November 14, 2018
3 minutes

Cybersecurity as Automobile Product Differentiator

Safety is a big selling point. Auto manufacturers should make automobile cybersecurity a safety selling point too, as more and more internet-connected features pose increased threats.

Safety is a big selling point for vehicles.

But the introduction of internet-connected safety features also introduces a threat: pretty much anything that connects to the internet can be hacked.

As manufacturers compete to add the latest in modern features and conveniences, the cybersecurity of those features becomes an increasingly high priority—and an increasingly difficult task.

“There are so many chips and different lines of code from so many different vendors that car manufacturers face the same problem that many organizations do,” says Sensato CEO and cybersecurity expert John Gomez. “It’s nearly impossible for them to ‘see’ everything on a vehicle’s system.”

That’s where an agile breach detection system can be a true safety feature and product differentiator for vehicle manufacturers.

Security That Never Sleeps

“There are lots of breach detection agents, but the best-case scenario is a solution that fingerprints your system so you know everything that’s on it; it can quickly alert you to suspicious activity and then it gives you the ability to respond,” says Gomez. “Seconds count when you’re talking about any cyberattack, but especially when the target could be carrying an entire family in heavy freeway traffic.”

In addition to all of the built-in features, car manufacturers have to plan for external plug-ins and the potential attack vectors they introduce—for example, the insurance company plug-in that researchers showed could be hacked to disable the brakes.

You can catch more attackers with a honeypot—sweet!  Learn more.

4-Layered NHTSA Approach…

The National Highway Safety Administration (NHTSA) outlines four layers to cybersecurity that are the same cybersecurity basics any organization should be following:

  1. “A risk-based, prioritized identification and protection process for safety-critical vehicle control systems;
  2. Timely detection and rapid response to potential vehicle cybersecurity incidents on America’s roads;
  3. Architectures, methods, and measures that design-in cyber resiliency and facilitate rapid recovery from incidents when they occur; and
  4. Methods for effective intelligence and information sharing across the industry to facilitate quick adoption of industry-wide lessons learned.”

…Does not Require 4 Solutions

Vehicle manufacturers don’t have to juggle a handful of different vendors and solutions to follow the NHTSA’s four-layer recommendation. An integrated approach is always preferable, ensuring that each security component talks to the others.

For example, the Sensato Nightingale modular breach detection and honeypot solution includes all of the NHTSA’s four layers:

Security designed into vehicles is only logical, given all the auto industry does to build safety into every model that rolls off the line. All those new features that help on the sales floor shouldn’t be vulnerable to becoming the weak link that lets attackers wreak havoc.

Learn more about the attacker’s perspective, and how to use it to gain the advantage.

Cybersecurity Awareness Month Recap - Resources and Tips
October was National Cybersecurity Awareness Month which is meant to put a spotlight and focus on cybersecurity education and taking action to protect yourself and your organization from a cyberattack. Here’s a roundup of some of the top things we shared in October.
Four New Phishing Tactics to Watch Out For
By now most healthcare organizations perform cybersecurity awareness training and their staff are on the lookout for phishing emails. Cyber attackers are getting more savvy, however and are coming up with new phishing techniques that are harder to spot. Below are some examples of these new tactics and how to spot them.
Real-time Review of Oklahoma State University Cybersecurity Breach
Healthcare organizations that are victims of a cyberattack are reported daily. Reviewing OCR findings to identify actions you can take to protect your organization from similar attacks is a good best practice. Here is a review of the OSU breach to use as an example.
No items found.