Keeping Connected Cars Safe and Secure
March 26, 2020
In connected cars, we need a two-way connection from the vehicle to a central server in order to roll out updates, enable new features, and gather data.
In connected cars, we need a two-way connection from the vehicle to a central server in order to roll out updates, enable new features, and gather data. This can reduce recall costs, provide predictive maintenance and remote diagnostics, and improve the driver’s experience.
To achieve this, the best method is to use over-the-air (OTA) technology, based on wireless connections such as 4G (and eventually 5G), to link each car to the cloud. We also need to ensure that this link reaches all electronic devices in the car, including high performance computing devices (HPCs), electronic control units (ECUs), and sensors.
With more than 50 major automotive Tier-1 suppliers, and more than 30 major OEMs, there is a true need for standardization. Only by working towards a single, standard data pipeline, can the industry manage this complexity efficiently. The eSync Alliance is an open trade association that has been formed to promote and develop such a standard data pipeline. As well as standardization, eSync specifications enable the customization of policies and OTA processes to conform to localized requirements.
It is easy to see how standardizing such a data pipeline benefits efficiency, but what about security?
Because OTA, by definition, means connectivity between the vehicle and the outside world, interference by outsiders is rightly defined as a threat. The industry has already seen some high-profile examples of cars being hacked from an external source, and it’s obviously vital for safety reasons that vehicles are protected against rogue tampering to inject malfeasant code, and even accidental corruption of information.
With highly personal data being gathered by in-car systems, it’s essential that this information is kept secure. Governments are increasingly clamping down on data privacy, with regulations such as the European Union’s GDPR setting strict requirements, enforced with potentially huge fines. UNECE (the United Nations Economic Commision for Europe) is now working on harmonizing vehicle regulations with its work party WP.29, which aims to enable innovation in vehicle technology with a focus on vehicle safety across EU countries.
At the same time, the growth of IT means that the demand for cyber-security experts is exploding across many other industries. It is simply unrealistic to expect every OEM and Tier-1 to be able to put in place the necessary skills and resources to ensure cyber-security at the highest state-of-the-art levels.
As an industry we face the dilemma of many surfaces of attack – it is entirely simplistic to think that only the cloud-to-car interface needs to be secured, and yet we have no common approach for how the OTA data reaches the end devices in our vehicles. An industry where each participant determines their own approach will exhibit a far greater vulnerability to attack – any chain will only be as strong as it’s weakest link.
A common approach, on the other hand, enables collaboration. An open consortium draws many interested parties together – OEMs, suppliers, cyber technology sources – to speed up recognition of vulnerabilities and implementation of solutions. It also means proposals to improve security are reviewed by multiple parties and industry experts, so that the standard may be enhanced to remain at the leading edge of industry practice, so that we can continuously improve as we fight back against evolving cyber threats.
Building a standard pipeline ensures the weakest link is at least as strong as the standard, giving us our best ability to keep tomorrow’s connected cars secure, safe and reliable – no matter what the hackers try next.
OTA Considerations: A blog post series by members of the eSync Alliance, an open industry consortium dedicated to automotive OTA software standards. www.eSyncAlliance.org
About the eSync™ Alliance
The eSync™ Alliance is an industry initiative to drive a multi-company solution for over-the-air (OTA) updates and diagnostics data in the automotive electronics space, potentially saving billions of dollars per year for automakers. By working together in the Alliance, companies will benefit from a simplified development environment made possible by a standardized yet customizable open platform. The Alliance released version 1.0 of the eSync specification in April 2019. A synopsis is available at https://www.esyncalliance.org/downloads/
eSync is a trademark of the eSync Alliance. More information about the eSync Alliance is available at www.eSyncalliance.org
Excelfore is a member of the eSync Alliance. www.excelfore.com