Another principle that must be applied to all systems is defense-in-depth or multi-layer-security because security in general is only as strong as the weakest link. This means that if one layer of security is breached, the next layer must continue to protect the system. An example: if the infotainment unit is hacked, then the internal firewall will still protect safety-relevant systems like steering controls and brakes from unauthorized access.
As mentioned before, it is important to ensure that the security solutions of a car remain effective during the whole lifetime of a vehicle. Components must have inherent upgrade paths in place to keep the security solutions state-of-the-art and to address potential vulnerabilities that may be found in the future. These upgrades can be applied, for example, at the local dealership or with over-the-air updates.
The level and nature of protection must be in line with the threats in the different functional domains, applications and components in the vehicle. The protection level of an ECU depends on multiple parameters, including the attack surface, the criticality of the functions implemented on it and the protected asset. Components with external connectivity capabilities – e.g. the infotainment system, or the gateway – require a higher level of protection than most of the body control modules.
Potentially vulnerable components should be isolated from safety-critical functions, so the impact from a successful attack can be limited and contained. If a successful attack is detected, core functionality must be maintained and safeguarded to ensure that the car remains functional and safe, but additional functionality (e.g. live video streaming) may be disabled to reduce the potential impact.
Solutions for safe and secure mobility around the globe
All companies in the automotive supply chain must be prepared to continuously invest into cybersecurity solutions to stay ahead of the threats that evolve over time. This requires maintaining a comprehensive and holistic automotive cybersecurity program that includes: products with built-in security capabilities, secure product engineering processes integrated into the normal development flow, internal/external security evaluation and certification, a product security incident response team and a systematic way to share threat intelligence. Building and maintaining a security aware organization is essential as security is becoming integral part of product design.