The Secure Connected Car solution at IAA 2017
It’s no news that in any modern car there can be up to 100 computer components. As our cars become increasingly connected, digital, and computerized, the growing number of ECUs (Electronic Control Units) create an expansive and inviting attack surface and vulnerabilities for malicious incidents. Car hacking could include hackers attempting remote exploitation or takeover, for example. This complex network requires a layered, detailed security approach. At the Frankfurt International Motor Show (IAA), IBM, HARMAN, Irdeto and Giesecke+Devrient demonstrated our joint automotive solution, the Secure Connected Car, in our booth of the New Mobility World Hall.
State-of-the-art security protection
“With over 30 years’ experience, we bring state-of-the-art security protection. Now we are adapting our solution to automotive,” explains Guiseppe Serio, IBM Solution Executive for Cybersecurity, Global Automotive. This four-layered solution combines the expertise of HARMAN, Gieseke+Devrient (G+D), Irdeto, and IBM. This technology is primarily aimed at OEMs (Original Equipment Manufacturers), but is also useful in other cases, such as Fleet Management.
HARMAN, global leader in connected car technology, detects changes to the vehicle’s network. These can manifest through inside attacks (through USBs or dongles, for example) and outbound attacks (cellular network, WiFi, SMS, Bluetooth, etc). Harman’s SHIELD Platform and two security agents (ECUShield and TCUShield) were integrated with the IBM QRadar Security Intelligence Platform in June 2017 to counteract malicious incidents.
“The automotive cybersecurity space has been transitioning in the last year into its maturity phase, and it’s becoming evident that security is a collaborative effort,” says Asaf Atzmon, HARMAN’s Director for Business Development & Marketing, Automotive Cybersecurity. “As the market leader in this space, HARMAN is pleased to extend our partnership ecosystem, working with three security leaders to deliver an industry-first cybersecurity system that will allow OEMs and fleet managers to benefit from a truly defense-in-depth security solution.”
Irdeto, a Dutch software security company and world leader in digital platform security, forms another layer in the end-to-end solution. It detects changes in the software of ECU (Electronic Control Unit), which provides the vehicle with computing orders and instructions. This protects against malicious behavior, against hardware or from input. “IBM is the first to provide a best of breed end-to-end cybersecurity solution for the automotive industry” says Daniel Thunberg, Global Head, Internet of Things at Ideto, as he explained this layered approach to secure vehicles from malicious attacks.
Giesecke+Devrient is a global company. Mobile Security is their business unit, which serves mobile operators, banks, and enterprises, securing billions of digital identities throughout their entire life cycle. Just expanding into Automotive, G+D Mobile Security offering already holds 50% of the market share for eSIM cards, those which are embedded and programmable in our vehicles. The G+D Automotive Security Management Framework (ASMF) allows role-based access management for cars, using a PKI (Public Key Infrastructure) isometric system.
How do you react to malicious incidents?
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. In this solution, we focus on providing technology for monitoring, in the way that a security guard might watch several different security cameras. The log data is aggregated in the vehicle, IBM’s QRadar is a SIEM (Security Information and Event Management) tool, which collects general information as well as combining all log data from our three partners. This tool monitors the different sources in real-time, correlating and analyzing data, learning patterns of normal behavior.
Like an immune system, working from the inside, this multi-vendor solution protects vehicles from the cyber dangers of its environment. It also brings visibility to abnormal security events from all angles, translating them into actionable insights, to provide robust security technology.
If you’re interested in learning more about secure connected vehicles, you might find these resources useful: