& cplSiteName &

ATIS: Connected Car Security an Industry-Wide Issue

Carol Wilson

ATIS is weighing in on the heavy topic of securing connected cars, issuing a whitepaper intended to further promote collaboration between the communications sector and the automobile industry.

The whitepaper, "Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives," is just the latest step in efforts to make sure the software framework of connected cars is properly established to enable tight security in a complex multi-connection future for automobiles.

The Alliance for Telecommunications Industry Solutions (ATIS) is already a strategic partner of the Auto ISAC, or Information Sharing and Analysis Center, an industry organization that allows car manufacturers to share best practices and information on problems that arise, notes Tom Gage, CEO and managing director of Marconi Pacific and chair of ATIS' Connected Car Cybersecurity Ad Hoc Group.

"Connected car is arguably the biggest area of IoT where there is a high risk or certainly one of them," he says in an interview. "There is a high risk to software downloads and uploads, there is a high risk ultimately to vehicle control, there is high risk to a whole class of vehicles or a set of makes and models winding up with malware intrusion because of structure of software or their security firewalls work."

ATIS membership includes the wireless operators, who are already heavily engaged with the automotive industry already as well as the chip makers, software developers and others engaged in the connected car sector as well, so the organization's interest in seeing security well-established in this sector is strong, Gage notes. Each of those industry players is expected to be engaged in establishing a secure software framework for connected cars.

And while much of concern has been on how network connections into a car might increase vehicle vulnerability, there is also the possibility that a connected car becomes a vector in an attack on the network, says Jim McEachern, senior technology consultant for ATIS.

Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

One of the near-term goals of the white paper and collaboration effort is to establish a better set of best practices for securing connected cars, Gage says, but longer term, ATIS is hoping to "determine what the best structure is for securing the vehicles and securing the delivery of network functionality to those vehicles' communications paths," he says. "So we have innumerated the communication paths to the vehicle and we have recognized that there are a bunch of initiatives that we could undertake together."

Those are being proposed as discussion points, not in an effort to dictate outcomes, he says, but to raise things that need to be considered.

One example Gage and McEachern cite is the car that is connected via one mobile operator but might be carrying people connected via Bluetooth to the car but using other mobile networks and moving through locations where there are WiFi connections using still other network operators.

If any one of those connections is not properly secured -- including the car's own connection firewall -- then all are at risk, McEachern notes. That's why it's not enough to just secure the car itself, and why an industry-wide approach is required.

ATIS has been in conversation with the Auto ISAC for a year and is hoping the white paper focuses future discussions both with that group and with individual automakers, Gage says.

— Carol Wilson, Editor-at-Large, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Sabre
8/23/2017 | 5:15:35 PM
Re: Complacency - Still
I wonder if there's already some coordination among those in the aviation industry to protect data and increase security of the avionics and digital devices in aircraft. If so, I would guess there could be some lessons learned from that group that would also apply to cars and land vehicles.
User Rank: Light Sabre
8/10/2017 | 5:41:57 PM
Re: Complacency - Still
There are lots of different aspects to "connected car" beyond the self-driving thing. But even just focusing on that, human error happens in isolated incidents. Security breaches have the potential to happen on a massive scale. We need to understand and accept that as we move into this brave new world -- just as we have to accept that no digital system will ever be 100% secure.
Carol Wilson
Carol Wilson,
User Rank: Blogger
8/10/2017 | 5:33:08 PM
Re: Complacency - Still
Well it could be argued that bad drivers kill more people than cyber-criminals on a regular basis. So self-driving cars that are secured to the best of the industry's abilities might still reduce the loss of human life. 
User Rank: Light Sabre
8/10/2017 | 4:18:37 PM
Re: Complacency - Still
In an age where we all pretty much can be frightened out of our wits by bad guys doing bad things on a massive scale, it's both reassuring and flat-out terrifying to know that we're still in eager pursuit of systems and technologies that would allow even worse things to happen. Gotta love the human race.
Carol Wilson
Carol Wilson,
User Rank: Blogger
8/10/2017 | 2:08:05 PM
Re: Complacency - Still
Good point Patrick, and one of the intentions of this initiative from ATIS is to look at the software architecture itself. It sounds like there are folks within the automobile industry acknowledging the issues and seeking solutions, but whether their voices will be heard at the top of their own companies might still be an issue. 
User Rank: Lightning
8/10/2017 | 1:26:51 PM
Complacency - Still

Important article, Carol.

The extent to which insecure devices are filling up our homes is well understood. The ongoing deployment of insecure "things" in many enterprise uses cases is also well undesrtood.

The volume of flaws that are being revealed in connected car solutions by security testing is not so well understood, I don't think.

Some test results aren't just showing that a connected car solution vendor needs to go back and fix this and that but that, actually, their entire architecture needs be re-thought from the ground up from a security perspective.

That shouldn't be alarming from a safety perspective -  reputable car makers will ensure that insecure products never make it to the assembly line.

But it is sobering from an ICT ecosystem perspective in that it means that even in the case of  connected cars - which eveyone knows very well require bullet-proof security -  too many vendors still aren't living by the 'security first' mantra to a high enough standard.

Featured Video
From The Founder
Light Reading founder Steve Saunders grills Cisco's Roland Acra on how he's bringing automation to life inside the data center.
Flash Poll
Upcoming Live Events
March 20-22, 2018, Denver Marriott Tech Center
March 22, 2018, Denver, Colorado | Denver Marriott Tech Center
March 28, 2018, Kansas City Convention Center
April 4, 2018, The Westin Dallas Downtown, Dallas
April 9, 2018, Las Vegas Convention Center
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Has Europe Switched to a Fiber Diet? Not Yet...
Ray Le Maistre, Editor-in-Chief, 2/15/2018
Will China React to Latest US Huawei, ZTE Slapdown?
Ray Le Maistre, Editor-in-Chief, 2/16/2018
Net Neutrality: States' Rights vs. the FCC
Mari Silbey, Senior Editor, Cable/Video, 2/13/2018
IBM, Microsoft Duke It Out Over Chief Diversity Hire
Sarah Thomas, Director, Women in Comms, 2/15/2018
5G: The Density Question
Dan Jones, Mobile Editor, 2/15/2018
Animals with Phones
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed