Security Engineering for Connected Cars
July 27, 2016
2 minute readsecurity connected-car
If you follow tech news it seems almost every week there’s a new announcement around connected cars or electric vehicles and the announcements increase in sophistication: from VW, LG Electronics to co-develop connected-car platform over Volvo’s Big Data plans to Honda and SoftBank are developing in-car artificial intelligence.
Even if there are doubts if these initiatives deliver the connected car experience consumers expect it’s a safe bet that connected cars are here to stay and the complexity of their software will increase dramatically over the next few years.
Unfortunately most everyone in the security industry will agree that complexity is at least one of the worst enemies of security if not enemy no.1. Thus how can we address the security risks and implications of that complexity? I’ve written about this before in the context of autonomous cars but it equally applies to connected cars.
In the quite different area of critical infrastructures and cyber-physical systems, NIST has developed a new standard Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST SP 800-160 currently in draft. If you don’t want to read the full report ICIT has published a summary NIST SP 800-160: For the Rest of Us. The interesting point here is that it builds on existing and well-known standards for systems and software engineering from ISO, IEC and IEEE. As such it can be a good starting point also for car-makers to address security concerns and integrate them in their engineering processes and thus help in creating trustworthy and resilient systems.
Even if security issues in critical infrastructures can have much more devastating consequences I’m sure we all agree that we also want our cars to be trustworthy, secure and resilient against attacks.