Connected cars demand the same level of attention as any other feature of a company’s network. In the past, a car’s electronic control systems were always internal, so there was no need to think about the communications happening outside the car. Now that the drive to add “infotainment” to internal systems has brought the Internet inside of cars, manufacturers need a whole new way of thinking to deal with outside cyber threats. This includes ensuring greater interaction between R&D and IT, particularly since R&D locks down three years before a new car rolls off the floor.
When one of CGI’s leading auto manufacturing clients realized that the external IT environment was moving inside their cars, they wanted to be sure those connections were as safe as the rest of the cars’ systems. Working closely with our client, we developed a certificate service as an enabler for other security services, such as encryption, signing and authentication. A unique certificate is produced at the factory and then uploaded into each car. This allows secure authentication of every car produced, and also ensures that all information going into and out of the car is signed with a valid certificate.
The certificate service makes it almost impossible to install malware into a car’s Internet-enabled devices because the certificate can recognize whether or not the access is correct. In addition, certificates are used to encrypt all of the data that goes from car to cloud, so hackers cannot use this channel for unauthorized activities such as seeing the kind of data sent from or received by the car. Data at risk in this scenario might include driver identities, addresses, destinations and mileage.
And the power of connected cars has only just begun. In the not too distant future:
- When cars needs maintenance, the dealer or repair shop could retrieve information from the car in advance, so this channel must be also secured, and the garage itself should have a secure IT environment as well.
- You won’t even need your credit card to pay for gas at the station. Instead, your car will communicate with the pump.
- Vehicle-to-vehicle (V2V) communications could warn drivers of danger. In the U.S., the National Highway Traffic Safety Administration has plans to issue a proposal to require V2V communication capability for passenger cars and light truck vehicles and to create minimum performance requirements for V2V devices and messages.
But with every new feature also comes new security risks, so there needs to be more encryption to ensure security between different sources. When you think about it, every gadget that communicates directly or indirectly with the Internet needs some built-in security. The certificate approach can benefit industries like transportation (air, rail, bus, etc.), health (medical devices or wearables), roads and more.
CGI helps our clients provide the foundation of security for this new world. Our certificate service and digital signing can be used to secure every channel for the car of the future.
About this author
Director, Cybersecurity, CGI in Sweden
A Director in CGI in Sweden’s Cybersecurity practice, Anna has extensive experience working with clients in healthcare, financial services and manufacturing. As a leader of CGI’s Internet Certificate Services team of experts, she is responsible for development and ongoing delivery of our Swedish security services. ...