Vous êtes sur la page 1sur 1

VIEWPOINT

A SELF-DEFENSE STRATEGY FOR


VEHICULAR CYBER SECURITY

Providing cyber security protection is the next frontier for the automo- What’s wrong with testing for “holes” in a
tive industry, and every major automaker is stepping up efforts to vehicle’s electronic network?
make its vehicles more secure against possible attacks. Developers You simply cannot plug all the holes open to a hacker. It is
are rethinking system design. Many companies are employing like trying to plug all the holes in a fishnet. And the failure to
“white hat” security experts to probe for weak points through which find a hole doesn’t verify the system is secure. It tells you
a malicious attacker could penetrate a car’s electronic network. only that the testers who tried were unable to break in. In
These approaches help, but they are not enough and take recently publicized vehicle hacks by “white hat” cyber security
time to develop, cautions auto cyber security expert Anuja experts, it took months of effort—and physical contact with a
Sonalker, vice president of engineering and operations, at vehicle—to find a way in. But they did get in.
TowerSec. She says the simplest way automakers can defend
against a malicious attack, or even a Trojan car threat, is to How does TowerSec approach the threat?
create “smart” firewalls, adopt systems that can detect attacks TowerSec believes the answer is a robust intrusion detection
should something manage to penetrate the system and secure system that detects and stops the attack before it completes.
over-the-air updates (OTA). Together, these will give plenty of Our ECUShield software does just that.
opportunity to detect, defend and adapt as the attack shifts. TowerSec’s embedded software uses proprietary
algorithms that watch over the vehicle’s networks. They
How big is the threat? can detect rogue messages on the network, kill them and
It’s no secret that vehicles today are vulnerable to hacking invalidate future rogue messages. The software “learns”
and compromise. It’s also true that it takes a lot of skill to hack the intended behavior of the vehicle and builds an ability
a car today because there are many layers and steps to go to defend the system if it detects messages that would go
through before reaching critical systems. But it is possible to beyond those parameters. It can be configured to detect and
break through, and that alone makes it a problem. Federal report anomalies and, if prevention is turned on, automati-
agencies are reacting and automakers have launched recalls cally take steps to counteract a threat.
to fix security issues no matter how unlikely they are. ECUShield even protects vehicles against hacking
A federal court ruling that likely future harm is sufficient to sue from a remote location. Once inte-
opens the door to more class-action lawsuits by victims of cyber grated into a vehicle’s ECU or
attacks. According to “7 Tactics for Winning the Cyber War” by the telematics control unit, ECUShield
law firm of McDonald Hopkins, board members may “find them- provides continuous monitoring
selves in the crosshairs of shareholder derivative action alleging and prevents malicious commu-
breach of fiduciary duty and/or regulatory enforcement actions.” nication from reaching mission
critical systems inside the vehicle that could put lives and
What is the scope of this problem?
personal data at risk. In short, it turns any ECU into an
It’s rapidly increasing as cars add more features that rely upon Intrusion Detection and Prevention (IDS/IPS) system and any
input from sensors used in everything from tire pressure moni- gateway ECU into a smart firewall.
tors and lane departure warning systems to Bluetooth-enabled ECUShield is flexible and can quickly be integrated
infotainment features and insurance company dongles. Today’s into all vehicles, both new and used, with no redesign. Our
well-equipped cars already contain hundreds of sensors, and their TCUShield does the same on fleets.
electronic systems trust the input from these devices. Tomorrow’s
self-driving cars will rely on even more sensors to make decisions. Are there future cyber issues to consider?
A Gartner study says that by 2020 there will be 250 million We believe autonomous vehicles, vehicle-to-vehicle and
connected vehicles on the road. That is a potential cost of billions of vehicle-to-infrastructure communications will attract many more
dollars for the automakers and their suppliers should they be hacked. hackers, because the reward—capturing personal information
about drivers, for example—is greater. There’s also a huge
What’s the best way to enhance a vehicle’s potential for damage. For example, a connected car that has
cyber security? been hacked could signal cars behind it there is no traffic jam
One way is to start from scratch, but this is very costly and not ahead when in fact there is. This could cause collision problems.
very practical. TowerSec recommends a review of existing archi- A hacked car could cause other vehicles around it to ignore
tectures so it can suggest improvements. This is incremental and a traffic light. A compromised vehicle also can become a “Trojan
not nearly as expensive, but it needs support at all levels within car” by providing hackers with an access point and conduit to
the company to be successful. The ultimate goal is to integrate other more lucrative networks such as financial networks, where
testing by the carmakers with the activities of their tier one suppli- they can mine personal information.
ers. This means designing and building security measures into
systems and then testing the outcome. Fortunately, the auto Click HERE to learn more about TowerSec or visit http://
industry is very good about testing and validation. tower-sec.com.