Today's vehicles are part of an expanding galaxy of interconnected digital devices. Some of those devices include in-vehicle control units and systems that talk to each other through internal network buses and external applications through the cloud. Some are Internet-connected devices such as tablets and phones brought into the car by drivers and passengers. And some are remote devices used by vehicle owners and their agents to communicate from a distance with the vehicle. In the midst of this collection of devices, communications methods and protocols, there is a single common point: information that needs to be secured, either because it is private or because it can be used to control vehicle functions.
This means that information, and not the vehicle itself, must become the central point of security. Rather than “spinning wheels” trying to protect vehicles from being hacked, engineers and manufacturers must focus their security efforts on a central communications hub that resides in the cloud.
It’s About the Information, Not the Vehicle
From a digital security standpoint, the connected vehicle itself resembles a slice of “Swiss cheese.” Provided with only elementary protection, in-vehicle networks are quite porous in the face of “sniffing” and other types of attacks. Meanwhile, mobile devices and applications that have permission to access a vehicle are not highly secure in and of themselves, and can thus provide pathways into a vehicle for malicious activities. And Bluetooth, for all its usefulness in near-field communication between devices, has also proven vulnerable to unauthorized access. All of this is just within the vehicle. As a vehicle communicates to the Internet, there is an entire new layer of very real concerns including personal information theft, threats to data and message integrity (e.g.: changing the content of messages in order to issue bogus commands, etc.), and denial of service attacks.
Trying to comprehensively secure the connected vehicle by securing each of the interconnected devices, applications and systems in