The Automobile Industry Information Sharing and Analysis Center (Auto-ISAC) recently published its best practices for securing vehicle computer systems based on input from more than 50 automotive cybersecurity experts.
The document says manufacturers should concentrate on seven security principles, including risk assessment and management, threat detection and protection, incident response, collaboration with third parties, better governance, and security awareness and training.
Attempts to fortify automotive systems usually fall into one of two categories: either using cryptography to enforce behavior and trust between systems, or adding the ability to identify and mitigate an attack. Such approaches face the challenge of the protracted development cycle for vehicles, with Rubicon Labs' Rod Schultz noting, "it is very difficult when you have the massive fragmentation that you have in this industry to get any one sweeping change to happen."
Meanwhile, University of Michigan researchers this month at the USENIX Security Symposium in Austin, TX, will describe a way to detect attacks using a intrusion-detection system based on knowing the timing of standard messages sent between components connected via the controller area network bus. Michigan postdoctoral researcher Kyong-Tak Cho says the method does not require manufacturers to change anything, because "it runs independently on one node that can fingerprint others and then verify and authenticate the messages."
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found