[Software] Protecting the Software-Defined Vehicle

[Love Pulse]

 

The move toward software-defined vehicles is sparking a wealth of safety, comfort and convenience innovations — and the innovations don't stop when those vehicles leave an agency. Through over-the-air (OTA) updates, the software that runs a vehicle can continue to evolve and improve throughout its lifecycle, delighting consumers for years to come.

- ads -
This is a powerful ability, but it requires an approach to development that always has cybersecurity in mind. Attacks may come from physical access to the vehicle, or even via Wi-Fi or Bluetooth, but cellular communications mean an attacker can access the vehicle's systems from anywhere in the world.

To secure these communications and protect the vehicle's software, the auto industry must adopt a "damage tolerant" position. That is, even after establishing a relationship with an external entity, the systems in the vehicle must assume that the entity may have been compromised and could cause damage to the systems.

Proactive and interactive
Cybersecurity must be integrated into corporate operations from the start – from design and development to manufacturing – and a “do harm” mindset helps guide automotive software and hardware developers to create systems with cybersecurity built into them, at all levels. It focuses on actions to be taken, rather than identifying and defining access rights.

- ads -
Actions taken by the vehicle's systems can be proactive or reactive.

Proactively, for example, the system may require that every OTA communication it receives be formatted exactly as specified in the relevant communication protocol - regardless of whether or not the source is verified. This helps protect against cyberattacks that intentionally use misleading packets to open a vulnerability. If a connection arrives that does not conform to the protocol, the system can either ignore it or simply send a reply back to the sender to indicate that there is an error.

- ads -

 

Reactively, the vehicle systems should respond in a secure fashion to any events. For example, if the vehicle goes a long time without being able to establish an OTA connection, the systems could potentially shut down certain subsystems to prevent harm. Similarly, if an intrusion-detection system sees that a component has been infected with malware, the system should be prepared to shut down that component.

Diligence in software and hardware
As the name implies, in a software-defined vehicle, every capability that is added to a vehicle brings along its own software. As automotive ecosystems grow and evolve, that software could come from multiple suppliers. Software from different suppliers may run on the same hardware platform, and applications may communicate with one another.

- Advertisement -
All of that software must be analyzed for threats and common vulnerabilities, through software composition analysis, penetration testing and periodic risk assessments. This environment requires defense-in-depth strategies, including secure updates, secure boot, identity access management, isolation-through-virtualization techniques and more.

- Advertisement -
On the hardware side, the microchips used within a vehicle's electronic control units must also be secured. That hardware could potentially include commercial off-the-shelf chips. Examples of secure hardware capabilities include secure storage, tamper detection, hardware acceleration for crypto-algorithms, secure firmware upgrades, secure key updates, secure boot, secure debug and other features.

These strategies are important for hardening systems against attacks, and they are also necessary to help build trust in the software-defined vehicles that are rapidly reshaping the automotive industry with their compelling advantages. Vehicles are no longer closed systems, and any security approach must recognize and account for it, from the hardware to the software to the communications systems. With an “assume harm” approach, the system is always on guard, with a rigorous take on cybersecurity at every step