As cars get smarter and more connected, they are equipped with more mechanisms that can be targeted in cyberattacks, like infotainment systems and autonomous driving features. And with autonomous features taking over the automobile industry – in preparation for full self-driving cars – these endpoints need to be secured.
According to BlackBerry, however, the real challenge is securing the supply chain manufacturing these smart vehicles. With so many actors in the supply chain space individually contributing hardware or software, there is a higher risk of one of them accidentally introducing something harmful or not fully securing a part, which could result in the entire vehicle being compromised.
“Any of the hundreds of suppliers could introduce something harmful during manufacturing that can affect the car,” Sandeep Chennakeshu, president of BlackBerry Technology Solutions, explains. “Things like power windows and entertainment systems, or even more critical car components like braking, can all be corrupted. How do you keep them safe and how do you make sure critical pieces aren’t affected even if some of the others go down? And how do you protect them over 10-12 years? Security needs to be maintained for the entire life of the car, this isn’t a one-stop fix.”
While the company has moved away from manufacturing mobile devices, BlackBerry has continued to make a name for itself in the security space. Its latest whitepaper lays out seven crucial security recommendations to harden automobile electronics from attacks in a more digital, connected future.
The Seven Pillar Framework:
- Secure the supply chain – Pretty self-explanatory but the real question is how can this be done? BlackBerry suggests ensuring every chip and electronic control unit (ECU) in a vehicle be properly authenticated and loaded with trusted software through the use of a private key, which can be injected into every silicon chip during manufacturing. The company also says using software scanning tools that can diagnose vulnerabilities in vehicle software automatically is necessary, as well as constant penetration and vulnerability testing to make sure every component anywhere in the supply chain is working properly.
- Use trusted components – BlackBerry recommends using proven components with defense in depth, which follows a “vault within a vault within a vault” concept – if you break through one security barrier, there should be more, harder to open layers. This crypo-toolkit is an industry best practice and uses secure architecture that is preventative and diagnostic by nature so that the root of trust is never compromised. And when it comes to applications, they should be actively managed and only given selective access to other interfaces so that if they gain unauthorized access, they can be shut down.
- Isolation – Separating critical and non-critical ECUs is key so that even though non-critical ECUs like entertainment run on the same computer chips as critical elements like the braking system, if one goes down, it won’t affect the rest. The communication between ECUs also needs to be authenticated so that one doesn’t infect the rest. BlackBerry says this isolation and managed communication should be done using hypervisors and gateways, which controls and manages access between ECUs, “effectively making a firewall,” says Chennakeshu.
- In-field health check – Ensuring a vehicle is working properly and secure at the time of sale just doesn’t cut it. Manufacturers need to maintain the health of the car, which includes cybersecurity, on the road for its entire lifespan, whether that be five years or 20. BlackBerry recommends all software should have integrated analytics and diagnostics capabilities to capture and report data for further analysis, and have the ability to be scanned regularly when in the field for anomalies so that appropriate action can be taken as soon as possible.
- Rapid incident response network – No manufacturer can do it alone – there is strength in numbers. The whitepaper says that companies should create a secure network and database to share common vulnerabilities and exposures amongst themselves to improve and speed up solutions. Chennakeshu explains that a software security patch can take anywhere to 30 to 60 days to deploy, but with stakeholders working together and sharing information, this can be reduced significantly. While these companies need to be mindful of the confidentiality surrounding consumer data, this can be done in a properly protected way.
- Lifecycle management system – With vehicles increasingly relying on digital systems, fixing software-related problems while on the road through over the air (OTA) updates will be crucial. The smarter cars are the more this will be able to happen, saving owners the time of bringing their cars into the shop to be fixed. Related to pillar four, when an issue is detected in vehicle software, it should proactively be able to be re-secured OTA. BlackBerry has built a unified endpoint management system capable of this feat.
- Safety/security culture – Last but not least, fostering a safety-oriented culture is an important step in avoiding security lapses. Every company, manufacturer, and supplier involved in building a vehicle in the automotive industry should be educated with best practices and trained in safety/security.
“Current practices and standards are inadequate,” the report says. “For example, functional safety standards like ISO 26262 (ASIL-A to ASIL-D), information sharing like Auto-ISAC, software coding guidelines like MISRA and the NHTSA 5-Star overall safety scores (which is more to do with collision), add value but do not solve the cyber security and safety problem described. These are point solutions not holistic solutions. There is need for a much more holistic cyber security solution for automobiles.”