Insights / Blog

Cybersecurity Solutions for Connected and Autonomous Vehicles

By

on

QAC EmTech
QAC Emerging Technologies Quality Assurance

This monthly newsletter will focus on QAC’s activities regarding R&D, Connected Vehicles, Cognitive Autonomous Systems, Artificial Intelligence, Internet of Things, and Blockchain Quality Assurance Services.

FOCUSED ON THE FUTURE

Leading the way

Welcome to the twelfth edition of the EmTech newsletter. In this edition, we’ll be sharing more about state-of-the-art of automotive cybersecurity. Now that we have discussed the types of cyber-attacks in CAV as well as the defense mechanisms available in previous newsletters, we will now revisit these topics but focus on industry offerings and practices as opposed to those recommended in the academic research community.

Welcome to our 12th edition of our EmTech Quality Assurance Newsletter

Keeping you informed

 

Our emerging technologies quality assurance workstreams

R&D and Grant Projects

Research and development of new technologies that position QAC to become a world leader in quality assurance services.

Connected Vehicles

Testing and Quality Assurance services exclusively developed to provide integration testing services for highly connected vehicles.

Cognitive Autonomous Systems

Fully automation of testing and quality Assurance services exclusively developed for Cognitive Autonomous Systems

Cybersecurity, IoT, AI, and Blockchain

Focus on developing new technologies that utilizes AI to address QA challenges on Cybersecurity, IoT, and Blockchain domains

Industry offerings for cybersecurity

It is important to note that the focus on CAV research is equally strong in both industry and in academia. Many companies have begun to research into CAVs and develop their solutions for certain aspects of the concept. This newsletter will focus on organizations who have begun to research and develop security solutions for the emerging sector. Various industry services/offerings can be grouped in three different areas: Cybersecurity Solutions for CAVs, Cybersecurity Testing Services for CAVs, and Environment Simulation for CAVs.

Cybersecurity solutions for CAVs

Many companies are already offering and developing cybersecurity solutions for connected and autonomous vehicles. These solutions can address a specific aspect of security or provide an overall framework for a vehicle to abide by.

For example, Trustonic currently offers a specific solution for secure digital mobile keys. This solution enables vehicle owners to replace traditional car keys and fobs with a secure digital key on their mobile.They provide a successful case study using this solution with the popular car manufacturer Hyundai. The company also provides various other solutions, such as their Trusted Execution Environment focused around securely executing code in vehicles.

Companies such as Escrypt and Blackberry Certicom have solutions developed for a Secure Credential Management System. These systems are based on Elliptical Curve Cryptography tailored to a Public Key Infrastructure for CAVs and Lynk & CO.

Last but not least, Penta Security has been developing several cybersecurity tools for CAVs since 2007 and now provides them under their solution suite called AutoCrypt. AutoCrypt contains many solutions for vehicle security, such as implementing secure communications within a vehicle, controlling traffic flow, key management, and malicious access detection.

Cybersecurity testing services for CAVs

Overall, in the industry, there are several companies providing cybersecurity solutions for connected and autonomous vehicles. These solutions are expected to be further refined and new ones developed similar to theV2X technologies.

Aside from the development of cybersecurity solutions,many vendors have begun to offer cybersecurity testing services for CAVs. As with any technology, when developing a solution, it is important to consider the security of the system early on.

As such, many of these companies offer their expert knowledge to identify vulnerabilities in the design, code, execution environment, and more. These organizations have dedicated teams that are well-versed in “CAV concepts and security best practices”. Thus, they leverage this skill to provide consultation services.

Nettitude, for example, is a company focused strictly on providing cybersecurity services for their clients. They have created a dedicated practice for Connected Vehicle Cybersecurity services where they provide input on design, specification, and implementation of AWS. They can achieve this through dynamic analysis, static analysis, unit testing, and more; often meeting or exceeding current connected vehicle standards such as ISO 26262 or SAE J3061.

Similarly, Synopsys is another organization that offers cybersecurity testing and consultation services for CAVs. Their offerings are similar to Nettitude and their service also focuses on a review of the entire systems development lifecycle and supply chain. This would include testing of the CAN bus, the vehicle ecosystem, embedded code review, and more to provide a wide range of services as needed.

The tech-giant, IBM, has also extended its consulting services to include automotive security through the X-Force Red division. This team is a special unit within IBM offering penetration testing services. Their offering for automotive security includes security design, testing, and remediation services. The team consists of experts and experienced hackers to conduct manual tests and identification of vulnerabilities in the system, and also leverage IBM’s comprehensive Threat Landscape resources. Similar to cybersecurity solutions, it can be expected that vendors offering cybersecurity services will also continue to grow as the technology is developed.

Environment simulation for CAVs

The industry has recognized that Connected and Autonomous Vehicles will continue to grow in usage around the world, and accordingly, companies have begun to develop cybersecurity offerings to address the usage of this technology. Some organizations have taken direction to develop solutions to secure the usage of CAVs, where others have focused more on providing consultation and testing services for security against their clients developed solutions. A few are offering a simulation environment to foster the secure development and growth of CAV technologies. Nevertheless, the approach is taken, most companies in the industry have established the need for cybersecurity in CAVs and working fast to develop an offering to address those needs.

Companies such as Spirent and DanLaw, both offer their own unique environment simulation toolsets. The solutions are designed to test individual or multiple Electronic Control Units against a simulated environment. The solution usually consists of many components such as an emulation software for other vehicles and v2x devices, a radio frequency transmitter for producing the communications to the ECU, and GPS signal transmitters to list a few. The goal of these companies is to provide a virtual environment where testing for CAV development can be completed. This can include testing of cyber-attacks, which, for example, Spirent offers through their V2X testbeds. Alternatively, agencies such as Invest Ottawa have also spun up initiatives such as Ottawa L5, which provides a full testing ground for the development of CAVs. These facilities include isolated tracks and roads that offer infrastructure supporting V2X communications. They also provide an environment through which cyber-attacks and threats can be safely researched and developed. In short, through multiple means, companies are providing solutions that can be used for the development and testing of the cybersecurity of CAVs to simulate real-world scenarios.

During this initial phase of development in connected and autonomous vehicles, cybersecurity testing and consulting services maybe very valuable for organizations to develop secure solutions. One method to test a developed solution or service is to run it through a simulated environment, and as such a few companies have begun to offer environment simulation tools for the development of V2X solutions.

STAY TUNED

Coming next month

This newsletter will be the last issue of the series of newsletters on cybersecurity of connected and autonomous vehicles (CAVs) that have been distributed to you over the past five months. More topics to come soon! Stay tuned to our next newsletter.

Our partners:

 

 

 

Recent thought leadership

[qac-carousel id=”20158″]