Seven Pillars to Secure Self-Driving Cars

Blackberry has proposed seven themed pillars to address automotive cybersecurity issues.

By William Wong, Technical Editor

Sandeep Chennakeshu, president of BlackBerry Technology Solutions, recently introduced the white paper entitled “Cybersecurity for Automobiles: BlackBerry’s 7-Pillar Recommendation,” which includes many of the best practices that developers and companies are using now. These include: securing the supply chain, using trusted components, employing isolation technology and using trusted messaging between components, conducting health checks of devices in the field, using a rapid-response incident network, using life cycle management, and making safety and security part of the corporate culture.

Figure 1

Blackberry has proposed these seven pillars to address cybersecurity issues.

Creating a secure supply chain is something that is already being done in industry for a variety of reasons. It is applicable to all aspects of IoT design, not just automotive. It is required to provide the root of trust within the car, which starts with the processors used in the automotive electronic control units (ECU). It is necessary to check for vulnerabilities and certify the supply chain on a regular basis.

The use of secure hardware and software is an obvious requirement, but only one out of many. It requires security in depth that starts with hardware but is just the building block for secure software.

Isolation comes in many forms, often starting with virtual machines and hypervisors that are becoming more common in automotive systems. Secure communications, especially within the car, is a requirement. This is more than just using TLS for over-the-air (OTA) updates.

In-field health checks would take advantage of integrated analytics and diagnostics software within ECUs. This information would be sent to the cloud for analysis to detect normal operational problems as well as nefarious issues so it would be possible to initiate preventative measures such as an OTA update.

A rapid incident-response network is something that would need to be added to the mix. The network would be a place where experts from subscribing enterprises could collaborate on detecting and addressing security and safety issues.

Including life cycle management (LCM) in the pillars makes sense but it is also something that software and automotive companies already employ. It is next to impossible to build and manage systems of this sort without LCM.

Finally there is the issue of safety and security within the corporate culture. This is going to be a challenge. Safety is already ingrained in the automotive space but security is another matter. Physical security is much different that computer security. Computer security, with wired and wireless communication, has expanded the attack surface of a car more than a thousand fold.

Blackberry addresses much but not all of the pillars. For example, its QNX operating system supports and can be used within a virtual machine/hypervisor software environment. Its Certicom Asset Management System (AMS) is designed to provide a secure supply chain. Blackberry has support for aspects of LCM like secure OTA updates. Of course, Blackberry has safety and security training available.

Essentially Blackberry is highlighting the need for end-to-end security for automotive systems. There are a number of vendors working in this space such as Green Hill Software’s INTEGRITY Security Services (ISS).

One thing Blackberry’s pillars highlight is that the issues and solutions are large and need to be coordinated. They are important even before we get to fully automated, self-driving cars because cars are already chock full of electronics and each new model year only introduces more. There may eventually be a limit to the number of processors and devices within a car but we are not near that limit at this point.


Start typing and press Enter to search