NHTSA and DOT
One of the biggest concerns about autonomous vehicles should be your car getting hacked. The U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) has proposed a multi-tiered solution to ensure vehicle systems are designed to take actions to prevent hacking, but also to take action if the hacking is successful.
In a recent automotive cybersecurity study conducted by the Ponemon Institute,
* Knowledge: 39% of those polled believe that automakers are not as knowledgeable as other industries about the secure platform
development, bringing the lack of basic knowledge to the forefront of barriers.
* Technology: Only 40% of supplier respondents (versus 54% for OEMs) stated that they have the enabling technology to
ensure automotive development is secure.
* Training: Just under half (49%) of those surveyed believe engineers and developers have the proper training in insecure
architecture and coding practices.
In a press release, NHTSA recommends the industry self-audit and consider vulnerabilities and exploits that may impact their entire supply-chain of operations. They also recommend employee training to educate the entire automotive workforce on new cybersecurity practices and to share lessons learned with others.
* NHTSA is focusing on solutions to harden the vehicle’s electronic architecture against potential attacks and to ensure vehicle systems take appropriate and safe actions, even when an attack is successful.
* A layered approach to vehicle cybersecurity reduces the probability of an attack’s success and mitigates the ramifications of potential unauthorized access.
* The automotive industry should follow the National Institute of Standards and Technology’s documented Cybersecurity Framework, which is structured around the five principal functions “Identify, Protect, Detect, Respond, and Recover,” to build a comprehensive and systematic approach to developing layered cybersecurity protections for vehicles.
This approach should:
* Be built upon risk-based prioritized identification and protection of safety-critical vehicle control systems and personally identifiable information;
* Provide for timely detection and rapid response to potential vehicle cybersecurity incidents in the field;
* Design-in methods and measures to facilitate rapid recovery from incidents when they occur; and
Institutionalize methods for accelerated adoption of lessons learned across the industry through effective information sharing, such as through participation in the Auto ISAC.
I spoke with Ian Simmons Vice President of Business Development, Research, and Development, Magna International recently. Magna is the top Automotive Supplier in sales in the United States. Magna International Inc. and Israeli headquartered Argus Cyber Security Ltd., “Argus have a very robust that we can integrate into our electronics systems, gateways, and domain controllers that we enable us to can offer complete solutions to OEMs.” It would allow for updates to be over the air as well.
In the press release, Magna clarifies, “The Argus technology is a ready-to-embed, cybersecurity solution for automobiles and aftermarket connectivity platforms. The solution protects a vehicle’s critical on-board systems from being hacked and can be seamlessly integrated into any vehicle product line with no changes required to the vehicle’s architecture. The technology is applicable to any connected vehicle, anywhere in the world.”
“Through this partnership, Magna brings a comprehensive range of automotive electronic systems, as well as safety-critical system design expertise, while Argus delivers its Intrusion Prevention System (IPS) solution and cloud-based monitoring service, resulting in a complete integrated package.”
“With the connected car market growing, the need to have a protected environment and secure data is becoming more urgent and we are taking a proactive approach in delivering a solution to our customers,” said Swamy Kotagiri, Magna’s Chief Technology Officer. “We feel confident in the Argus team, their expertise, and speed-to-market. In addition, this partnership is key to our focus on vehicle-based connectivity solutions as a core part of our electronics strategy.