Intel Security is taking steps to improve cybersecurity in automobiles with the launch of a new review board dedicated to connected cars and a report outlining best practices for manufacturers.
The Automotive Security Review Board (ASRB) will involve experts from across the globe working on security tests and audits to establish best practices and recommendations for in-vehicle cyber security.
Intel said it’s donating its automotive advanced development platforms to the research team to help with their work.
Meanwhile, the white paper launched today outlines a few key areas of best practice in cybersecurity for connected vehicles.
It begins by warning that security must be included right from the start – in the vehicle’s design phase.
Technologies to consider include “secure boot, trusted execution environments, tamper protection, isolation of safety critical systems, message authentication, network encryption, data privacy, behavioral monitoring, anomaly detection, and shared threat intelligence.”
As part of the “institutionalized process” of designing security into automobile manufacture, firms should look to code reviews, pen-testing at a component and system level, and continuous validation of maintenance and upgrade plans, the report claims.
Once on the road, continuous threat analysis and risk assessment is a must to lock down any newly discovered vulnerabilities. Over-the-air upgrades could help in this, Intel Security added.
“This paper is a call for action to the automotive industry to work together on improving security of vehicles and transportation systems to such a degree that attacks will be hard to execute while preventive and mitigation techniques are in place to react to vulnerabilities quickly and before widespread damage can be done,” the executive summary notes.
“Together, the goals of trusted vehicles, secure cars, and a confident user experience are achievable.”
Intel Security EMEA CTO, Raj Samani, argued that although we’re yet to see theoretical attacks against connected cars translate into real world threats, “it is just a matter of requiring a motive.”
“Generally, cyber-criminals take action with the aim of financial gain, political or social activism, or even as part of a larger scale state-sponsored attack. Now that the vulnerabilities of connected cars have been identified, it is just a matter of time before attackers find a means to use this as an opportunity to fulfill one of these motives,” he told Infosecurity.
“We’ve developed the Automotive Security Review Board to stay one step ahead of cyber-criminals and secure vulnerabilities before hackers have the opportunity to turn this potential risk into a dangerous reality.”