The digitization of in-car systems is the foundation on which the next wave of innovation in the automotive industry is built, whether it is connected cars, electric vehicles, autonomous driving, or shared mobility. However, with increased digitization comes the increased risk of cyberattacks. If a car’s security is compromised, this can result in the theft of personal data or the car itself, circumvention of a vehicle’s security and safety mechanisms, or, in extreme cases, full remote control of the car. And with the dawn of autonomous vehicles, these risks are only set to increase due to the dependency on software communication channels. Failure to protect against these risks could have a catastrophic effect on consumer confidence, privacy, brand reputation, and worse, vehicle occupant and pedestrian safety.
Choosing a secure platform for your vehicle
Some of the major considerations when it comes to identifying the robustness level of a solution:
- Was the solution tested on the attacks that resemble real-life attacks?
- Have all possible paths toward security compromise been considered? Will the paths include all components of the complete product?
- Has the security assessment been performed with a high enough Vulnerability Analysis (VA) level to capture the defined attacks in the wild and future attacks with sufficient depth?
There are multiple security certifications, including Common Criteria (CC), EAL, and UNECE WP.29. This paper discusses the role that security certification plays when choosing a secure solution that will benefit your customers now and that will provide a future-proof platform for the emerging automotive cybersecurity threat landscape, and address legislation.
In this whitepaper, the automotive industry is used as an example. However, the approaches and recommendations can apply equally to other vertical markets and product types.
Who is this paper for?
This paper provides value for:
- OEMs seeking to secure the modern, connected vehicle or set a secure foundation for future revenue streams such as the monetization of vehicle data.
- Executives such as CEOs, CTOs, and CFOs who want to prepare their cybersecurity strategy and understand the importance of designing security from inception to meet current and future legislative requirements.
- Product managers, especially those involved in-vehicle connectivity, including traditional telematics units, ADAS systems or autonomous driving technology.
- Security, quality, and development teams seeking to understand security certification, particularly in the context of the wider security solution.
- Business development and digital revenue teams want to understand the importance of building a robust, secure platform, especially for next-generation capabilities.
- Procurement teams who want to develop a greater understanding of the risks associated with their buying decisions.
This paper is developed in collaboration with Trustonic.