BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

How To Build A Secure Connected Car

IBM

By Chris Poulin, IBM

Cars are headed to the cloud. The hottest trend right now in the auto industry is the connected car. And the cloud, with its massive storage, processing, and analytical heft, will power this shift to wired cars. In fact, the auto industry is one of many industries that are working on making their business secure in the cloud.

The momentum behind the connected car is unstoppable. We’ve already seen how cars networked to auto makers’ safety and assistance services help to save lives. In addition to linking with smart devices, we are now seeing cars that can swap signals from sensors in traffic lights, buses, and signs along the road to warn of accidents and cut congestion.

In fact, the U.S. Department of Transportation sees such potential that it’s enabling vehicle-to-vehicle, or V2V communication, ushering in a future where cars on the road will automatically swap data such as speed and direction, sending alerts to avoid crashes or traffic snarls. And with all the time we spend in our cars, it makes sense that they should become personalized digital assistants, offering up more than just maps.

And all of this functionality is enabled by the cloud. Vehicles send telemetry to -- and accept control commands from -- the manufacturer, maintenance services, and to each other. Cars can even link up with smart devices in our homes and offices. The cloud is the medium through which this interconnection is mediated and secured.

Our cars will continue to become smarter. But the flip side of these new capabilities is that they’ll also be open to a new host of security and privacy threats. The connected car could make our cloud services, e-mail, text messages, contacts, and other personal, financial, and work data vulnerable to hackers. Burglars could determine vehicle location provided by the vehicle’s GPS to monitor when a home’s occupants are miles away. Hackers can gain access to vehicle networks and wreak havoc on traffic and even threaten the safety of a vehicles’ occupants.

Which is why it’s crucial that we design security into the connected car from the ground up. In a recent IBM Institute for Business Value study, "Driving Security: Cyber Assurance for Next-Generation Vehicle," we found three areas for automakers and partners to focus on when creating connected car features:

1. Design Secure Cars: Security starts with the car. The design process should be laser focused on security from get go. Which means outlining and testing the risks and threats each component, subsystem, and network that the connected vehicle will be exposed to once it leaves the car marker’s production line. Every software and hardware component and system has to be designed with security as a first order of business.

2. Create Safe Networks: In a system as far flung as connected cars will create, security has to be designed especially for and built into every component. Communications should be encrypted. All the organizations providing services that connect roadways, cars, and devices need to protect their networks and monitor transactions to detect suspicious activity.

For instance, automakers’ networks should uniquely identify and authenticate users and control access to remote services. Just as crucially, the equipment on the road that will connect cars together, such as traffic lights and toll lanes, has to be secured from tampering. For example, someone could wreak havoc by falsifying traffic conditions and rerouting all vehicles to a surface road when there is, in fact, no traffic jam on the main artery. As you could imagine, this could be used maliciously by cyber criminals that are after more than just sensitive data, ensuing chaos in a major city.

3. Harden the vehicle: In the 1950s and ‘60s, it took a mechanical engineer to design vehicle control systems; now it takes a computer scientist. A typical luxury car contains around 100 million lines of software code, which are managed by between 70 to 100 electronic control units, or ECUs. These used to be closed systems that required a toolbox and mechanic’s creeper dolly to be tampered with. But by opening them up through mobile networks, Bluetooth, USB ports, and even near-field communications (NFC) sensors, cars are now at risk of remote hacking.

To protect the connected car, a technology redesign is necessary from the electronic control unit (ECU) level up. Car makers need to assess whether these ECUs are tamper-proof and decide which controls and messages they should be allowed to send. Car makers also need to analyze the patterns of data being sent to, from, and within vehicles to pinpoint changes that may be a sign of malicious activity.

In-vehicle infotainment (IVI) units need to be hardened against tampering and to protect the privacy of the driver’s and occupants’ data. And automakers and partners need to enable ECUs and IVIs to be updated over the air as soon as software patches are available and with a guarantee that the image hasn’t been tampered with by hackers.

The car as we know will never be the same. But for the connected car to be a success, we have to be able to trust it. And that trust has to be built into tomorrow’s cars from the inside out.

More from IBM Smarter PlanetVoice:

To learn more, visit ibm.com/cloud or join the conversation at #ibmcloud.

Chris Poulin is an X-Force Security Systems Research Strategist for IBM.