& cplSiteName &

ATIS: Connected Car Security an Industry-Wide Issue

Carol Wilson

ATIS is weighing in on the heavy topic of securing connected cars, issuing a whitepaper intended to further promote collaboration between the communications sector and the automobile industry.

The whitepaper, "Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives," is just the latest step in efforts to make sure the software framework of connected cars is properly established to enable tight security in a complex multi-connection future for automobiles.

The Alliance for Telecommunications Industry Solutions (ATIS) is already a strategic partner of the Auto ISAC, or Information Sharing and Analysis Center, an industry organization that allows car manufacturers to share best practices and information on problems that arise, notes Tom Gage, CEO and managing director of Marconi Pacific and chair of ATIS' Connected Car Cybersecurity Ad Hoc Group.

"Connected car is arguably the biggest area of IoT where there is a high risk or certainly one of them," he says in an interview. "There is a high risk to software downloads and uploads, there is a high risk ultimately to vehicle control, there is high risk to a whole class of vehicles or a set of makes and models winding up with malware intrusion because of structure of software or their security firewalls work."

ATIS membership includes the wireless operators, who are already heavily engaged with the automotive industry already as well as the chip makers, software developers and others engaged in the connected car sector as well, so the organization's interest in seeing security well-established in this sector is strong, Gage notes. Each of those industry players is expected to be engaged in establishing a secure software framework for connected cars.

And while much of concern has been on how network connections into a car might increase vehicle vulnerability, there is also the possibility that a connected car becomes a vector in an attack on the network, says Jim McEachern, senior technology consultant for ATIS.

Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

One of the near-term goals of the white paper and collaboration effort is to establish a better set of best practices for securing connected cars, Gage says, but longer term, ATIS is hoping to "determine what the best structure is for securing the vehicles and securing the delivery of network functionality to those vehicles' communications paths," he says. "So we have innumerated the communication paths to the vehicle and we have recognized that there are a bunch of initiatives that we could undertake together."

Those are being proposed as discussion points, not in an effort to dictate outcomes, he says, but to raise things that need to be considered.

One example Gage and McEachern cite is the car that is connected via one mobile operator but might be carrying people connected via Bluetooth to the car but using other mobile networks and moving through locations where there are WiFi connections using still other network operators.

If any one of those connections is not properly secured -- including the car's own connection firewall -- then all are at risk, McEachern notes. That's why it's not enough to just secure the car itself, and why an industry-wide approach is required.

ATIS has been in conversation with the Auto ISAC for a year and is hoping the white paper focuses future discussions both with that group and with individual automakers, Gage says.

— Carol Wilson, Editor-at-Large, Light Reading

(6)  | 
Comment  | 
Print  | 
Threaded  |  Newest First  |  Oldest First        ADD A COMMENT
User Rank: Moderator
8/10/2017 | 1:26:51 PM
Complacency - Still

Important article, Carol.

The extent to which insecure devices are filling up our homes is well understood. The ongoing deployment of insecure "things" in many enterprise uses cases is also well undesrtood.

The volume of flaws that are being revealed in connected car solutions by security testing is not so well understood, I don't think.

Some test results aren't just showing that a connected car solution vendor needs to go back and fix this and that but that, actually, their entire architecture needs be re-thought from the ground up from a security perspective.

That shouldn't be alarming from a safety perspective -  reputable car makers will ensure that insecure products never make it to the assembly line.

But it is sobering from an ICT ecosystem perspective in that it means that even in the case of  connected cars - which eveyone knows very well require bullet-proof security -  too many vendors still aren't living by the 'security first' mantra to a high enough standard.

Carol Wilson
Carol Wilson,
User Rank: Blogger
8/10/2017 | 2:08:05 PM
Re: Complacency - Still
Good point Patrick, and one of the intentions of this initiative from ATIS is to look at the software architecture itself. It sounds like there are folks within the automobile industry acknowledging the issues and seeking solutions, but whether their voices will be heard at the top of their own companies might still be an issue. 
User Rank: Light Sabre
8/10/2017 | 4:18:37 PM
Re: Complacency - Still
In an age where we all pretty much can be frightened out of our wits by bad guys doing bad things on a massive scale, it's both reassuring and flat-out terrifying to know that we're still in eager pursuit of systems and technologies that would allow even worse things to happen. Gotta love the human race.
Carol Wilson
Carol Wilson,
User Rank: Blogger
8/10/2017 | 5:33:08 PM
Re: Complacency - Still
Well it could be argued that bad drivers kill more people than cyber-criminals on a regular basis. So self-driving cars that are secured to the best of the industry's abilities might still reduce the loss of human life. 
User Rank: Light Sabre
8/10/2017 | 5:41:57 PM
Re: Complacency - Still
There are lots of different aspects to "connected car" beyond the self-driving thing. But even just focusing on that, human error happens in isolated incidents. Security breaches have the potential to happen on a massive scale. We need to understand and accept that as we move into this brave new world -- just as we have to accept that no digital system will ever be 100% secure.
User Rank: Light Sabre
8/23/2017 | 5:15:35 PM
Re: Complacency - Still
I wonder if there's already some coordination among those in the aviation industry to protect data and increase security of the avionics and digital devices in aircraft. If so, I would guess there could be some lessons learned from that group that would also apply to cars and land vehicles.
Featured Video
From The Founder
The 'gleaming city on a hill,' Steve Saunders calls it. But who is going to take us from today's NFV componentry to the grand future of a self-driving network? Here's a look at the vendors hoping to make it happen.
Flash Poll
Upcoming Live Events
September 28, 2017, Denver, CO
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 2, 2017, 8 Northumberland Avenue – London
November 10, 2017, The Westin Times Square, New York, NY
November 30, 2017, The Westin Times Square
All Upcoming Live Events
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Could 5G Have Found Its Glass Ceiling?
Dan Jones, Mobile Editor, 9/20/2017
1 Million Pirate Set-Top Boxes Sold in the UK
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 9/20/2017
Why Amazon May Be Cable's Biggest Threat
Mari Silbey, Senior Editor, Cable/Video, 9/22/2017
Comcast Shuts Down OTT Again
Mari Silbey, Senior Editor, Cable/Video, 9/19/2017
T-Mobile, Sprint in Merger Talks, Again – Report
Iain Morris, News Editor, 9/20/2017
Animals with Phones
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed