””

Security must drive design of driverless cars

Car manufacturers worldwide are using more advanced technologies in vehicles to increase connectivity with Internet-enabled devices to reap the full benefits of automation. In Singapore, this concept has already been brought to life. Driverless cars have been built by various research institutions, such as the Agency for Science, Technology and Research (A*Star) and Nanyang Technological University.

Recently, the Government announced the launch of a public driverless vehicle trial at Gardens by the Bay, aimed at gaining valuable insights to help prepare for the onset of autonomous vehicles in the city state.

However, better interconnectivity among devices and vehicles can cause some serious cyber-security issues. With the Internet of Things (IoT), more devices are connected over the cloud, which means any weakness found within the network can be easily exploited by attackers. They may be able to conduct a complete remote hijacking of a moving vehicle for malicious purposes. This is especially appealing to cyber-espionage or terrorism groups, as hacking a system can mean instant access and control over an entire fleet of vehicles.

For example, in July this year two cyber-security researchers demonstrated the ability to wirelessly take control of a moving Jeep Cherokee from a remote location over 10km away. The researchers estimated that more than hundreds of thousands of cars on the road may be vulnerable to this kind of exploit.


An autonomous self-driving vehicle at a demonstration at Gardens by the Bay in October. Better interconnectivity among devices and vehicles can cause serious cyber-security issues, such as the remote hijacking of a moving vehicle for malicious purposes. PHOTO: REUTERS

The hacking of the car was made possible via a loophole in the software. Right after the hacking demonstration, the manufacturer released a patch for this vulnerability. However, owners of the affected cars must manually install the patch and this can be done only during their next visit to their automotive dealer. This means that most of the affected car owners will be left vulnerable in the meantime.

Unfortunately, discovering loopholes only after they have been exploited is a frequent scenario that plays out in IT departments across the globe. Therefore, an expanded perspective on security requirements needs to be considered well in advance of new Internet-enabled products hitting the market.

In fact, with our personal devices connected to the vehicles over the cloud, sensitive personal data, health records, corporate data, national security, public utilities, and now the lives of anyone riding in a connected vehicle are at stake and it becomes even more important for "connected" devices to be properly secured.

There are three key areas where the cyber-security industry, network providers, and vendors of IoT products must fundamentally adjust their collective mindsets.

DETECTION VERSUS PREVENTION

Many in the IT industry have been convinced that because it's so difficult to prevent advanced attacks, we should all give up and focus on detecting and responding to breaches. This does not translate well in the world of connected vehicles, and frankly was never a good argument in the IT environment either.

It is much easier to detect something that has already been hacked than it is to prevent it. However, in spite of ensuring regular detection and patching of vulnerable systems and applications, it is generally too little, too late.

For autonomous vehicles, once a vehicle is hacked, the lives of passengers are already in danger. Using a prevention-based approach where an attack is detected before it happens is a much safer choice. You will be working towards something that will ultimately provide far more value and, in this case, could even save lives.

MICRO-SEGMENTATION

Attackers looking to hack an automobile or a mobile device only need a publicly available wireless network in order to gain access to the device connected on the same network. However, most customers expect a secure mobile network where only authorised connections are allowed, and they may not be prepared for the possibility of an attack from outside networks.

Micro-segmentation, which divides a network using network switches, should be advocated in order to limit access to incoming connections. It limits the scale of an attack by allowing all incoming connections access to only a small fraction of data at a time while scanning for vulnerabilities. This ensures that only legitimate traffic is allowed and only to the correct places.

SECURE PRODUCT ARCHITECTURE

Organisations must take a security-centric approach to the design of their Internet-enabled products.

Rather than focusing on how the product should work, begin with the assumption that anything connected to the Internet will be at risk, and then design the product accordingly.

When designing a car, vendors should ask themselves: Does a car need to be connected to the Internet at all times or should there be an option to disconnect it when necessary?

Does the Internet-connected component of the car need to be able to communicate with the brakes, transmission and other critical systems?

Can it be isolated to communicate only with the navigation, entertainment and other conveniences that require Internet connectivity?

Once these details have been determined, vendors will have a better idea on possible security loopholes and make more informed decisions to better secure an Internet-enabled product.

The age of IoT brings a lot of benefits but the risks cannot be overlooked. Prevention of potential attacks is the only viable path forward and ought to be applied to every industry that deals with Internet-enabled products and devices.

Enterprises need to properly segment their network traffic, and allow only legitimate users and protocols to help prevent exploitation of vulnerabilities.

In addition, it's very important to make sure all security bases are covered when it comes to securing IoT devices by using a security-centric approach to identify loopholes when designing Internet-enabled products.

• The writer is Vice-President and Regional Chief Security Officer, Asia-Pacific, Palo Alto Networks, a cyber-security company with Asia- Pacific headquarters in Singapore.

A version of this article appeared in the print edition of The Straits Times on December 19, 2015, with the headline 'Security must drive design of driverless cars'. Print Edition | Subscribe