How to ensure security and trust in connected cars




The cars we drive today have become truly connected objects, capable of a variety of functionalities that both users and manufacturers could have only dreamed of in past decades. Whether it is detecting tiredness, alerting the driver of potential dangers or in-car entertainment systems, the level of innovation that is found in modern vehicles is nothing short of staggering.

Connected cars are an untapped well of potential, this being indicated by the fact that the connected vehicles market is projected to reach $166 billion by 2025. However, with increased connectivity in our cars, new challenges are arising for both manufacturers and users.

For example, these vehicles are dependent on consistent connectivity in all conditions, from dense urban environments to remote rural locations. They must be able to transmit data rapidly and reliably. What’s more, the range of data that can be stored by connected cars is broad – from contact details and addresses, to Wi-Fi passwords and many other things. Thus, challenges concerning data protection have become even more pressing. A recent survey found that 80% of drivers failed to remove their personal data from their vehicles before selling them. This, combined with the fact that many connected cars contain up to 100 million lines of code, leaves cars, drivers and manufacturers exposed to hackers.

In this sense, the challenge for original equipment manufacturers (OEM) is twofold: ensuring high-quality, around-the-clock connectivity in all conditions while providing high-level cybersecurity and data protection protocols across the value chain.

In this blog, we focus on a few aspects which are essential to ensuring robust connectivity and security within connected vehicles including cellular connectivity, security-by-design, digital identity, regulation and lifecycle management.

Technologies that enable connectivity in cars

With new functionalities being embedded in connected cars every year, connectivity is becoming a primary concern for manufacturers. This is because connectivity, whether it is Wi-Fi, Bluetooth, LPWAN or cellular, is the foundation for the interaction and communication between the vehicle and its environment, nearby infrastructure and the cloud. This is a concept which is known as V2X or ‘Vehicle-to-Everything’. Without good connectivity, critical safety services such as accident prevention and eCall emergency call solutions would not be possible.

Why cellular?

Whether it’s NB-IoT, LTE-M or 4G and 5G, cellular can provide the most reliable and stable connectivity in different environments.

With further developments in mobile connectivity, experts believe that 5G is best able to deliver the long-term potential of smart transportation. With unparalleled speeds, low latency and capacity which should be able to support one million connected devices per square kilometre, the technical capabilities offered by 5G will allow manufacturers to push connected car technology to new limits.

The role of eSIM

With a crucial need for connectivity to maintain the safety of drivers, one piece of technology that is an essential part of enabling safety and trust is the embedded SIM (eSIM).

These devices provide a secure element within connected cars to manage the vehicle’s mobile network operator subscriptions. In other words, eSIMs identify vehicles within networks, and provide the basis for global connectivity. By using eSIMs, connected cars are able to support functionalities such as vehicle telematics and navigation.

Furthermore, they also have the capacity to enable cars to instantly connect with cellular networks anywhere in the world, meaning they can operate in different countries without having to have new settings applied for each country visited.

Reliable connectivity is the fundamental basis that enables these innovative services to enhance driver experience and safety. However, with increased connectivity comes more vulnerable threat points that can be exploited by hackers. Consequently, robust cybersecurity protocols are needed to enable drivers to trust their connected vehicles.

How to ensure cybersecurity and trust in connected vehicles

The importance of cybersecurity in connected cars was succinctly summarised by Sir Ralf D. Speth, former CEO of Jaguar Land Rover, when he declared, ‘In a connected world, cybersecurity is as fundamental to your safety as the brakes’.

Cyberattacks can affect any party along the value chain, from the car user to the manufacturer. Having numerous points of entry has meant that the number of cybersecurity incidents involving connected cars has increased dramatically.

Like any other IoT device, connected cars need to have built-in security from the start, also known as security-by-design. This includes securing the firmware and software applications of the car using public key infrastructure (PKI) among other tools, key management services and identity issuance. PKI also uses encryption, authentication and identity checks to keep the data moving securely to and from the vehicle.

Furthermore, digital IDs allow manufacturers to protect the different components within a connected car’s ecosystem by making sure that all data that is transmitted between components is securely authenticated. Guarding the in-car system is ultimately as important as protecting the user’s information, as unsecured components within a connected car can allow hackers to gain access to the vehicle. Digital ID technology can also enable manufacturers to issue over-the-air updates which can further protect the car and its user from hackers. What’s more, the use of these updates allows the manufacturer to ensure that all components within the vehicle are operating at optimal performance, limiting the chances of the car needing to come in for a service.

Managing the data over the lifecycle of the connected vehicle is another key component of ensuring trust. Manufacturers need to make it possible to remotely update, patch and improve applications and embedded devices within connected cars. This will allow to not only keep connected vehicles working at an optimal performance but will protect them from cyberattacks while ensuring an enhanced user experience.

Regulation is also an important aspect of ensuring security and trust in connected vehicles. Regulatory frameworks such as UNECE WP29 are essential in supporting efforts to provide innovative vehicle technologies that not only enable vehicle safety but also make modern cars kinder to the environment.

By ensuring reliable connectivity and trusted cybersecurity, connected cars can become the standard of transportation in the modern world, enabling fantastic functionalities which drastically improve driver experience while protecting all parties involved, from the driver to OEMs and manufacturers.

Find out more about vehicle connectivity and cybersecurity in this automotive whitepaper.

Follow us @ThalesDigiSec for future content on all things connected cars!





Original article: How to ensure security and trust in connected cars
Author: Florent Abat