Connected car: Where threats meet new business opportunities
Hacker attacks to are well documented, and in the relevant circles are the appropriate tool sets offered, along with detailed instructions how to use them. The main reason why hacking cars is (still) far less widespread than hacking credit card accounts is that there is no business case in remotely tampering with another person’s vehicle. In contrast to the usual hacking attempts designed to enrich the hacker by deviating money to his account, hacking a car is nothing one can make money with. At least for the time being, as some experts believe.
Since there is no guarantee that this state of relative security will remain for ever (actually, it appears rather unlikely). For this reason, the vehicles should be protected against hacking before we read about a fatal incident in the newspaper. Companies dealing with automotive networking like chipmaker NXP, M2M communication expert company Telit Automotive, security technology consultant secunet or software maker Elektrobit believe that by the time the European emergency call initiative (eCall) will be mandatory in cars, the connected car will become prevalent, with all its benefits and drawbacks. For the automotive industry, it is high time to act, representatives of these four companies agreed in the roundtable. "Just like cars have lockable doors, their electronic interior should have an electronic lock", said Lars Reger, Vice President of NXPs Automotive Business unit.
Willem Bulthuis, board member of secunet Security Networks AG, pointed out that security technologies and best practices are readily and well established in the commercial IT. "The automotive industry does not need to reinvent the wheel", he said. Security mechanisms to protect banks, passports or valuable IP are in place. Nevertheless, the new use cases in the connected car require customized security solutions, Bulthuis pointed out.
The automotive industry, though open to discuss the matter, is slow in address security topics, said Dirk Reimer, Vice President Marketing and Sales from Telit Automotive Solutions. "Security technology is always a race against the time", he said. He also said that in general there is to encompassing security concept in place, and the contractual aspects also need to be developed.
The topic is complex: It is not only about protection against intrusion and tampering with software. The matter also includes the question of data ownership – after all, the connected cars is also a data source, generating huge amounts of data that could be interesting for stakeholders of any kind. Take Google, for example. The panel agreed that Google’s interest in building cars is less driven by the desire of building vehicles but by the wish to use and resell the data generated by that vehicles and its passengers. "For every piece of data it is necessary to decide to whom they belong and who has the right to access them", Bulthuis elaborated. "This touches the topic of authentication".
Alexander Kocher, President of Elektrobit’s Automotive Business Segment, focused in his contribution to the discussion to the peculiarities of the Car-to-X technology. "There is always the question how trustable Car-to-X data are", he said, adding that these data are already encrypted. Since these data touch are relevant for many safety issues in the car, he nevertheless expects that the safety standard ISO26262 will get an update to include C2X applications.
The common denominator was that the technology is here, it is available and it needs to be transplanted to the automotive environment. NXP for example believes that its experience with the security technology in the Smart Card and electronic passport sector could be leveraged to give the European automotive industry a leading position in the global competition. "This set of technologies in hardware and software security we have here in Europe is a unique selling proposal", said Reger. "And this does not only refer to NXP, but the entire value chain".
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
