NRI SecureTechnologies, Ltd. (President: Jun Odashima, hereinafter NRI Secure) has established a new team focused on information security diagnostics and assessments of automobiles and their onboard devices, and will now be providing a “Automotive Penetration Test” service (hereinafter the Service).
Cyber-attacks on Automobiles a Growing Threat
Recently, the quest to improve fuel efficiency and make automatic driving a reality has made it increasingly common for automobiles to be equipped with information communication equipment that connects with external networks, smartphones, USB memory sticks, and other devices. With these items attracting attention as potential targets for cyber-attacks, any unauthorized remote access could lead to serious problems and may potentially jeopardize human lives.
In the U.S., the National Highway Traffic Safety Administration (NHTSA) released guidelines*1 last year requiring the automotive industry members to conduct penetration tests to simulate intrusions attempts by attackers. In response to this, many Japanese automobile manufacturers and auto-parts manufacturers that deal mainly in the North American market are currently looking into conducting such tests.
Security Service for Automobiles Provided by a Dedicated Team
NRI Secure has provided numerous security assessments for automobile and related systems in the past and has created a detailed assessment criteria based on extensive experience with vehicle systems. Using this assessment criteria and past experience NRI Secure has now developed a new “Automotive Penetration Test” service that clients can use to help adhere to NHTSA guidelines and reduce overall risk.
The Service involves conducting penetration tests based on various guidelines for incorporated devices and on the expertise that NRI Secure has cultivated thus far through “Device Security Diagnostics*2” for IoT (the Internet of Things) equipment. NRI Secure is launching a dedicated team comprised mainly of members with extensive backgrounds and achievements in vehicle system penetration testing, who will identify risk scenarios and intrusion pathways through offline threat analysis and then run security assessments and diagnostics on the actual vehicles and their onboard devices. In addition, the dedicated team can support automobile manufactures or other clients who prefer to perform the diagnostic in-house.