Connected cars: Secure by design

Business

With information technologies becoming an integral part of areas not traditionally considered to be related to computers, the importance of cybersecurity is growing. These days, in many cases, the safety of physical objects — and even human lives — depends on strong cybersecurity. This is how things are going (or how it will be in the very near future) in the car industry: According to Gartner’s prediction, a quarter billion connected cars will be on the road by 2020. That is why it is vital to implement the idea of information security right from the very start, at the stage of designing those connected cars.

We have been actively working in collaboration with manufacturers of cars and associated cybersystem components on creating defence mechanisms that are able to secure on-board computers against existing and predictable cyberthreats.

Fortunately, many manufacturers of cars and on-board car systems understand the significance of information security and are already thinking about ways to protect connected cars’ computer systems, which are not yet widespread. At Kaspersky Lab, we stand ready to assist those manufacturers in every way possible — and we have the rich experience and expert knowledge needed to create information systems that are protected by design.

We have been actively working in collaboration with manufacturers of cars and associated cybersystem components on creating defence mechanisms that are able to secure on-board computers against existing and predictable cyberthreats. Specifically, recently, we formed a strategic partnership agreement with the AVL Software and Functions company. Within the scope of the agreement, we shall develop a secure gateway powered by our own operating system, KasperskyOS, which will enable secure data exchange between the components of a connected car and between the on-board information system and an external IT infrastructure.

Using a platform that is protected by design and based on our OS will make it possible to create a gateway that is not only secure but also customizable. After all, the main problem with implementing security mechanisms in contemporary cars is that the automobile market has a very large planning horizon. Cars that will appear on the market next year were designed five years ago, and it is too late to make any design changes. We took that into account and designed our gateway so that it will be possible to integrate it into a car even at the late stages of development. The only thing the car needs is support for the installation of a security gateway. That will allow a manufacturer to install our product in practically any modern hardware. We plan to have a gateway prototype this September.

Our vision of a secure connected car

Car companies are not just sitting on their hands; many of them intend to create their own security systems. We are ready to lend them a hand as well — this not our experts’ first year analyzing potential threats for automotive computer systems. Specifically, we see the following potential threat vectors:

Specifically, we see the following potential threat vectors

Essentially, these threats comprise five layers that need protection:

  • Engine control unit (ECU);
  • Car network;
  • Car gateway;
  • Global network access;
  • Car cloud services.

The first four layers can be protected with the help of a security gateway powered by our KasperskyOS and its key subsystem, Kaspersky Security System. KasperskyOS controls all interactions between the hardware components inside an information system and prevents all deviations caused by both internal errors and unauthorized access attempts.

Quite a few other Kaspersky Lab solutions could also prove useful for the automotive industry — not to mention our expert services, such as testing for intrusion and analyzing application security, which we see as particularly applicable to carmakers and manufacturers of components (of V2X systems in particular). Also, the DDoS protection service may turn out to be useful if malefactors would try to “disconnect” a connected car by organizing a DDoS attack on the cloud.

In other words, we look forward to cooperation with the automotive industry and are ready to help manufacturers of cars and their electronic components to resolve any security-related problems for a connected car.