Automotive Security: Connected vehicles require new security concepts!

The number of fully networked cars is growing. Every new car already has potential Internet access. On the one hand, this opens up extensive possibilities, but on the other hand, the attack surface for cyberattacks is also growing. Accordingly, the focus is shifting to the relatively new field of “automotive security”, in which only a few service providers have specialized to date.

Cyberattacks in the automotive environment are becoming more likely

Today’s drivers have high expectations when it comes to intelligent functions and communication. But the safety of these features is also a decision criterion when buying a vehicle. Functional safety is less of a challenge here. It has been enshrined in law since 2011 in the form of ISO 26262. More problematic for the automotive industry is the area of cybersecurity, which is becoming a success factor to be taken seriously. The reason: networked and autonomous vehicles have numerous entry points for cyberattacks. These include interfaces to the outside world, diagnostic interfaces and control units, as well as the growing amount of stored, customizable data. Criminals could use these points of attack to manipulate cars or gain access to user data, among other things. Automotive Security aims to minimize risks of this kind.

What exactly is Automotive Security?

First, a distinction must be made between the terms “safety” and “security” in the automotive environment. Safety refers to functions that are intended to protect our lives when using vehicles. Security, on the other hand, is generally concerned with the protection of business-critical and personal information as well as the prevention of unwanted manipulation from outside. Automotive Security can be described as Functional Security considering Cybersecurity.

For automotive companies, the challenge currently lies in particular in the integration of established information technologies while maintaining automotive-specific quality and security standards. At the same time, costs must be kept low and innovations must be realized in ever shorter periods of time. Finally, external cooperations are often necessary to tap the required know-how. But especially when working with third parties, a high level of automotive security should be ensured. In combination, these factors represent an enormous challenge, which is why consulting by experts such as RMTP is recommended.

Specialized consulting services for automotive security

RMTP’s range of services in the automotive security sector is unique in its form. It includes consulting on secure engineering, taking safety into account. Among other things, the experts implement a methodical secure engineering approach using established processes for safety management and Automotive SPICE. The consulting also covers the handling of security and safety in the entire product life cycle. The practical application of ISO 26262, SOTIF (ISO/PAS 21448), SAE J3061 and ISO/SAE 21434, which is currently being developed, as well as the operationalization of Common Criteria specifications round off the portfolio.

RMTP’s many years of experience in the application of engineering processes and numerous projects in the automotive environment – both nationally and internationally – speak for themselves. Another clear advantage is RMTP’s ability to transfer norms, standards, and frameworks into practical use. This applies to SMEs as well as to corporate groups.

 

ON THE TOPIC:

https://www.sp.se/en/index/research/dependable_systems/heavens/sidor/default.aspx

https://www.automotiveisac.com