Tech
BlackBerry outlines framework to secure connected and autonomous Vehicles
While the integration of technology and connectivity in automobiles greatly improves the driving experience, it also creates complex cybersecurity challenges for automakers. To address these new concerns, BlackBerry Limited has laid out a recommended framework which it claims can harden connected and autonomous vehicles against cyberattacks.
“Protecting a car from cybersecurity threats requires a holistic approach,” said Sandeep Chennakeshu, President of BlackBerry Technology Solutions. “Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats. If followed, we believe vehicles will not only be secure but BlackBerry Secure.”
Within this framework automakers and their supply chains can deploy their technology choices to differentiate.
BlackBerry’s recommendation leverages the company’s proven expertise in security and accounts for industry trends in connectivity and automated driving.
The key points, outlined in the whitepaper titled “Cybersecurity for Automobiles: BlackBerry’s 7-Pillar Recommendation,” are summarized below. The full version of the whitepaper can be downloaded here.
- Secure the supply chain: Establish a root of trust by ensuring every chip and electronic control unit (ECU) in the automobile can be properly authenticated and loaded with trusted software, irrespective of vendor or manufacturer. Scan all software deployed for compliance to standards and required security posture. Conduct regular evaluations of the supply chain from a vulnerability and penetration testing perspective to ensure they are certified and “approved for delivery.”
- Use trusted components: Create a security architecture that is deeply layered in a defense in depth architecture, with secure hardware, software, and applications.
- Employ isolation and trusted messaging: Use an electronic system architecture that isolates safety critical and non-safety critical ECUs and can also “run-safe” when anomalies are detected. Additionally, ensure all communication between the electronics in the automobile and the external world are trusted and secure. Further, ECU-to-ECU communication needs to be trusted and secure.
- Conduct in-field health checks: Ensure all ECUs have integrated analytics and diagnostics software that can capture events, and are able to log and report the same to a cloud-based tool for further analysis and to initiate preventative actions. Moreover, automakers should confirm that a defined set of metrics can be scanned regularly when the car is in the field, as well as be able to take actions to address issues via secure over-the-air (OTA) software updates.
- Create a rapid incident response network: Share common vulnerabilities and exposures among a network of subscribing enterprises so expert teams can learn from each other and provide advisories and fixes in shorter time frames.
- Use a lifecycle management system: Proactively re-flash a vehicle with secure OTA software updates as soon as an issue is detected. Manage security credentials via active certificate management. Deploy unified endpoint policy management to manage applications downloaded over the lifetime of the car.
- Make safety and security a part of the culture: Ensure every organization involved in supplying auto electronics is trained in functional safety and security best practices to inculcate this culture within the organization.
BlackBerry has developed and is developing innovative technologies, tools, and services for each of these 7-Pillars.
The company will demonstrate its vision for connected cars and autonomous vehicles at the 2018 Consumer Electronics Show in Las Vegas on January 9-12 (Booth #7523, North Hall).
-
Civil Society2 weeks ago
Over 10,000 sign petition urging Singapore to expedite recognition of the State of Palestine
-
Crime5 days ago
Singapore police did not arrest fugitive due to no request from China
-
Community7 days ago
Jalan Besar residents question MP Josephine Teo on Gaza and border policies
-
Opinion1 week ago
Media silence on sensitive issues highlights a troubling pattern of selective reporting
-
Community2 weeks ago
HSA: Officers authorised to enter premises without warrant to enforce e-vaporiser laws
-
Media3 days ago
CheckMate faces scrutiny over government ties, GE2025 focus, and uncritical ST coverage
-
Comments1 week ago
Netizens criticise HDB for addressing official letter to PAP advisers before elected opposition MPs
-
International2 days ago
Israel conducts large-scale military operations in Syria and seizes Golan Heights positions