Car manufacturing is one of the most regulated industries. At some point, most people reading this will have seen the crash tests performed on cars. Test dummies dressed in sharp looking stripes are strapped into a car wearing lots of sensors to test its safety in the event of a crash. These exercises provide a wealth of data on the car's ability to protect occupants and are a crucial requirement for any car manufacturers looking to bring new vehicles to the market.
Currently, almost every component of an automobile has somewhere in the range of 60 to 100 sensors. However, we are entering a new era and the number of car sensors is expected to double as auto manufacturer's focus on making transport “smarter”. Today's new cars have Internet connectivity and can integrate with applications for entertainment, vehicle service, maintenance and even driving services, such as directions or real-time traffic updates.
Drivers are hungry for even more advanced systems in their cars and manufacturers are interested in technologies like automotive Ethernet to deliver the services and systems that customers want. In tandem, they also want to reduce the weight and complexity of all the wiring harnesses required to connect sensors, control subsystems, entertainment and network devices. Yet, as cars advance to become “smarter” and manufacturers adopt automotive Ethernet, how is safety ensured?
As the evolution of the connected car continues, existing safety standards need to be advanced. Instead of assessing the physical resilience of cars, the industry needs to think about how to test the network and systems. With the connected car, wireless networks will also be a key component of the car's systems, and this can expose the internal stack to external threats. For example, internal systems could very well be exposed to protocol spoofing, authentication or negative protocol behaviour-related attacks.
Existing safety requirements need to be advanced to ensure that the passengers are protected against adverse threats targeting the connected car. Before any smart car can hit the main market, it needs to be demonstrably “fit for the road.” A major component of this is testing the security and vulnerability of such transport. Pure Ethernet testing won't cut it so car production companies need to start thinking about how testing will be expanded and become part of the original equipment manufacturers (OEM) research and development process.
Whether against hobby or malicious hackers, automotive OEMs and suppliers have a duty to fully assess and validate the resiliency, conformance and security of these connected cars to ensure a stable and resilient system – starting straight from the design cycle.
A solid architecture, design and review form is the best first defence against the unknown vulnerabilities that surround the future of the connected car.
Fred Kost is vice president of security solutions marketing at Ixia