Cloud Security Alliance Releases New Guidance for Connected Vehicle Security

New Report from Internet of Things (IoT) Working Group Identifies Vehicle Attack Vectors and Impacts, Provides Recommendations for Securing the Connected Vehicle Environment.

May 26, 2017

3 Min Read


SEATTLE, WA – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its first-ever research and guidance report on connected vehicle security. Authored by the CSA’s Internet of Things (IoT) Working Group, Observations, and Recommendations on Connected Vehicle Security is a 35-page report that provides a comprehensive perspective on vehicle security connectivity design, possible attack vectors of concern, and recommendations for securing the connected vehicle environment.


"In the near future, connected vehicles will operate in a complex ecosystem that connects vehicles not only with each other and the traffic infrastructure, but also with new forms of connectivity and relationships to cloud-based services, smart homes, and even smart cities,” said Brian Russell, chair of the CSA IoT Working Group. “For a safe and secure transportation system, the community must take a fresh look at the larger picture, and develop the policies, designs, and operations that incorporate security throughout the development."


Observations and Recommendations on Connected Vehicle Security aim to provide a thorough assessment of vehicle security design, which must be flexible enough to adapt to future challenges and be cognizant of unanticipated threats that future disruptive technologies may bring. In the first of three sections, the IoT Working Group provides a detailed and insightful analysis of the evolution of vehicle connectivity towards fully connected and autonomous systems. The next section outlines areas of concern for connected vehicles and lays out nearly 20 different attack vectors and the resulting impacts to the driver or vehicle. Finally, the report evaluates the security gaps that need attention and offers recommendations for enterprise-wide security controls to safeguard the driving public. Automobile connectivity today is evolving on a number of fronts. Platforms designed in the pre-connected era are now being connected in multiple ways. This has allowed security researchers to gain access to sensitive vehicles. Sensitive functions can be compromised via direct access, such as with USB and the On Board Diagnostic (OBD-II) port, or by remote access such as infotainment consoles, Bluetooth, WiFi and cellular devices.


"There are a number of motivations for bad actors to compromise connected vehicle components and technologies, ranging from curious hackers attempting to demonstrate weaknesses, to malicious entities attempting to cause harm, on both small and large scales,” said John Yeoh, senior research analyst at the CSA. “Only through the thoughtful use of disruptive technologies such as big data, machine learning and artificial intelligence can we help build a better, safer and more secure connected vehicle ecosystem."


Nearly 20 CSA IoT Working Group members contributed to the research and development of the report. Lead authors of the report include Brian Russell, chair of the CSA IoT Working Group and chief engineer, Cyber Security Solutions at Liedos, a CSA corporate member, along with Aaron Guzman of SecureWorks, Paul Lanois of Credit Suisse, and IoT industry expert Drew Van Duren.

To download the full research report, visit:

Read more about:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights