A car must also be cyber secure.
Let’s call it the Internet of Things, call it an increasingly widespread connection, call it a tendency to make everything smarter, but there is no doubt that every day we add connected devices to our routine. A great convenience certainly and we at SamaGame can only appreciate this trend, but it has its downsides. Also for this cybersecurity becomes important in areas that we may not have considered so far, such as car.
The importance of cybersecurity (not only) on board our car
Try Bitdefender Now, Among the Best Antivirus
Day after day our life is built more and more around a real connected ecosystem. We have new possibilities connect our devices to each otherto move smoothly from the smartphone to the PC, to the smartwatch and slowly expand to further objects, from the refrigerator to the oven, passing through the vacuum cleaner, the lights and of course the car.
The convenience of all this is undoubted. Systems like Apple CarPlay or Android Auto they give us the possibility to quickly access our music or podcasts while we drive or even simply get directions from the navigator. However it is good to remember that every time we expand our network we put ourselves in front of a risk: it is the principle of the chain, which is only as strong as its weakest link. AND this is why cybersecurity has become fundamental, even when it comes to cars. To the point that malware dedicated to the four wheels are being born.
To learn more about this issue, we took part in a meeting organized by Sababa Security, a key company in the IT security sector. The title of the appointment was Automotive cybersecurity throughout the supply chain and already from this we can deduce one of the key aspects in the approach to this topic.
Following in some ways the principle of the chain above, we must remember that security must not and it cannot only concern the moments in which the vehicle is in use. In fact, it is also necessary to protect the production phase, going back along the entire supply chain, because the risk of an attack is present at every step.
The legislation has already intervened to regulate and support throughout this process
Car cybersecurity has already been addressed at the regulatory level. As Omar Morando, CTO of Sababa Security explained to us, there is in fact the so-called UNECE R155-156, a set of guidelines to follow as regards both the life cycle of the vehicle and any software updates associated with it. It has already been applied since July 2022 for new models, while from 2024 it will be mandatory for all cars in production.
Not only that, but there are also gods compliance standards to follow. Take, for example, the law IEC 62443 or the ISO/SAE 21434. These join other tools to ensure the safety of cars. Basically it is no longer enough to check that the brakes work or that the airbags are effective, but also that our cars are protected from cyber attacks. And this is true throughout the production chain.
It is therefore essential to implement within the company a CSMSi.e. a CyberSecurity Management System. However, care must be taken that this covers every aspect of the process, but above all that it addresses the issue from many different points of view. It’s not just about the more strictly technical issue (with the various protection tools that we more or less know).
Indeed, in the modern production system we cannot forget the risk of human error. In fact, a good security system must also intervene on the company culture itself. Training with employees, to teach them not only how to use the protection tools but also best practices to better defend themselves, becomes essential.
Sababa Security takes care of the cybersecurity of our car
A service like the one offered by Sababa Security is precisely oriented in this direction. It’s about a complete proposalwhich can range from simple consultancy support (for example on the various regulations we mentioned above), through penetration tests to concrete help in training professionals, to introduce all-round cybersecurity into the corporate culture.
An innovative tool, developed by Sababa, also helps them in this, namely theAutomotive Testbed. Presented last November during CSET 2022 to then be introduced into operations in the coming months, it is a compact device (roughly the size of a common trolley), which reproduces the standard equipment of a vehicle. This way it is possible perform penetration tests or more general tests of many different types, verifying the level of cybersecurity without however the difficulties associated with the presence of a “whole” car.
Stefano Brusaferro, Sales & Marketing Director of HWG, then elaborated on the discussion during the panel highlighting how smart mobility and the development of the hybrid/electric (with the implementation of charging stations) despite all the advantages they bring, contribute to opening new vulnerabilities and an increasingly large attack surface. For all these reasons it is important create a real cybersecurity ecosystem for cars. From data collection to their analysis and implementation throughout the supply chain.
In short, it’s time to get active to protect our vehicles. If you want to know more, you can visit the official website of Sababa Security.