Cars Need to Be Individual Cyber-Fortresses
Carmakers should make vehicles as individual cyber-fortresses and ditch the idea of trying to secure a whole network.
That’s the opinion of Richard Hayton, chief technology officer from connected car security company Trustonic. Speaking to TU-Automotive he said: “The idea that the cars are built on the concept of a secure network, which nobody will tamper with, is very much being brought into question.” He said other industries have come to terms with working with unsecure networks and then building the security into the end-use level.
He explained: “Fundamentally, we need to get rid of the idea of a secure network. In general, we don’t tend to consider computer networks to be secure anymore, because an attacker can gain access. Instead, each computer is individually secured and they each have an identity, encrypting and authenticating between each other. So, basically don’t trust the piece of wire or the Wi-Fi network. The same is happening in cars. It’s the right approach and is almost universally accepted in the auto industry but that doesn’t mean it’s going to happen soon.”
He said security has to be applied at the car’s system processor level to be truly effective against hacking. Hayton explained: “These processors number around 200 in a modern car. Previously, they would be on a secure network bus. If I press the button to raise or lower a window, it wouldn’t be connected to the motor that carries that out. All of these things are little nodes on the central network, which previously would have been considered secure. This happens for all sorts of things, from windscreen wipers to brake pedals. However, now we know the network is not secure, so instead the processor controlling each individual thing has to be secure.”
Increasingly carmakers such as Volvo are turning their security concerns to the supply chain embedding digital holograms into their manufactured parts in an attempt to stop them being faked. Hayton said: “What that means is that the device can later prove that it was given one of those holograms and, more importantly, because each hologram is unique. If somebody in the supply chain tries to copy a batch of those and put them on lots of different parts, so for example if someone builds more than they were supposed to. We can detect that duplication when those try and prove that they’re genuine when they connect to an online system and we can detect not just that there was fraud but at what stage in the supply chain.”
