For Connected Vehicle Security, Collaboration Is Key: Survey

Collaboration among the stakeholders in the connected vehicle ecosystem–from OEMs to suppliers to traffic infrastructure managers–will be crucial to securing the connected transportation industry, according to the Cloud Security Alliance (CSA).

It was one of the themes in an extensive set of findings and recommendations on connected vehicle security in a whitepaper issued by the global non-profit that works to raise awareness of best practices to protect cloud computing environments. Increased connectivity imperatives are meeting vehicles and infrastructure that were not designed with this connectivity in mind; as a result, the connected vehicle community needs to develop policies, designs and operations to incorporate security throughout design, according to the report. 

“The overall success related to securing the connected transportation industry will require all stakeholders to come together and share information about vulnerabilities, threats and attacks,” the report’s authors wrote.

CSA lends thoughts on ways to increase collaboration among the key players, touching on the importance of both government regulation and privately fueled efforts. Consortiums such as the various Information Sharing and Analysis Centers (ISACs) are good starting points, it said, and additional capabilities for sharing and cataloging indicators of compromise “would be a welcome advancement.” The authors said that government organizations should provide guidance about secure implementations of communications technologies used by connected vehicles.

“Overarching security architectures must protect communication points from attackers aiming to infiltrate CV components and ancillary components within infrastructure,” the report’s authors wrote.

Industry experts and leaders said the key to successfully securing this ecosystem will hinge on striking a balance between establishing connected vehicle security standards, for instance, that will allow researchers to look for one set of vulnerabilities, while being sensitive to the demands of automobile manufacturers, which will view unique implementations of connected technology as a competitive advantage.

“They need to collaborate because security is a fundamental capability,” said Chris Kocher, co-founder of San Francisco-based Grey Heron, a management consultancy specializing in IoT and disruptive technologies. “There will likely be broad guidelines the government will put in place, and within those bounds, automotive companies will do things to differentiate themselves.”

For their part, most automobile manufacturers agree that connected vehicle security is everyone’s concern, according to David Miller, CSO of Covisint. A security breach in an autonomous car could have devastating consequences, and as such, has the ability to wreak havoc on brand value across the industry.

“As long as the connected technology becomes a differentiator, they’ll keep it much more proprietary and close to the vest,” Miller said. “But I think the first thing they’ll let out is the security aspect, because an incident affects all of them.”

What’s more, the automotive industry may be uniquely poised for this collaboration, having historically come together to standardize parts that weren’t viewed as a competitive advantage.

“They understand this idea of the things that don’t make them competitive,” he said.