Data Security in Connected Vehicles
Connectivity has worked its way very quickly into automotive language, and the potential benefits of connected vehicles are widespread. The notion of autonomous cars driving us around while communicating with the infrastructure and other vehicles is no longer a vision, but fast becoming a reality.
Increasingly sophisticated electronics in cars are now also responsible for a variety of safety functions, including a host of driver assistance systems on the road to fully autonomous vehicles. The level of computing power in today’s cars has increased beyond recognition, to the point where a ‘computer on wheels’ is not an entirely inaccurate description. With huge amounts of data being transferred both within the vehicle and to intelligent transport systems, security is of paramount concern.
Cyber security is an incredibly broad subject, and the mainstream definition that most are familiar with is that of protecting personal devices such as PCs and smartphones. The automotive sector has a number of other considerations to take into account, however. Cyber attacks on Industrial Control Systems have increased significantly in the last decade - particularly in the energy sector, and there are comparisons to be drawn.
Another issue surrounds the vehicle owner and his or her access to data. In traditional mechanical vehicles most owners would assume that the OEM has carried out all necessary safety checks, but The Car Hackers Handbook (a free online publication) suggests that owners ought to have the right to access data in their vehicle as a matter of course to be able to confirm that the data is protected. This is an interesting, but controversial point. If access to the ECUs that control critical driving systems is available, it opens up a real danger of ‘hacking’ - e.g. changing the way that systems work. In many cases a ‘hack’ is an improvement upon a particular system, but in the case of vehicles it is clearly not ideal for people to tamper with the operation of any driver safety functions.
Protecting such systems and maintaining data protection will be vital for consumer confidence as connected vehicles develop, and any cyber attacks are sure to draw vast coverage in the media. This is where OEMs must be vigilant. We have seen in various other industries the game of ‘cat and mouse’ between cyber criminals and authorities, and it is a battle that has no end. Those charged with protecting computer systems must be ever aware.
Translating cyber security to an industry where the product is intended to last for ten years and more is a difficult task, and one which will help to shape the HMI systems of the future.
Potential Security Threats
So what are the real threats to security? There is some disagreement in the industry as to exactly how concerned we should be, but lessons from other - sometimes similar - industries suggest a growing problem. As new services are developed, new cyber threats are born. This has been witnessed in online retail and gaming industries in recent years. Cyber crime was not considered a huge threat to the building industry, but the development of BIM (Business Information Modelling) systems in the last two years has seen an increased focus on security vulnerabilities. Similarly, existing industrial SCADA (Supervisory Control and Data Acquisition) systems have also been under attack. These examples are important to the automotive industry for two reasons:
- Those are mature industries where computer systems have not traditionally been designed for internet connectivity, and therefore lack the necessary in-built security.
- Those industries also have long product development cycles - so even if existing cyber threats are taken into account upon design, new threats may have emerged by the time they reach the market, and almost certainly by the time products reach end of life cycle.
Automotive Specific Challenges
Yet further issues arise when considering driver responsibility. The types of data mentioned above are commonly found in various digital storage systems where security is overtly highlighted to the end user - almost all new computers are supplied with anti-virus software for example.
How exactly this is translated to the driver of a connected vehicle, opens up a number of questions. How much responsibility must a driver take for the protection of their vehicle? If software is increasingly used to control safety systems and driver assistance functions, at what point can software failure be attributed as the cause of an accident? And how can it be determined if indeed the cause was a software failure or the result of a cyber attack?
Legislation and Industry Collaboration
Clearly there are a number of questions for the industry to grapple with, and both legislators and OEMs are beginning to tackle the big issues.
New data protection rules were passed by the EU in 2016 - a decision that was welcomed by the European Automobile Manufacturers’ Association (ACEA). Secretary General of the ACEA, Erik Jonnaert, said “This regulation arguably gives us the most modern data protection regime in the world; one that was conceived explicitly to deal with issues arising with regard to connected products and services.”
The ACEA, which is comprised of 15 Europe-based manufacturers, also published its own industry strategy paper on connectivity, and a statement setting out five principles of data protection to which the industry in Europe will adhere:
- We are transparent;
- We give customers choice;
- We always take data protection into account;
- We maintain data security;
- We process personal data in a proportionate manner.
Protecting Data and Maintaining Security
In its industry strategy paper, the ACEA gave a clear indication of where European manufacturers stand in terms of connectivity and security. The paper states that security and safety are the top priority in protection of the vehicle’s control units from hacking, manipulation and malware.
The ACEA also acknowledged the need to evolve continuously to respond to emerging risks, and cites the newly-formed automotive Information Sharing and Analysis Centre (ISAC), which has been established to enable manufacturers, suppliers, telecommunication companies and ICT firms to share information about the latest security threats and countermeasures. The ACEA also warned that:
Vehicle manufacturers are fundamentally willing to share selected vehicle data with third parties, provided this occurs in a way that meets strict requirements for road and product safety, as well as data security, and does not undermine their liability.
This may be a sign that the automotive industry is drawing the curtains to a degree on large ICT companies such as Apple and Google, which have infiltrated the HMI sector in recent years. The report goes on to suggest that the free flow of information not only presents security risks, but also has the potential to damage the commercial competitiveness of manufacturers.
The paper goes on to suggest that the ‘extended vehicle’ is the best technical solution - a standardized solution which is safe and secure. The extended vehicle is defined as a physical road vehicle with external software and hardware extensions for some of its features. These extensions are developed, implemented and managed by the vehicle manufacturer. The OEM is also responsible for all communication among the various parts of the extended vehicle, especially between internal and external software and hardware components.
Thus the extended vehicle offers open yet protected access interfaces for the provision of services by manufacturer or third parties. The recommended access methods include the on-board diagnostics interface, a standardized web interface for remote diagnostic support or fleet management, and an interface for safety-related applications in the field of cooperative intelligent transport systems.
While the automotive industry is open to the benefits of connected vehicles, the HMI interface in particular can present security risks if data is accessible for third parties in the interest of providing services to the driver. The ACEA has used this point to reinforce the OEMs desire to stay in control of their own systems and the way in which data can be accessed.
This, of course, is just one issue amongst a number of challenges relating to security. Once connected to the internet, any device or system becomes immediately vulnerable to attack, and organizations such as the automotive ICAS will become increasingly relevant in the coming years, as the cyber-war enters a new battleground of transportation.