Automotive Cyber Security: An Issue For the Future?
As cars and other vehicles join the Internet of Things (IoT) and edge closer towards full connectivity, it’s worth standing back and taking a good look at what that will actually mean and, ultimately, how it could bring the things we love grinding to a halt.
In design since the mid-1990’s, a connected car is one that comes equipped with Internet access, and usually also with a wireless local area network, but also has a huge level of interconnectivity within it. The wi-fi and external connection allows the car to share internet access with other devices both inside and outside the vehicle, while the internal connectivity controls the running of the engine, sensors and management systems.
By this connectivity, the engine and other critical systems can be constantly monitored, and security systems enabled and activated as required. While this connectivity is there to ensure the top performance and safety of the vehicle, there is increasing concern that because it has a route in through the internet connection, the car’s systems could be controlled by an outside person under certain circumstances.
Onboard Connection: Gift or Curse?
Often, the car is also outfitted with dedicated technologies that tap into the general internet or a wireless LAN and provide additional benefits to the driver such as hands-free communications, traffic and weather updates, and in-car entertainment. Connection is on the increase and it is expected that as many as 75% of new cars shipped in 2020 will have full internet connectivity, but alarm bells are starting to ring. Tests carried out with Ford and Jeep models in America have shown that it is possible for an outside person to access the onboard hub, and from there, potentially take control of the vehicle’s systems. If that happens, then who knows where it will end, and the safety aspects alone are terrifying.
For safety-critical applications, it is anticipated that cars will also be connected using Dedicated Short-Range Communication (DSRC) radios, operating in the FCC-granted 5.9GHz band with very low latency, but the rise of hackers with increased skills has made the possibility of even encrypted systems being under threat.
Autonomous vehicles at Risk?
Obviously, if a hacker can gain access to your car’s systems and stop it, it is enormously concerning, but with the rise of autonomous vehicles, the possibilities that a hacker could not only take over control of on-board internet access, but actually gain full control of all the vehicle’s functions becomes a nightmare scenario. Plainly, cyber security is a huge issue, and both governments and car manufacturers will need to be more aware of the problems associated with the increased level of connectivity and sophistication that we apply to vehicles. There have already been acknowledgements of the problem from both sides and this has prompted a review of the key principles of vehicle cyber security for connected and automated vehicles, which has resulted in a number of axioms regarding how vehicle security is tackled.
Cyber Security Principles
The UK Government has spearheaded the drive for better cyber security for road vehicles, and has produced an eight-principle outline that covers all aspects of the area. These eight proposals form the foundations of a totally secure system that will need to be adopted by all manufacturers – including subcontractors and suppliers – to ensure that there is no weak point in the system.
The premise behind the UK security principles is that a product can only be secured if it is designed with security in mind in the first place. Applying a quick fix to an unsecure product does not only add unnecessary complexity, extra cost, and even possibly weight, but can also be easier to overcome than purpose designed products as they may not structurally solve the vulnerability challenge.
Other areas such as aviation and nuclear industries have already started adopting a set of different design approaches rather than simple additional technologies as the ultimate solution is not seen to exist from additive. Future car design must be “cyber security native” – designed in – by integrating security solutions into the earliest stages of product design rather than having extra code or devices added at a later stage.
The World Gathers
Meanwhile, over in Japan, cyber security is big news, with the forthcoming cyber security conference due at the end of September, and many of the big-name companies associated with connectivity in cars are due to attend. This conference is seen as a major milestone as it will mark a new era in an array of companies wanting to build their products into the connected cars of the future. The need for cyber security is obvious amongst the Japanese manufacturers and third-party suppliers are vying to become part of what is regarded as a huge new market in automobile cyber security solutions.
The systems of any onboard portals in vehicles have to be able to work, and access outside elements together yet withstand manipulation from unwanted external sources. The only logical way to do this currently is to use advanced encryption methods to prevent a third party being able to break in.
Encryption is a system of encoding information so that it can only be read by authorised users, and prevents interference by disallowing any data that is not presented in the right form or is not preceded by a key, which allows access to the software. However, encryption is only locked by a key, which any information being legitimately sent to the vehicle must have, and anyone possessing that key can effectively gain access to it. Therefore, vehicle security is solely based on the premise that the key cannot be bypassed, or obtained, and if it can be some means, then the security is essentially defunct.
Cyber security is a relatively new aspect of motoring and has only become an issue as we strive to connect our vehicles for an enhanced driving experience and, ultimately, to remove the driver from the vehicle completely. As we head towards truly autonomous vehicles, the safeguarding of them will become increasingly necessary, and that will mean that the industry will have to design electronic and computing systems which can withstand cyber-attacks and put the safety of the vehicle and its passengers in the highest priority.