Intel, the manufacturer of the majority of chips and processors included in most personal computers on sale today, have now started investigating and developing new methods of hack-proofing automobiles.
Software security is increasingly a big challenge for automakers with new technologies filling our cars in today’s market, and it’s one more headache for the regulators at the National Highway Traffic Safety Administration to keep up with too. That is where Intel plans to step in.
The plan is to organize what they are calling an Automotive Security Review Board. Teams of researchers will test and develop techniques and strategies to make the software in our cars more secure. From Intel’s proposal:
“Computer attacks are now a clear and present danger for car users, dealers, manufacturers and suppliers. Computer security joins reliability and safety as a cornerstone for consumer confidence and continued success in the automotive industry.”
The company has already released a “Best Practices” sheet of suggestions for automakers to follow to increase the security of their vehicles and hopefully prevent future remote-wireless hacking.
The basic points of interest Intel outlines in the report are hardware security to prevent intentional or accidental damage to the systems of the car, software security to protect the overall vulnerability of the system - or the attack surface, network security to protect consumer information and privacy, cloud security to insulate ongoing and real-time updates to the car and ensure they don’t jeopardize the system, and supply-chain management to ensure the safety and security of the physical components going into the vehicle.
The release mentions that the more complex, advanced and sophisticated systems are larger targets for hackers, with a diagram of their fifteen most hack-able or exposed features on a modern car:
A major focus of the report is authentication of communication between different components of the car. The majority of systems on a car will communicate with one another at some point, as well as communicating with outside systems. The big stress is on having a method of authenticating where a signal or request is sent from, and having the car only communicate with signals it recognizes from a familiar source. This is done with pre-approved components and creating clear pathways with strong protection.
Supply chain security is also a big focus, with Intel encouraging that safeguards should be developed at every level of the vehicle’s design and manufacturing:
Each operational area [of production] should do ongoing risk assessments independently from the others and implement controls appropriate to local operations. However, it is recommended that each area also invite peer reviews by representatives from other operations to enable coordination among functions and to promote sharing of best practices.
That makes a lot of sense, and will allow for specialized security for each department, but all along the same authenticated communications path by each area involved in the full development process.
Intel also claims that security development and implementation is vital throughout the lifecycle of the car, just as other, more traditional safety features are held to certain standards throughout the entire lifetime of a product.
For those of you worried about the safety of your information, the sheet goes on to point out (emphasis mine):
With next-generation cars, these layers [of security] include hardware-based protection in and around the ECUs, software-based in-vehicle defenses, network monitoring and enforcement inside and outside the vehicle, cloud security services, and appropriate data privacy and anonymity for bumper-to-cloud protection. The key tenets of data privacy and anonymity must be safeguarded while ensuring the security of the automobile .
Intel’s release also analyzes the behavior of the typical business model and manufacturing process, as well as the behavior of systems once the vehicle is passed on to the consumer and gone into the big, scary world. This diagram identifies the various connections a car makes to the networking world around it, suggesting the multiple avenues of risk from a remote hack.
The modern car is so much more than just powerplant and frame, with computers controlling an increasingly high number of traditionally-analog functions. The development of a strong and safe system for the many components of your car is now one of its most vital developmental foundations.
Intel stepping into the cyber-security game for the auto industry seems like a great idea. A clear set of eyes with no influence from an automakers tight production timeline, and with enough backing and support to actually accomplish effective and substantial research, Intel looks to nicely fill the gap left between the development teams in the automotive industry and the lacking resources of government organizations like the NHTSA.