Internet of things

This will defend your automotive business against next-gen cyberattacks

A Vehicle Security Operations Center is crucial to protect your automotive business from costly and fatal cyberattacks. Here’s how to get started.

Art by

Paul Sizer

Share article

Cars are more connected than ever before: Onboard music streaming, GPS maps beamed to vehicles via the internet of things (IoT) – they’re computers on wheels becoming more digitized. Traditional automotive manufacturers are transforming their business models to reflect this, with technologies like in-vehicle online marketplaces.

As the automotive industry evolves towards fully autonomous vehicles, security becomes harder to control. But security must be active throughout the car’s lifecycle. Make no mistake, security breaches can be fatal and costly. If you’re manufacturing vehicles with connected capacity, a Vehicle Security Operations Center (VSOC) can increase protection for your business, fleet and customers against cyberattacks. First, let’s explore the changing landscape and its risks.

Connected cars are easy targets for remote hackers and terrorists

Operating systems in connected vehicles aren’t just a personal data goldmine – with audio files recorded by in-car microphones to stored bank details and even Netflix and Spotify credentials leaked on eBay – but they can also control vehicle movement. If a hacker remotely hijacks the operating system of one of your vehicles or even your whole fleet, the consequences could be devastating.
vehicle security operations center, transport, automated vehicle 
Data streams being broadcast through wifiWhether it’s taking control of a Tesla’s brakes, door locks and other electronics, or exposing personal data like Mercedes-Benz – hackers do and will find vulnerabilities in connected vehicles. But why?

Terrorists looking to cause fatal chaos. Hackers out for financial gain (they may shut the engine down and demand payment to start it again.) Even mercenaries spying on executives – think how valuable audio files of confidential merger plans would be to rivals.

Connected cars are a big target for malicious actors. So it’s up to you as the manufacturer to make sure you tighten up security.

What is a Vehicle Security Operations Center?

A Security Operations Center (SOC) is a team that deals with security issues at an organizational or technical level. In most cases, the team uses a platform dedicated to constant monitoring of the organization’s IT infrastructure.

A Vehicle Security Operations Center (VSOC) is the same, but as well as protecting computers and servers, it also protects assets like connected vehicle cloud and fleet management system (which send and receive messages to and from vehicle’s telematics control unit) and the vehicles themselves, mobility servers (phones connected to vehicles) and vehicle internal components like sensors and radars. Two audiences need VSOCs: Automotive manufacturers (like Mercedes or Tesla) and large fleet owners (like logistics companies or taxi firms.)

It minimizes the risks of cyberattacks and, in the event of a breach, triages and treats the cyber-wound. It can also give unwavering diagnostics of your entire fleet (great for ongoing and predictive maintenance) and a wealth of information on how your cars are used, like time and distance traveled, Wi-Fi strength or errors in the engine performance. Perfect for R&D for new models. But how do you implement a VSOC?

VSOC: To in-house or outsource?

There are two ways to create your VSOC: In-house or outsource. In-house means integrating the unit into your current operations, either within your cybersecurity operations, quality assurance or the vehicle software R&D team. On the other hand, you could outsource part or all of the VSOC to a third-party provider. In some instances, this may be helpful to start with, as you may not yet have the cybersecurity infrastructure and expertise.

A full VSOC may be out of scope for a small fleet owner, but if you run a large fleet or you’re an automotive manufacturer, in the long term, it will be most beneficial to your business to establish your VSOC internally.

How to launch your VSOC

Here are some tips to get started:

Create a playbook

Security experts should create incident response playbooks (guidelines) to show how you would respond to specific cyber-threats and how to manage incident communications.

Expand your team’s knowledge

Many cybersecurity teams focus on server infrastructure, not connected vehicles. Implement advanced cybersecurity training to develop the skills of your current team. For example, Kaspersky Cybersecurity Training covers malware analysis, digital forensics and incident response to help a specialist enterprise-level team better face these threats.

Funnel issues straight to your VSOC

Establish a system to escalate vehicle monitoring and diagnostics when needed, so in the event of a breach, it’s sent straight to the cybersecurity teams.

Regular security assessments

Periodically conduct security assessments of your connected car’s infrastructure, both the separate modules (like TCU and mobile apps) and also test how the complete system works together. Share these results with your VSOC team.

Maximize data capture

Investing in onboard vehicle software, like intrusion detection systems, will feed your VSOC with vital information to detect anomalies and other signs that could lead to data breaches. Enrich your VSOC with threat data feeds from at least two security vendors. There are public feeds available, but licensed feeds are typically better quality.

Use white-hat hackers

Make use of the global community of white-hat hackers. These are friendly hackers, trained professionals who find vulnerabilities and make sure your systems are bulletproof. And if they’re not, they’ll give you the diagnosis to fix them. You could also join the likes of BMW and Tesla and launch a Bug Bounty program, which pays people (professional and amateur) for any bugs they find.

Work towards the latest regulatory standards

Future proof to upcoming vehicle regulation laws like Transport UNECE WP.29, and ISO/SAE 21434.

As connected cars and autonomous vehicles speed towards making our roads safer and giving people a more comfortable driving experience, automotive businesses must ensure they’re doing everything they can to protect their products from cyberattacks. A VSOC minimizes the chances of a cybersecurity breach in your plant, on the road and for your customers, so you can focus on building the future of transport.

Kaspersky Transportation Cybersecurity

Secure your connected vehicles and intelligent transport systems with Kaspersky Transportation Cybersecurity, driven by KasperskyOS.

About authors

Mikhail Savushkin has worked in cybersecurity for nearly 20 years. He's currently Solution Business Lead in Kaspersky Transportation System Security.

Andrey Fadin is a Product Manager at Kaspersky, working on transport and new mobility cybersecurity. He’s also interested in alpine skiing, inline skating and volleyball.