Driverless Cars Will Require a New Approach to Automotive Cybersecurity as First Driverless Cybersecurity Standard Released

This December, the U.K. Government published a standard for automotive cybersecurity, PAS 1885, outlying guidelines to improve and maintain driverless vehicle security and associate intelligent transport systems. The guidelines were developed in conjunction with Jaguar Land Rover, Ford, and Bentley, as well the National Cyber Security Centre, the British Standards Institution, and the Department for Transport.

Overall, the standard outlines the needs to apply a defense-in-depth approach, a means to asses software trustworthiness, and to critically manage the security of the vehicle and data over the lifetime of the vehicle. Critical differences between current vehicles and future autonomous vehicles will mean that new cybersecurity measures and approaches will be needed to achieve what is set out in this standard and in future standards set out by other countries. Consequently, this will bring a wave of new opportunities for hardware and software companies.

The current approach to automotive cybersecurity is to limit entry into the vehicle via key access points, using methods that include: hardware-based firewalls, application sandboxing, and Safety, Health, and Environmental (SHE) microprocessor specifications. However, the current approach will not be enough to secure future autonomous vehicles, nor does it critically provide any insight into the current status of vehicle security. High-level autonomy and fully-autonomous vehicles (robotaxis) provide several unique challenges from a cybersecurity perspective, as covered in an upcoming ABI Research report (AN-5000):

• New Vehicle Architectures: New architectures will see the incorporation of new computing elements, such as domain controllers. Domain controllers will be used to consolidate the function of Electronic Control Units (ECUs) into domain controllers and provide extra functionality where applicable. Domain controllers will contain valuable software Intellectual Property (IP) and provide common functionality for all ECUs in the domain. Domain controllers will, therefore, be more critical to functionality than any individual ECU would have been, emphasizing the need for the controller to be secure.
• Increased Probability and Potential Implication of any Cyberattack: In the longer term, full vehicle autonomy will see fully driverless vehicles enter operation on public roads. With no driver in the vehicle, software is entirely responsible for the control of the vehicle. This will lead to an increase in the probability of an attack, as well as potential implications of an attack, due to: higher software IP value, potentially unmonitored physical access, and greater potential control of the vehicle state leading to greater incentive (e.g., terrorism).
• Protection Against Sensor Spoofing: Sensor spoofing attacks are attacks whereby primarily vision sensors can be fooled by adversary images, providing false information to the driver and impacting other vehicle systems. Adversary images are images that have been intentionally manipulated in such as a way that, although humans can recognize them correctly, a vision-based system cannot and, therefore, it misclassifies the image. This will impact current Advanced Driver Assistance Systems (ADAS), such as traffic sign recognition systems and adaptive cruise control, but the real threat is that a fully autonomous vehicle’s software is in complete control of the vehicle.
• Need to Actively Monitor the Vehicle’s Security: Given the initial capital costs, the commercial value to operations and the safety implications of robotaxi operations, local governments and standards will almost certainly want Original Equipment Manufacturers (OEMs)/mobility operators to actively monitor the security of robotaxi vehicles to immobilize any compromised vehicle/fleet.

To meet the requirements and best practices set out by standards will require that OEMs and Tier Ones rethink current cybersecurity approaches. This will see new cybersecurity measures, both hardware and software, being applied to the vehicle, advancing the current state of cybersecurity, while also bringing new opportunities to vendors in these spaces.

The current approach toward vehicle security is very limited in its scope; however, with increasing autonomy, OEMs, backed by local standards, will likely look to develop a new approach to cybersecurity.

Any new approach to cybersecurity will likely center around cyber-software solutions, such as an Intrusion Detection System (IDS)/Intrusion Protection System (IPS), which can provide active insight into current network traffic inside the vehicle, be easily updated, and provide protection against sensor spoofing attacks. For robotaxi applications, the use of software, such as an IDS/IPS, to actively monitor the state of vehicle security will almost certainly be a requirement set out by standards like the upcoming joint International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE) 21434 standard.

Although cyber software will form a key part of an OEM’s strategy toward providing cybersecurity, it is not a complete approach to cybersecurity; for instance, it provides little protection from physical tampering that will likely increase with robotaxi usage. Any cybersecurity approach will, therefore, require complementary security hardware to provide a complete end-to-end secure solution. Therefore, although software vendors may be tempted to push a complete software solution to OEM customers, working to provide software solutions that function with key complementary security hardware may be a more effective approach, providing a complete end-to-end solution, thereby providing a software provider the edge versus its competitors. The recent late-2018 announcement by vehicle cybersecurity software provider Karamba Security that it is partnering with semiconductor vendor ST Microelectronics to provide a secure telematics processing solution is a good example of how this can be achieved. This partnership will leverage Karamba’s Carwall cybersecurity software solution and STMicroelectronics’ processors to achieve tamper resistance and accelerated software execution.

Cybersecurity hardware providers, on the other hand, should be aware of the limitations of cybersecurity software and how hardware can fill those gaps left by cyber software, providing a complementary solution, rather than a competitive solution. Current secure hardware is almost exclusively limited to the implementation of specifications like SHE. Given the limitations of current SHE-based implementations, such as limited protection against physical tampering and limited support for cryptography functions, hardware providers should be aware of the possible opportunities available to provide more advanced secure solutions. For example, the Hardware Security Module (HSM) represents a suitable extension to SHE and, therefore, is likely to be favored by OEMs for use in domain controllers. Other security measures, such as Trusted Platform Modules (TPMs) and secure elements, can then be pitched as suitable additions for areas that require increased tamper-resistance and extra security in key areas like infotainment and Vehicle-to-Everything (V2X) features.

The PAS 1885 standard demonstrates how there is growing emphasis on cybersecurity in automotive applications with increasing vehicle software complexity and automation. With the ISO – SAE 21434 standard for vehicle security also in development and expected to be completed in 2020, there are now significant available opportunities for both hardware and software vendors, driven by standards. For cybersecurity software vendors, the need to actively monitor the cybersecurity status over the lifetime of the vehicle provides an obvious entry into the market. For hardware providers, the best strategies will evolve around providing tamper resistance and complementary solutions to cybersecurity software, or even partnering with the software providers themselves to provide a complete solution through collaboration.