ATIS: Connected Car Security an Industry-Wide Issue
ATIS is weighing in on the heavy topic of securing connected cars, issuing a whitepaper intended to further promote collaboration between the communications sector and the automobile industry.
The whitepaper, "Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives," is just the latest step in efforts to make sure the software framework of connected cars is properly established to enable tight security in a complex multi-connection future for automobiles.
The Alliance for Telecommunications Industry Solutions (ATIS) is already a strategic partner of the Auto ISAC, or Information Sharing and Analysis Center, an industry organization that allows car manufacturers to share best practices and information on problems that arise, notes Tom Gage, CEO and managing director of Marconi Pacific and chair of ATIS' Connected Car Cybersecurity Ad Hoc Group.
"Connected car is arguably the biggest area of IoT where there is a high risk or certainly one of them," he says in an interview. "There is a high risk to software downloads and uploads, there is a high risk ultimately to vehicle control, there is high risk to a whole class of vehicles or a set of makes and models winding up with malware intrusion because of structure of software or their security firewalls work."
ATIS membership includes the wireless operators, who are already heavily engaged with the automotive industry already as well as the chip makers, software developers and others engaged in the connected car sector as well, so the organization's interest in seeing security well-established in this sector is strong, Gage notes. Each of those industry players is expected to be engaged in establishing a secure software framework for connected cars.
And while much of concern has been on how network connections into a car might increase vehicle vulnerability, there is also the possibility that a connected car becomes a vector in an attack on the network, says Jim McEachern, senior technology consultant for ATIS.
One of the near-term goals of the white paper and collaboration effort is to establish a better set of best practices for securing connected cars, Gage says, but longer term, ATIS is hoping to "determine what the best structure is for securing the vehicles and securing the delivery of network functionality to those vehicles' communications paths," he says. "So we have innumerated the communication paths to the vehicle and we have recognized that there are a bunch of initiatives that we could undertake together."
Those are being proposed as discussion points, not in an effort to dictate outcomes, he says, but to raise things that need to be considered.
One example Gage and McEachern cite is the car that is connected via one mobile operator but might be carrying people connected via Bluetooth to the car but using other mobile networks and moving through locations where there are WiFi connections using still other network operators.
If any one of those connections is not properly secured -- including the car's own connection firewall -- then all are at risk, McEachern notes. That's why it's not enough to just secure the car itself, and why an industry-wide approach is required.
ATIS has been in conversation with the Auto ISAC for a year and is hoping the white paper focuses future discussions both with that group and with individual automakers, Gage says.
— Carol Wilson, Editor-at-Large, Light Reading