The Alliance for Telecommunications Industry Solutions (ATIS), which has traditional worked within the information and communications technology (ICT) industry but has recently reached out to collaborate with automobile OEMs, released a whitepaper that looks to create new security rules and guidelines to better protect connected cars.
ATIS published the whitepaper, entitled "Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives," on August 10.
While OEMs already have existing, one-on-one relationships with many telecoms, chip makers and service providers, the goal of the ATIS whitepaper is to ensure all the different players within the connected car market agree to basic guidelines regarding cybersecurity, especially as more and more software is written for cars with updates to that software transmitted over wireless networks to vehicles on the road.
"Vehicles are going to be receiving software and communication links over networks and those networks need to be as secure as they possibly can be," said Tom Gage, CEO and managing director of Marconi Pacific, who also chairs ATIS' Connected Car Cybersecurity Ad Hoc Group.
"They are already secure vis-à-vis delivering text and data and voice to cell phones, machine-to-machine and IoT, but the vehicle world is very important because of the high risk associated with vehicles getting out of control as they have software that increasingly controls how they function, and, ultimately as they become full automated vehicles," Gage told The Connected Car.
Gage called the whitepaper the beginning of a dialogue between the ICT industry, ATIS, and car and trucks OEMs. "The whole industry needs to be secure and the whole industry needs standards," Gage added.
ATIS also works with the Information Sharing and Analysis Center (Auto ISAC), which helps share best practices among OEMs.
Specifically, the whitepaper finds that there is a growing need for end-to-end security, especially as OEMs write more software and then send that software, along with updates, to their fleets, whether those are commercial trucks or passenger vehicles, over networks.
Not only does the software need to be written and developed securely using best practices, but vehicles need VPNs, firewalls and other technologies to ensure that the transmission of that software remains secure.
The second significant point is securing all the different networks that work within these connected cars, including wireless, WiFi, fixed-line networks, Bluetooth and satellite technologies.
"This is about stepping back and looking at the vehicle platform in its entirety and all the paths into it in the same way you would a host," said Jim McEachern, a senior technology consultant for ATIS.
The main security threat that ATIS is looking to address is malware that can overtake an individual vehicle or even a fleet of vehicles.
Since this type of cybersecurity approach is still fairly new, Gage said the next step is to continue talking with OEMs about these issues, along with ATIS and the whole ITC industry.
"We expect some of those discussion will bubble up to become the beginning of industry standards and best practices," Gage said.