The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its first ever research and guidance report on connected vehicle security. Authored by the CSA’s Internet of Things (IoT) Working Group, “Observations and Recommendations on Connected Vehicle Security” is a 35-page report that provides a comprehensive perspective on vehicle security connectivity design, possible attack vectors of concern, and recommendations for securing the connected vehicle environment.
“In the near future, connected vehicles will operate in a complex ecosystem that connecting vehicles not only with each other and the traffic infrastructure, but also with new forms of connectivity and relationships to cloud-based services, smart homes, and even smart cites,” said Brian Russell, chair of the CSA IoT Working Group. “For a safe and secure transportation system, the community must take a fresh look at the larger picture, and develop the policies, designs, and operations that incorporate security throughout the development.”
“Observations and Recommendations on Connected Vehicle Security” aims to provide a thorough assessment on vehicle security design, which must be flexible enough to adapt to future challenges, and be cognizant of unanticipated threats that future disruptive technologies may bring. In the first of three sections, the IoT Working Group provides a detailed and insightful analysis of the evolution of vehicle connectivity towards fully connected and autonomous systems. The next section outlines areas of concern for connected vehicles, and lays out nearly 20 different attack vectors and the resulting impacts to the driver or vehicle. Finally, the report evaluates the security gaps that need attention and offers recommendations for enterprise-wide security controls to safeguard the driving public.
Automobile connectivity today is evolving on a number of fronts. Platforms designed in the pre-connected era are now being connected in multiple ways. This has allowed security researchers to gain access to sensitive vehicles. Sensitive functions can be compromised via direct access, such as with USB and the On Board Diagnostic (OBD-II) port, or by remote access such as infotainment consoles, Bluetooth, WiFi and cellular devices.
“There are a number of motivations for bad actors to compromise connected vehicle components and technologies, ranging from curious hackers attempting to demonstrate weaknesses, to malicious entities attempting to cause harm, on both small and large scales,” said John Yeoh, senior research analyst at the CSA. “Only through the thoughtful use of disruptive technologies such as big data, machine learning and artificial intelligence can we help build a better, safer and more secure connected vehicle ecosystem.”
Nearly 20 CSA IoT Working Group members contributed to the research and development of the report. Lead authors of the report include Brian Russell, chair of the CSA IoT Working Group and chief engineer, Cyber Security Solutions at Liedos, a CSA corporate member, along with Aaron Guzman of SecureWorks, Paul Lanois of Credit Suisse, and IoT industry expert Drew Van Duren.