Why SOC for Automotive?

Some history background

 

Cars have massively evolved in the past decades (centuries already!). Everything started with steam-based machines around the mid-1700s. In the late 1800s, Karl Benz introduced a significant change in the car industry by building the first car powered by an internal-combustion engine. This triggered the mass production of cars, as everything ran faster right after that.

In 1922, Lancia Lambda was the first car to have a unitary body. In 1935, cars started to include the turn signal to indicate the driver’s intentions to others: one of the first interactions with their direct environment. In 1948, a blind man named Ralph Teetor developed the first modern cruise control. In 1963, Porsche released the first 911 -nothing to do with this article, but it’s always good to talk about the best car in history! Then, the car industry began focusing on building more and better cars from a mechanical perspective. But today, we care about technology.

Technology in cars started to appear in the 1960s with electric windows, anti-lock brakes in 1971, and digital dashboards in 1974. Nothing linked to cybersecurity yet. This realm started to become meaningful with the launch of the first “connected car” in 1996 when some models were able to call the emergency services in case of an accident. Since then, cars have been aggressively adopting digital technologies aiming to improve the driving experience and maximize productivity.

Today, a car has hundreds of sensors to capture data like multiple ECUs (engine control units) to control every function with automated responses based on data provided by the sensors. It also has 4G connectivity either for maintenance purposes (e.g. connect back to the car manufacturer, to the emergency services provider or the car fleet owner) and in-car entertainment (e.g. Wi-Fi or Bluetooth connectivity to connect to the car-info system, surf the internet or third-party apps); car digital services, and we keep counting.

The challenge

Unfortunately, such a rapid evolution comes at a cost. More specifically, a “security” cost. We have seen too many times designers and developers underestimating the value of secure software development, providing car technologies with security bugs on top of the intrinsic security risk related to its functions.

From a cybersecurity services provider’s perspective, we can effectively think of a car as one of our customers’ branch offices. It has plenty of technology communicating from inside and outside the vehicle, moving valuable data around -either business information or information relevant for the car control and safety- among different technical components as well as human beings.

At this point, we can already realize the vast security threat landscape impacting connected cars today. They inherit all the threats from an enterprise IT environment plus all the ones related to a moving vehicle. The most important one being the impact on humans safety which one of the worst associated risks.

We have already seen multiple well-publicized security breaches (e.g. Tesla S, Chrysler Jeep, Nissan Leaf,). As autonomous driving systems increase in number, we expect these attacks to rise in the coming years.

 

The solution

At Atos, we have developed security solutions and services to protect the connected car ecosystem. Some of them include:

Connected vehicle platform

(Worldline’s platform for secure
communications and fleet services assurance)

IDnomic secure elements

(implemented into existing
ECUs to encrypt V2X messages)

IDnomic C-ITS PKI
(IDnomic’s Cooperative Intelligent
Transport Systems solution
providing Public key infrastructure
(PKI) technology to secure V2X
(vehicle-to-everything communications).

We also collaborate with an ecosystem of vendors providing specialized security controls either for in-vehicle security,
network assurance or back-end protection.

Conclusion

But there is yet a critical component that deserves further development and is getting attention from car manufacturers and fleet operators from a security perspective: a security operations center (SOC) for automotive. A service providing full visibility, detection and response to threats that target their connected cars and associated services. So here we are, running proof of value (PoV) with top vendors like Argus, Upstream, or Cybellum and looking forward to extending our Prescriptive SOC concept into the Connected Cars world.

Despite the COVID-19 situation, the globally connected car market size is expected to reach USD 53.9 billion in 2020 and is projected to reach USD 166.0 billion by 2025, at a CAGR of 25.2% from 2020 to 2025.

Related resources

Build trusted and secure Intelligent Transportation Systems with the ITS solution.

Bring trust to Intelligent Transportation Systems with a cybersecurity and standardization approach.

The pace of digital change will never be as slow as it is today as the digital economy will continue to accelerate in the coming years, unleashing new digital disruptive innovations.

Interested in next publications?

 

Register to our newsletter and receive a notification when there are new articles.