2 Ways to Limit Cyber Threats in the Connected Car

Just days from now, the Auto-ISAC will be having its annual conference.

And things are moving incredibly fast around best practices for those in the autonomous and connected vehicle industry.

The rest of us will depend on their work to keep us safe as technology takes over for the human driver. 

Tom Gage, CEO of Marconi Pacific, outlined the potential threats on a recent Auto-ISAC community call, reminding listeners that autonomous cars will be controlled by and potentially at risk from silent interactions.

"Who controls these interactions, how do they happen? Sometimes it’s not related to the OEM, it’s an agreement between services. But as more connectivity is coming through the car, we do not want to add to risks. We want to manage and control those risks,” he said.

But how does the industry—which is racing to market like so much of the IoT—go about securing these vehicles from bad actors?

2 ideas to help secure connected, autonomous vehicles

During the Auto-ISAC call, two key ideas emerged:

1. Create some sort of central and secure connectivity hub within the vehicle. All outside connectivity must pass through this before gaining access to any vehicle systems. This means the pump at the gas station, a passenger who's using the vehicle's Wi-Fi to surf the web, or your cloud navigation service. Everything must pass through and be granted access by this module.
2. Create a central online marketplace for all apps that will connect to cars. In other words, an Apple App or Google Play store for car apps. This means these apps are screened for best practices around safety and cybersecurity in addition to functionality before they can even be available to download. This could require apps to be encrypted or even have valid security certificates.

And these are just two ideas of many that must be considered, as our cars become as connected as our phones but with safety on the line.

“First we have the car, which is our endpoint," said Dennis Niles of TELUS. "Then we have the actual connectivity aspect or network domain, typically 4G soon to become 5G, and then we also have the wireline aspect that drives that connection all the way to the back end."

And that kind of connectivity demands collaboration, according to Gage. “By getting more people working together with different industries and attracting white hat hackers to work with us to find and define weaknesses, that will be great.”