Your car may not get a “Check Security” light in the future, but it might get an “Update Software” light. In addition to Drive, Reverse, and Park, it may also get a Safe mode with diminished but sufficient functions to get home or to a safe stop in the event of an automotive security incident.
As automotive systems use more and more electronic control units and greater information sharing inside and outside of the vehicle, computer security and data privacy join safety and reliability as important aspects of vehicle design, production, and operations. Intel is part of a large ecosystem of manufacturers, suppliers, standards bodies, universities, and government organizations collaborating to advance the research and best practices on secure driving experiences. Consumers’ trust and confidence in the security of their vehicles will become as important as reliability and safety when these factors first emerged as critical consumer issues and competitive differentiators.
“Unsafe at any bandwidth” is not a title that anyone wants to see published. Vehicle designers, product engineers, and suppliers are all working to design security that can detect, protect, and mitigate current and emerging threats. While networking in-vehicle systems and connecting cars to the Internet increases the threat level, distributed security architectures and layers of defenses that are intentional and proactive will help secure them from chip to cloud. These layers include:
- Hardware security: secure boot, tamper protection, memory protection extensions, and device identity that defend the operating components from intentional or accidental damage
- Software security: virtualization, software containers, digital authentication, and behavior enforcement that isolate vehicle functions, verify identities, and restrict inappropriate messages and activities
- Network security: firewalls, message authentication, and behavior enforcement that protect messages and personal information while it is in transit inside the vehicle, between vehicles, or to external services
- Cloud security: secure authenticated channels, remote monitoring, threat intelligence, and over-the-air updates that provide real-time connections to additional security services to help detect and correct threats before they get to the car
- Supply chain security: authorized distribution channels, component track and trace, and supply continuity that detect and protect the supply chain from compromise and infiltration of tainted or counterfeit parts
- Data privacy and anonymity: encryption and authentication, data anonymization, and appropriate policies that protect personally identifiable information, control unauthorized data access, and constrain data leakage
These tools and technologies can be designed in to a vehicle, but the vehicle also has to be protected once it has left the dealership -- a lifecycle that can extend for 15 years or more. Increases in computing performance, storage capacity, and development of new attack methodologies could make currently impossible attacks possible. Securing cars over their lifetime means introducing techniques such as firmware and software patches, over-the-air updates, and other countermeasures to quickly close vulnerabilities and reduce the cost of recalls. It also means developing incident response plans that encompass all of the stakeholders, including drivers, owners, manufacturers, suppliers, aftermarket parts, dealers and service operations, emergency or transportation agencies, and security vendors.
There are many open questions in this area, and we are just scratching the surface of the security and privacy issues facing the next generation of vehicles. However, we believe that collaboration on research, development, and operations makes the goal of trusted vehicles and confident driving experiences achievable.