Appropriate security protections are essential to maximizing the benefits of connected cars, and keeping drivers and passengers safe. Every connected vehicle is tied into a network with a wealth of valuable and private information. And we're doing our part to help protect it.
Here are the things every connected car manufacturer and stakeholder should keep in mind:
Telecom companies and car manufacturers need to collaborate now more than ever. As connected car functionality becomes more network connected, and as software updates and downloads become more prevalent on network connectivity, the interdependence of these two platforms will only increase.
As the relationship grows, so should the collaboration between the telecom companies and car manufacturers. This is necessary to deliver greater platform-to-platform security, improved end-to-end security, and most importantly, increased safety for the vehicle's occupants and their surrounding environment.
There are four major risk types against the vehicle and it's important to be prepared for each. The National Highway Traffic Safety Administration (NHTSA) has identified direct cyber threats to four types of data or control:
- Privacy and security
- Unwanted or unauthorized commercial transactions
- Non-safety operational interference
- Safety-related operational interference
These multiple risk points call for end-to-end security between the vehicle and telecommunications platforms. This requires highly secure communication paths outside of the vehicle, as well as the environment that makes up the internal vehicle platform. Providing end-to-end security includes:
- End-to-end security outside the vehicle: Connecting the car as it communicates with the cloud, with specific servers or with individuals.
- End-to-end security inside the vehicle: Between car manufacturers and their suppliers -- including software and hardware suppliers -- along the critical data and communication paths within the vehicle.
In addition to cyberattacks directed against the vehicle, it's also possible for attacks to be directed against the cloud- based platforms that offer connected vehicle services. If these services are compromised, the attacker could exploit vehicle fleet interfaces as well as external-facing commercial and business interfaces to partner organizations.
These services are likely to be attractive targets since they could contain financial data on users, and could ultimately lead to widespread infection.
Telecom companies' role in network security. With that in mind, carriers have an important role to play in helping to secure connectivity to/from cloud services, remote servers and individuals.
Network security should be a core competency for telecommunications network providers. Security features must be designed into the fabric of the communications infrastructure in order to offer highly secure connections to the end-user device.
An effective cybersecurity strategy must recognize the many possible communications paths to the connected vehicle, thus telecom carriers need an effective, layered approach. Further, as carriers work with vehicle manufacturers to deliver more secure vehicle strategies, a comprehensive end-to-end security framework can assist in seeing to it that all the links and parts of each path are highly secure.
To learn more about current initiatives in cybersecurity and how telecommunications companies and OEMs can work together, download the Alliance for Telecommunications Industry Solutions' (ATIS) whitepaper.
— Katie Curtin is the director of Product Marketing Management for IoT Security at AT&T, and Senthil Ramakrishnan is the lead member of the Technical Staff for IoT at AT&T.