Not only are those devices produced by a global supply chain diverse enough to make anyone’s head spin, he noted that they are also a product that is in use for 7–10 years—“undoubtedly longer than other electronic consumer devices.”
And given that a majority of the existing fleet is probably more than four years old, many of them were not designed for remote, or over-the-air (OTA), patching.
Implement security by design
“The priority for car makers for the existing fleet should be to design a sustainable way to maintain a list of embedded computers inside vehicles, and then promptly reach customers should security flaws arise so they can apply patches to components,” he said.
Dennis Kengo Oka, applications engineer, senior staff at Synopsys, doubts that the OTA problem will be resolved within the current fleet. “It has to be security by design,” he said, “and it will take a few years until we see the next generation of vehicles that are built with that.”
Art Dahnert, managing consultant at Synopsys, agrees that the “many different models and configurations” of an automotive fleet make an effective security initiative complicated.
So he recommends the same thing he does to non-automotive clients. “Perform an assessment of your ‘portfolio,’ including identifying and ranking the potential risk areas,” he said.
And given that U.S. traffic accidents claim about 40,000 lives per year, he said the top priority for current vehicles “would definitely start with safety.” Whether access to a vehicle is remote or physical, carmakers should “make sure the vehicle’s safety components can’t be compromised. This will involve a layered approach with a lot of separation and untrusted connectivity assumptions.”
Limit inbound connections
He said another priority should be to reduce the risk of remote connection attacks that could compromise the entire fleet by “thinking long and hard about inbound and outbound connections over various networks, focusing on LTE [cellular] as well as Wi-Fi and BT [Bluetooth].”
Indeed, one of the elements that Miller and Valasek say is essential for the security of AVs is to allow only outgoing communications from vehicles. “No inbound connections over the Internet should be possible. Only outbound connections will be allowed,” they wrote.