Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 15 subscribers
  • Views 1759 views
  • Users 0 members are here
Options
You may also be interested in
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automotive Cyber Security

Deborah-Claire McKenzie
Connected vehicles have numerous potential benefits for convenience, safety, travel time and access to mobility, and the features that deliver these have become essential selling points. Advances in autonomy will increase the number and types of connections and travellers’ reliance upon them. In 2020, most new vehicles are connected vehicles and many have online connections to safety-critical systems, putting them at risk of deadly hacks. It’s not clear that the automotive industry is fully equipped to deal with this and they may even be deceiving the public about their lack of preparedness.


In response to these challenges, the new UNECE WP.29 type approval regulations for cybersecurity and over-the-air (OTA) updates enter into force in January 2021. The cybersecurity management standard ISO/SAE 21434 “Road Vehicles – Cybersecurity Engineering” is also hotly anticipated next year. But is the industry ready?

Stepping up in this connected world is a major challenge for the established automotive industry and Intelligent Transport Systems (ITS) providers. A number of these challenges can’t be solved without addressing deep-rooted issues such as reluctance to collaborate, a lack of specialised security talent, and engineering processes that don’t consider security throughout the lifecycle.


The ARTS TN have organised a webinar on Automotive Cyber Security on 21 October 2020 at 11.00hrs BST. Ahead of the webinar we’d like to hear your views on the following questions:


•    How well are automotive and ITS businesses positioned to deal with security in their products and services? 

•    What do the various industries need to do to create conditions where security can be assured by design throughout the lifecycle of their products and services? 

•    What are the gaps, how big are they, and what capabilities are needed to address them?


If you have other questions that you’d like to post here, we will also consider these for discussion by our experts in the Q&A panel during the webinar.

Parents
  • 0
    Here are some further responses to questions we didn't get around to answering on the forum. This time Aileen Ryan from UltraSoc/Mentor has responded.

    Q: Your growth figures appear to assume  personal vehicle ownership. What is the incentive of vehicle ownership where the 'pleasure' of driving the vehicle is removed.  Is there not a fundamental flaw in the reasoning behind use of autonomous vehicles?
    Aileen: Growth figures come from the McKinsey report.

    Q:To what extent do analytics increase the attack surface? How can this be mitigated?
    Aileen: There are a number of layers to this answer. 1. The embedded analytics system comes with its own security capabilities using a combination of locks and gateways to validate and authorise access. The exact implementation mechanism is typically decided by the customer and typically they link it with other security mechanisms that they are using within their existing  architecture. 2. The embedded monitoring system is designed to be generally non-intrusive. It does not share messaging fabric with the functional part of the SoC. 3. Attacks on actual hardware are seldom seen today as usually they require a lab environment and specialist equipment (i.e. they are not practical to execute). Of course this could change in the future.  

    Q: Any thoughts on early warning system for these technologies to minimise harms. 
    Aileen: Yes, this is exactly the kind of capability that this technology enables - the ability to see problems faster than any other possible solution, and, at a minimum, raise an alarm (early warning) or better still, take steps to mitigate the risk "at hardware speeds" if possible.
Reply
  • 0
    Here are some further responses to questions we didn't get around to answering on the forum. This time Aileen Ryan from UltraSoc/Mentor has responded.

    Q: Your growth figures appear to assume  personal vehicle ownership. What is the incentive of vehicle ownership where the 'pleasure' of driving the vehicle is removed.  Is there not a fundamental flaw in the reasoning behind use of autonomous vehicles?
    Aileen: Growth figures come from the McKinsey report.

    Q:To what extent do analytics increase the attack surface? How can this be mitigated?
    Aileen: There are a number of layers to this answer. 1. The embedded analytics system comes with its own security capabilities using a combination of locks and gateways to validate and authorise access. The exact implementation mechanism is typically decided by the customer and typically they link it with other security mechanisms that they are using within their existing  architecture. 2. The embedded monitoring system is designed to be generally non-intrusive. It does not share messaging fabric with the functional part of the SoC. 3. Attacks on actual hardware are seldom seen today as usually they require a lab environment and specialist equipment (i.e. they are not practical to execute). Of course this could change in the future.  

    Q: Any thoughts on early warning system for these technologies to minimise harms. 
    Aileen: Yes, this is exactly the kind of capability that this technology enables - the ability to see problems faster than any other possible solution, and, at a minimum, raise an alarm (early warning) or better still, take steps to mitigate the risk "at hardware speeds" if possible.
Children
No Data

Community Rules & Guidelines