Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
9/14/2015
11:35 AM
Lorie Wigle
Lorie Wigle
Partner Perspectives
50%
50%

Your ‘Check Security’ Light Is On

Please restart your car in safe mode.

Your car may not get a “Check Security” light in the future, but it might get an “Update Software” light. In addition to Drive, Reverse, and Park, it may also get a Safe mode with diminished but sufficient functions to get home or to a safe stop in the event of an automotive security incident.

As automotive systems use more and more electronic control units and greater information sharing inside and outside of the vehicle, computer security and data privacy join safety and reliability as important aspects of vehicle design, production, and operations. Intel is part of a large ecosystem of manufacturers, suppliers, standards bodies, universities, and government organizations collaborating to advance the research and best practices on secure driving experiences. Consumers’ trust and confidence in the security of their vehicles will become as important as reliability and safety when these factors first emerged as critical consumer issues and competitive differentiators.

“Unsafe at any bandwidth” is not a title that anyone wants to see published. Vehicle designers, product engineers, and suppliers are all working to design security that can detect, protect, and mitigate current and emerging threats. While networking in-vehicle systems and connecting cars to the Internet increases the threat level, distributed security architectures and layers of defenses that are intentional and proactive will help secure them from chip to cloud. These layers include:

  • Hardware security: secure boot, tamper protection, memory protection extensions, and device identity that defend the operating components from intentional or accidental damage
  •  Software security: virtualization, software containers, digital authentication, and behavior enforcement that isolate vehicle functions, verify identities, and restrict inappropriate messages and activities
  • Network security: firewalls, message authentication, and behavior enforcement that protect messages and personal information while it is in transit inside the vehicle, between vehicles, or to external services
  • Cloud security: secure authenticated channels, remote monitoring, threat intelligence, and over-the-air updates that provide real-time connections to additional security services to help detect and correct threats before they get to the car
  • Supply chain security: authorized distribution channels, component track and trace, and supply continuity that detect and protect the supply chain from compromise and infiltration of tainted or counterfeit parts
  • Data privacy and anonymity: encryption and authentication, data anonymization, and appropriate policies that protect personally identifiable information, control unauthorized data access, and constrain data leakage

These tools and technologies can be designed in to a vehicle, but the vehicle also has to be protected once it has left the dealership -- a lifecycle that can extend for 15 years or more. Increases in computing performance, storage capacity, and development of new attack methodologies could make currently impossible attacks possible. Securing cars over their lifetime means introducing techniques such as firmware and software patches, over-the-air updates, and other countermeasures to quickly close vulnerabilities and reduce the cost of recalls. It also means developing incident response plans that encompass all of the stakeholders, including drivers, owners, manufacturers, suppliers, aftermarket parts, dealers and service operations, emergency or transportation agencies, and security vendors.

There are many open questions in this area, and we are just scratching the surface of the security and privacy issues facing the next generation of vehicles. However, we believe that collaboration on research, development, and operations makes the goal of trusted vehicles and confident driving experiences achievable. 

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/14/2015 | 12:31:15 PM
Multi-Factor Authentication
Multi-factor authentication should still be a pivotal point in updates for cars. A physical device to ensure you are you and a secure channel from the provider with a code sent from this channel to the device would be a good start.


Otherwise, the risk is too high for an everyday task that already has critical danger involved.
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...