber security should rank as a top priority for the automotive industry.”
Gullo, who recently attended ESCAR (Europe) and the Connected Car Expo, told Rambus Press the biggest hurdle to achieving comprehensive vehicular security is the lack of clearly defined industry standards.
“Frankly, security in the automotive market today reminds me of how the nascent debit/credit card space was before the financial industry reached consensus on implementing a secure payment system,” he said. “Currently, there is no defined vehicle security specification that has been adopted industry-wide. This is unfortunate, as the problem is only going to get worse.”
According to Gullo, adopting a hardware-first approach to security and implementing the necessary functionality on the SoC level is a key element of securing embedded automotive technology.
“During multiple discussions with industry peers at both ESCAR and the Connected Car Expo, I emphasized that a software-centric security approach for vehicles will inevitably require frequent patches due to unforeseen vulnerabilities,” he explained. “In addition, I asked what happens 8 or 10 years from now when an automotive company chooses to discontinue critical software updates?”
To avoid potentially dangerous scenarios, says Gullo, vehicles should be equipped with robust DPA countermeasures to protect against side-channel attacks. In addition, the automotive industry needs to shield vehicle peripherals and components against tampering, as well as provide secure OTA updates for various systems.
As we’ve previously discussed on Rambus Press, adopting a hardware-first approach to security and implementing the necessary functionality on the SoC level is a key element of securing embedded automotive technology. To be sure, vehicle manufacturers should collaborate on formulating strong hardware-based security standards and isolation mechanisms that offer multiple layers of protection against various forms of attack.