November 14, 2018
|
3 minutes

Cybersecurity as Automobile Product Differentiator

Safety is a big selling point. Auto manufacturers should make automobile cybersecurity a safety selling point too, as more and more internet-connected features pose increased threats.

Safety is a big selling point for vehicles.

But the introduction of internet-connected safety features also introduces a threat: pretty much anything that connects to the internet can be hacked.

As manufacturers compete to add the latest in modern features and conveniences, the cybersecurity of those features becomes an increasingly high priority—and an increasingly difficult task.

“There are so many chips and different lines of code from so many different vendors that car manufacturers face the same problem that many organizations do,” says Sensato CEO and cybersecurity expert John Gomez. “It’s nearly impossible for them to ‘see’ everything on a vehicle’s system.”

That’s where an agile breach detection system can be a true safety feature and product differentiator for vehicle manufacturers.

Security That Never Sleeps

“There are lots of breach detection agents, but the best-case scenario is a solution that fingerprints your system so you know everything that’s on it; it can quickly alert you to suspicious activity and then it gives you the ability to respond,” says Gomez. “Seconds count when you’re talking about any cyberattack, but especially when the target could be carrying an entire family in heavy freeway traffic.”

In addition to all of the built-in features, car manufacturers have to plan for external plug-ins and the potential attack vectors they introduce—for example, the insurance company plug-in that researchers showed could be hacked to disable the brakes.

You can catch more attackers with a honeypot—sweet!  Learn more.

4-Layered NHTSA Approach…

The National Highway Safety Administration (NHTSA) outlines four layers to cybersecurity that are the same cybersecurity basics any organization should be following:

  1. “A risk-based, prioritized identification and protection process for safety-critical vehicle control systems;
  2. Timely detection and rapid response to potential vehicle cybersecurity incidents on America’s roads;
  3. Architectures, methods, and measures that design-in cyber resiliency and facilitate rapid recovery from incidents when they occur; and
  4. Methods for effective intelligence and information sharing across the industry to facilitate quick adoption of industry-wide lessons learned.”

…Does not Require 4 Solutions

Vehicle manufacturers don’t have to juggle a handful of different vendors and solutions to follow the NHTSA’s four-layer recommendation. An integrated approach is always preferable, ensuring that each security component talks to the others.

For example, the Sensato Nightingale modular breach detection and honeypot solution includes all of the NHTSA’s four layers:

Security designed into vehicles is only logical, given all the auto industry does to build safety into every model that rolls off the line. All those new features that help on the sales floor shouldn’t be vulnerable to becoming the weak link that lets attackers wreak havoc.

Learn more about the attacker’s perspective, and how to use it to gain the advantage.

SOC Myths & Fallacies: Why Do Most Security Operations Centers Fail?
Over the course of a year long investigation, we interviewed CIO, CISO, managers, security analysts, security engineers and compliance officers. Find out what we learned.
Self-Defense & Cyberwar
As someone who may be responsible for protecting a network, facilities or people, the evolution of cyberweapons and your rights to defend yourself will become a rather critical aspect of your strategies in the coming years.