02/11/2016
msg Shares Tips on IT Security for Vehicles
IT security is becoming more and more important in the automotive industry. Instances of cars being hacked are becoming more common, while connecting vehicles to one another and their surroundings increases the number of interfaces and areas exposed to potential attacks. What is the best way to handle these risks? The automotive security experts at msg have put together a few tips on what we need to be aware of when ensuring IT security in the vehicle sector.
- Apply the principles of IT security: The principles of traditional IT security also apply in this new context. Encryption, for example, should still be used for old transport protocols, such as CAN bus. What needs to change, however, is how we view and use these traditional principles, because the environment we are dealing with has changed. Cars now park themselves, drive themselves or - as is the case with electric cars - have to be charged and all of these states affect security, which is why they must be given due consideration when establishing and testing security.
- Secure the hardware: The lowest level exposed to attacks is always the hardware. This is true for both cars and traditional IT security. Just take chip tuning in cars as an example. In this case, any auto mechanic can become an attacker, even if unintentionally. Thus, hardware must be secured in a manner that renders attacks as difficult as possible.
- Integrate multiple layers of security: Similar to traditional IT security, vehicle security is only as good as its weakest link. When attackers are able to penetrate a poorly secured system and then use that system to gain easy access to other systems it poses a huge risk. However, the risk is reduced if other systems are also protected by further layers of security. Defense in Depth – that is the motto here.
- Apply updates: The different forms of attacks change so quickly it is very hard to keep up. That is exactly why it is so important, especially in a field as critical as the vehicle, to make sure IT security is always up to date. Although that does not eliminate the risk of a successful attack altogether, it does reduce the risk quite considerably.
- Create awareness: Just like traditional IT security, the most important factor of vehicle security is making everyone involved aware of the risks and how to handle them. After all, only those who are aware of the risks can take adequate preventative measures and thus reduce the risks.
However, there is one decisive risk when the IT security of a vehicle is attacked, “In contrast to most other risks, when a vehicle is attacked it places people’s lives at risk. When a credit card company is attacked and user data is revealed, it damages the company’s image - and probably its finances,” explains Raphael Friedrich, an automotive security expert at msg. “Although a company may be hard hit by this, a vehicle that is out of control poses a much higher risk. That is why the IT security of a vehicle must be ensured at all costs, because it really does affect the security and safety of the entire vehicle, as well as the safety of the passengers,” Friedrich adds.
