At ETAS, we like to take a holistic approach to security testing, meaning that we test individual electronic control units, but also the entire vehicle platform. Our goal is basically to secure the whole ecosystem of a connected car. As security consultants, we are specialized in ISO 21434 compliance, security strategy, training, and a variety of other fields within the automotive software domain. We consider ourselves experts in all kinds of testing methods, including functional testing, vulnerability scans, penetration testing, and fuzzing.
“In a connected world, cybersecurity is as important for your safety as the brakes”
– Ralf Speth, CEO Jaguar/Land Rover
When I started with automotive security, we were securing all electronic control units (ECUs) individually. Since then, the complexity and connectivity of vehicles have increased dramatically, creating more opportunities for potential attackers to infiltrate those systems. This change requires a completely different approach and a new set of security skills. To sum up the key developments I have witnessed during my career, I have summarized five uncomfortable truths on how to build secure automotive systems:
1. The Titanic Syndrome
In 2023, there will be 775.000.000 connected cars worldwide. The titanic syndrome states that those who put themselves in danger will perish. In the development of increasingly software-driven connected vehicles, this means that those car manufacturers (OEMs) who don’t have a security strategy will not survive, as security can be seen as an indispensable foundation of interconnectivity.
However, the main challenge is that security vulnerabilities only become visible to the public when it's already too late. Customers usually don't notice when security is cut for profits (until their car fails them). And this is why there are still so many managers who see security primarily as a cost driver.
What to do about it:
- Treat security as a strategic task
- Create security awareness throughout the entire company
- Enable security orchestration of the whole software development lifecycle
2. No Safety Without Security
Cyberattacks on vehicles have increased by a factor of seven over the last four years. Even if only a small number of those attacks are successful, the consequences can be devastating, especially as they are a potential threat to an entire fleet of vehicles.
What to do about it:
- Use original equipment from trusted partners
- Consider security during the entire lifecycle
- Enable your team (IDS, SOC, Firewall)
3. 100% Security Is Not Affordable
There are 100 million lines of code (LoC) in the new Golf 8. For comparison, in a Boeing 787, there are only 14 Million LoC! Even if your team has an excellent bug detection rate, you will still, almost certainly, miss some bugs or vulnerabilities. The challenge here is balancing the risk and the investment, meaning that you will have to decide how much risk you are willing to take.
What to do about it:
- Segment your car and define safety-critical parts
- Prioritize your security activities in the important fields
- Build resilient systems
4. Omnipresent Threat
According to the German Federal Office for Information Security (BSI), each day there are 322,000 new malware threats. If you don't find those vulnerabilities first, someone else will exploit them. The complexity of our systems is increasing dramatically. Since vehicles have quite a long lifecycle, the software complexity will increase even further while the car is on the road. This means that you will need to put in some extra effort to keep your car secure in the long run.
What to do about it:
- Find the right strategy from the beginning
- Protect all connected entities
- Ensure long-term security
5. Impending Sanctions
It's important to comply with new regulations such as the new UNECE regulations and the upcoming ISO 21434. Even if these norms aren't mandatory yet, OEMs who do not follow the rules will soon be disqualified. As if automotive software wasn’t complicated enough, these norms and regulations increase the complexity even further, which is why many developers perceive them as additional requirements.
Don’t get this wrong, regulations are very critical to facilitate the use of effective security measures, but in some cases, they can lead to over-regulation. This means that complying with norms and standards becomes more important than the actual task at hand. Regulations certainly create pressure within the industry, but they can also be an opportunity, for example, to convince the upper management to reassess their priorities. Security must come first!
What to do about it:
- Hire legal experts
- Implement a standard-compliant security design
- Implement a Cybersecurity Management System (CSMS)
“Security is not a product, but a process” - Bruce Schneier, Cryptographer & Security Expert
I'm glad to see that testing methods such as feedback-based fuzzing are emerging as a new standard in the automotive sector. Nevertheless, we need to think about automotive security in a much broader way. The security perspective has to be kept in mind during the entire software development lifecycle (SDLC). This includes the management of processes, security strategy, and company culture.
About the Author
Dr. Thomas Wollinger has been the managing director of ESCRYPT, an ETAS subsidiary, since 2007. As a pioneer in automotive cybersecurity, he has brought the company from its beginnings in 2004 to a position as one of the world’s leading providers of system solutions for vehicle data security. Today, his special focus is on the strategic development and integration of ETAS's product and solution portfolio for automotive security and beyond.