Defense in Depth: How can automotive systems possibly be cyber-secure against unknown future threats?

Silicon Lifecycle Solutions provide Defense in Depth

By Lee Harrison, Siemens EDA (a member of the Secure-CAV Consortium)

One of the biggest challenges we come across when thinking about vehicle cybersecurity is the question of providing long-term resilience. Vehicles are typically years in development. They stay on the road for a further eight years, on average. How can the designs of today remain cyber-secure over such a long period?

It’s a question we addressed at the first meeting (virtual, of course!) of the Secure-CAV Advisory panel, which took place last week. The Panel – a top automotive OEM, a major semiconductor IP vendor, a chip maker, and a management consultancy – were joined at the meeting by members of the Secure-CAV Consortium.

The distinguished panel has been set up to help guide the Secure-CAV project in its mission to drive the development of cybersecurity solutions for connected and autonomous vehicles.

A panel allows us to test the thinking and to explore how the industry sees the future threats and potential approaches to cybersecurity solutions in connected and autonomous vehicles (CAVs). This is the first in a series of two blogs covering topics that came out of the panel discussions.

So, what did the panel have to say about this question of long-term cyber-resilience in the automotive market?

Of course, future system complexity – especially with CAVs – significantly changes the equation and level of risk, but regulations also evolve to ensure all vehicles are not only safe (ISO 26262) but cyber-secure (ISO 21434 and the forthcoming WP.29/GRVA).

Infrastructure to support the continued compliance of these CAVs includes over-the-air (OTA) updates, but how can systems adapt as technology continues to move forward and new threats emerge?

The fundamental issue with defending against potential future threats is always that they are largely if not completely unknowable. The source of the threat, the hacker, their motivation (to harm? to steal? to disrupt or undermine?), and even the chosen ‘entry point’ for an attack: all are unknown.

So how do you defend against something that’s unpredictable and unknowable? The challenge of hacking into a car can be thought of like the process of peeling an onion: how many layers do you have to strip away to get to the ‘prize’. Here at Siemens EDA, our Silicon Lifecycle Solutions apply this thinking to cyber-secure embedded systems in a strategy of Defense in Depth. Rather than a ‘fit-and-forget’ strategy to design: the automotive systems must be capable of receiving in-life updates to stay ahead of the threats and to comply with evolving regulations and industry standards. This applies down to the component level and within each of the hundreds of critical ECUs (Electronic Control Units).

But it’s not simply about updates: embedding intelligent monitoring into the system at the individual component level means that unexpected changes and behaviors can be logged, tracked and reported back to the user or the automotive OEM. These, of course, could be threats or hacking attempts. By adding layers to ‘the onion’ from the inside out, we are providing a proactive Defense in Depth infrastructure, and at the same time building a more robust and intelligent defense which can adapt ‘in-life’ to the evolving threat landscape.

And that brings us onto the second topic: the shifting responsibility in securing the vehicles of the future. Look out for my next blog for more on this.

You May Also Like