Reducing Attack Surfaces, Hardening Cybersecurity

Yoram Berholtz

by Yoram Berholtz, Director Business Development, Argus

With the WannaCry ransomware still lingering, the threat of a car held for ransom has begun to receive widespread attention beyond the automotive cyber security community. Ransomware attacks provide thieves easy money, and connected cars are potentially lucrative targets.

Could it happen? Yes, surmised an EE Times article, “Your Money or Your Brakes,” per expert analysis from Andy Davis, transport assurance practice director at NCC Group, and a member of the FASTR℠ Technical Steering Committee. And, indeed, the conclusion was affirmed by ransomware attacks at European car plants this month.

It’s important to temper concerns—even founded ones, like the threat of ransomware—with understanding of the real-world advances that are being made today toward realization of tomorrow’s “organically secure” vehicles, however.

While there always will be cybersecurity threats, tomorrow’s vehicles are being engineered to be systematically more able to deal with those threats in a safe and predictable manner and, ultimately, to self-heal. The FASTR nonprofit research consortium is marshaling collaboration among the vanguard of the world’s leading R&D organizations working to reduce attack surfaces and harden cybersecurity capabilities:

  • Reducing the number of remote end points and strengthening authentication across threat surfaces (e.g., On-Star, software over the air (OTA), infotainment/navigation and add-ons such as insurance on-board diagnostics (“ODB”)
  • Decreasing access points for physical attacks and making access harder across ODB, short-range radios, car networking and electronic control units (ECUs)
  • Reducing the number of places across the supply chain (component MFG, assembly, transit, integration, etc.) where security must be implemented and improving attestation
  • Incorporating multi-layered cyber security solutions that protect the entire vehicle ecosystem including individual ECUs on the in-vehicle network, the in-vehicle network, and the connectivity modules of the vehicle
  • Providing the back-end systems to monitor and analyze data from the vehicle fleet and respond to attacks before they create damage by immediately updating vehicles on the road

The connected and autonomous cars of the future offer revolutionary benefits: dramatic reduction in accidents, alleviation of city congestion, mobility for all and more. All of the benefits will rely on non-negotiable automotive security, as well as the actionable R&D and inclusive, diverse, multifaceted collaboration that FASTR fuels.