Background Information
Cybersecurity is focused on computer systems that is why the representatives of the general population rarely associate it with the automotive industry. However, the connected car was not a part of sci-fi for a long, and it is offered by 15 brands already (Francisco, 2014). Many people can experience the advantages provided by in-car infotainment systems today. With the help of Wi-Fi and Bluetooth-enabled devices, drivers can use additional functions and adapt the environment around them to their needs (Griffor, 2016). Cybersecurity in the automotive industry also deals with connected parking and after-market services, etc. Thus, it must ensure privacy and security. Not so long ago, it was revealed that hacker groups attacked smartphones, which influenced the connected car (Francisco, 2014). These issues attracted the attention of professionals and made them reconsider the extent of cybersecurity threats.
Threat Assessment
The Vehicle Software
Explanation
The infotainment system represents the main set of computer systems that can be found in the vehicle. It gathers both hardware and software, which means that different security approaches are to be addressed. This system has a low barrier to entry, which makes it vulnerable to attacks. Users have an opportunity to download and install software themselves, gathering it from those websites that do not guarantee a high-quality product.
Risk
Cars tend to have a lot of sensors that make them more vulnerable. The attack surface increases, which makes it easier for hackers to find a gap in security. In addition to that, the software installed by the owner may contain an electronic threat, alter sensitive data, affect the productivity of the system negatively or even remove some significant for proper operation software.
Recommendation
With the help of a trusted secure boot, professionals can ensure that their clients’ software that is already installed is good enough and does not require any changes. It is better to partition operating systems so that if hackers affect one of them, others remain secure. If some updates are needed with time, it is significant to make sure that owners can use virtualization and software containers. In this way, they can alter individual functions and do not implement changes in the whole system. It may also be beneficial to make it impossible for the owners to add/delete the software. However, the possibility to develop some kind of assessment tool for new software seems to be more advantageous because it will not deprive the owners of their privileges but will still ensure security. Authentication is used to make sure that a car is used by its owner but not by some other person. It gathers one’s individual information and provides access on its basis. A physical key that is still often used in the automotive industry cannot provide such benefits, which proves the value of this alternative.
Network Security
Explanation
The majority of hackers who have experience of exploiting desktop systems have no difficulties with targeting the automotive industry focusing on its software. That is why it is often given the greatest priority. A vehicle can be affected through Wi-Fi and Bluetooth connectivity, which means that the attack can be maintained from a distance. It is significant to ensure the security of this system because it focuses not only on the audio and video entertainment but also allows to control navigation system and manipulate the behavior of the car. Hackers do not even need to get close to a vehicle if they want to move wheels, for instance.
Risk
The Internet attacks are currently treated as something ordinary so that the representatives of the general public do not consider them to be very critical. The usage of unsecured legacy protocols can affect the integrity and authenticity of data. Among the main vulnerabilities in the implementation of Bluetooth technology. With its help, a car can be aligned with a smartphone, which is a great advantage for the owner because it simplifies the usage of network systems. However, the device used for the connection can belong to a hacker as well. To minimalize this issue, the majority of companies that operate in the automotive industry use the CANbus network, which is focused on the behavior of a car. However, it fails to provide total security, making it possible for hackers to manipulate a vehicle and threaten people’s lives (Francisco, 2014).
Recommendation
Organizations should maintain monitoring of the behavior of a car. It will be advantageous to implement anomaly detection. In this way, it will be possible to see if a car was approached by a hacker. In addition to that, updated models of network encryption should be used because they are likely to protect the data that is critical for the safety of clients. Device authentication should be maintained because it ensures that a vehicle is approached by its owner. It can be beneficial to restrict network communications. Defining preferred behavior, a client will be able to see if something unusual happened.
The Vehicle Hardware
Explanation
Companies must ensure that the vehicle hardware is well-protected. The way the software operates depends greatly on the condition of hardware and its security. Hackers can obtain access to a vehicle and damage seatbelts or airbags. In addition to that, they can affect the engine firewall.
Risk
Some hardware components have no built-in security features, which means that it can be easily accessed by hackers (Auto Alliance, 2017). If the auto control system is not isolated, it can be approached through other systems. What is more, hackers can affect communications-based functions like navigation and satellite radio.
Recommendations
Focus on boot and software attestation can prevent unauthorized changes and invalid files from influencing client security. It requires the digital signature and product keys that cannot be easily hacked. The usage of the trusted prosecutor module can be advantageous in this perspective because it identifies a proper code and arrests other attempts to get into the system. Tamper protection also focuses on intellectual property. It allows professionals to avoid reverse engineering. It is possible to use Intel Enhanced Privacy ID technology that ensures client anonymity (Intel Security, 2016).
Cloud Security
Explanation
The majority of hackers are ready to deal with basic security when they start working. However, they are not ready to deal with additional security services, which can help to identify and correct those threats that are waiting for a vehicle.
Risk
Lack of collaboration between the stakeholders and poor maintenance of additional support services can lead to the disclosure of critical information and the possibility of obtaining hacked software updates (AUTO-ISAC, 2016). When vulnerabilities are discovered with time, the recall may be needed which can be extremely expensive for the organization.
Recommendation
It is significant to ensure the possibility of remote monitoring and updates, etc. The cloud should be approached with the help of an authenticated channel. The stakeholders should develop proper collaboration so that they can quickly share the information, respond to attacks, and prevent their repetition. The possibility of over-the-air updates should be ensured because it allows reducing expenditures needed to fix the product (CybeRisk, 2016).
Conclusion
Thus, it can be claimed that the current automotive industry is tightly connected with computer systems so that its cybersecurity is to be ensured. Vulnerabilities of connected cars can be found when focusing on their hardware and software systems as well as on network and cloud security. This issue occurs because the infotainment system that is implemented in a vehicle has much in common with desktop systems that are already thoroughly explored by hackers. The majority of risks come from the network system because it deals with the connection of cars to other devices. However, the significance of other weaknesses cannot be neglected. Professionals who operate in the automotive industry should think of the best practices that can help them to prevent hacker attacks or at least respond to them properly. In this way, both clients and companies will be protected.
References
Auto Alliance. (2017). Cybersecurity. Web.
AUTO-ISAC. (2016). Automotive cybersecurity best practices. Web.
CybeRisk. (2016). Automotive cybersecurity – vulnerabilities, challenges, industry response. Web.
Griffor, E. (2016). Handbook of system safety and security. Amsterdam, Netherlands: Elsevier.
Francisco, C. (2014). Fine-tuning cyber-security for vehicles. Web.
Intel Security. (2016). Automotive security best practices. Web.