& cplSiteName &

ATIS: Connected Car Security an Industry-Wide Issue

Carol Wilson
8/10/2017
50%
50%

ATIS is weighing in on the heavy topic of securing connected cars, issuing a whitepaper intended to further promote collaboration between the communications sector and the automobile industry.

The whitepaper, "Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives," is just the latest step in efforts to make sure the software framework of connected cars is properly established to enable tight security in a complex multi-connection future for automobiles.

The Alliance for Telecommunications Industry Solutions (ATIS) is already a strategic partner of the Auto ISAC, or Information Sharing and Analysis Center, an industry organization that allows car manufacturers to share best practices and information on problems that arise, notes Tom Gage, CEO and managing director of Marconi Pacific and chair of ATIS' Connected Car Cybersecurity Ad Hoc Group.

"Connected car is arguably the biggest area of IoT where there is a high risk or certainly one of them," he says in an interview. "There is a high risk to software downloads and uploads, there is a high risk ultimately to vehicle control, there is high risk to a whole class of vehicles or a set of makes and models winding up with malware intrusion because of structure of software or their security firewalls work."

ATIS membership includes the wireless operators, who are already heavily engaged with the automotive industry already as well as the chip makers, software developers and others engaged in the connected car sector as well, so the organization's interest in seeing security well-established in this sector is strong, Gage notes. Each of those industry players is expected to be engaged in establishing a secure software framework for connected cars.

And while much of concern has been on how network connections into a car might increase vehicle vulnerability, there is also the possibility that a connected car becomes a vector in an attack on the network, says Jim McEachern, senior technology consultant for ATIS.


Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.


One of the near-term goals of the white paper and collaboration effort is to establish a better set of best practices for securing connected cars, Gage says, but longer term, ATIS is hoping to "determine what the best structure is for securing the vehicles and securing the delivery of network functionality to those vehicles' communications paths," he says. "So we have innumerated the communication paths to the vehicle and we have recognized that there are a bunch of initiatives that we could undertake together."

Those are being proposed as discussion points, not in an effort to dictate outcomes, he says, but to raise things that need to be considered.

One example Gage and McEachern cite is the car that is connected via one mobile operator but might be carrying people connected via Bluetooth to the car but using other mobile networks and moving through locations where there are WiFi connections using still other network operators.

If any one of those connections is not properly secured -- including the car's own connection firewall -- then all are at risk, McEachern notes. That's why it's not enough to just secure the car itself, and why an industry-wide approach is required.

ATIS has been in conversation with the Auto ISAC for a year and is hoping the white paper focuses future discussions both with that group and with individual automakers, Gage says.

— Carol Wilson, Editor-at-Large, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
kq4ym
50%
50%
kq4ym,
User Rank: Light Sabre
8/23/2017 | 5:15:35 PM
Re: Complacency - Still
I wonder if there's already some coordination among those in the aviation industry to protect data and increase security of the avionics and digital devices in aircraft. If so, I would guess there could be some lessons learned from that group that would also apply to cars and land vehicles.
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
8/10/2017 | 5:41:57 PM
Re: Complacency - Still
There are lots of different aspects to "connected car" beyond the self-driving thing. But even just focusing on that, human error happens in isolated incidents. Security breaches have the potential to happen on a massive scale. We need to understand and accept that as we move into this brave new world -- just as we have to accept that no digital system will ever be 100% secure.
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
8/10/2017 | 5:33:08 PM
Re: Complacency - Still
Well it could be argued that bad drivers kill more people than cyber-criminals on a regular basis. So self-driving cars that are secured to the best of the industry's abilities might still reduce the loss of human life. 
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
8/10/2017 | 4:18:37 PM
Re: Complacency - Still
In an age where we all pretty much can be frightened out of our wits by bad guys doing bad things on a massive scale, it's both reassuring and flat-out terrifying to know that we're still in eager pursuit of systems and technologies that would allow even worse things to happen. Gotta love the human race.
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
8/10/2017 | 2:08:05 PM
Re: Complacency - Still
Good point Patrick, and one of the intentions of this initiative from ATIS is to look at the software architecture itself. It sounds like there are folks within the automobile industry acknowledging the issues and seeking solutions, but whether their voices will be heard at the top of their own companies might still be an issue. 
HardenStance
50%
50%
HardenStance,
User Rank: Moderator
8/10/2017 | 1:26:51 PM
Complacency - Still
 

Important article, Carol.

The extent to which insecure devices are filling up our homes is well understood. The ongoing deployment of insecure "things" in many enterprise uses cases is also well undesrtood.

The volume of flaws that are being revealed in connected car solutions by security testing is not so well understood, I don't think.

Some test results aren't just showing that a connected car solution vendor needs to go back and fix this and that but that, actually, their entire architecture needs be re-thought from the ground up from a security perspective.

That shouldn't be alarming from a safety perspective -  reputable car makers will ensure that insecure products never make it to the assembly line.

But it is sobering from an ICT ecosystem perspective in that it means that even in the case of  connected cars - which eveyone knows very well require bullet-proof security -  too many vendors still aren't living by the 'security first' mantra to a high enough standard.

 
Featured Video
From The Founder
Light Reading is spending much of this year digging into the details of how automation technology will impact the comms market, but let's take a moment to also look at how automation is set to overturn the current world order by the middle of the century.
Flash Poll
Upcoming Live Events
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 2, 2017, 8 Northumberland Avenue – London
November 10, 2017, The Westin Times Square, New York, NY
November 16, 2017, ExCel Centre, London
November 30, 2017, The Westin Times Square
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Muni Policies Stymie Edge Computing
Carol Wilson, Editor-at-large, 10/17/2017
Pai's FCC Raises Alarms at Competitive Carriers
Carol Wilson, Editor-at-large, 10/16/2017
Is US Lurching Back to Monopoly Status?
Carol Wilson, Editor-at-large, 10/16/2017
'Brutal' Automation & the Looming Workforce Cull
Iain Morris, News Editor, 10/18/2017
Worried About Bandwidth for 4K? Here Comes 8K!
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 10/17/2017
Animals with Phones
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed
Partner Perspectives - content from our sponsors
The Mobile Broadband Road Ahead
By Kevin Taylor, for Huawei
All Partner Perspectives