Tips on IT security in the car
IT security is also playing an increasing role in the automotive sector. The networking of vehicles with each other and with their environment is increasing the number of interfaces and the attack surfaces are growing.
How can this security problem be dealt with? The experts for automotive security from msg have compiled tips on what to consider when implementing IT security in the automotive sector.
- Apply principles of IT security: The principles of classic IT security also apply in this environment. Encryption, for example, should also be applied to old transport protocols such as CAN bus. However, they need to be looked at and used in a new way, because the environment is different. Vehicles, for example, are parked, driven or, in the case of e-cars, charged. All these conditions affect security, so they must be taken into account when establishing and testing security.
- Back up hardware: The lowest vulnerable level is always the hardware. This is just as true in cars as it is in traditional IT security. If you think of chip tuning in cars, for example, any car mechanic can become an attacker, possibly even unintentionally. It is therefore important to secure the hardware in such a way that attacks are made as difficult as possible.
- Install multiple layers of safety: As in traditional IT security, security in vehicles is only as good as its weakest point. If an attacker can penetrate a poorly secured system and work his way unhindered to other systems, there is a high risk. However, if the other systems are additionally protected by further security layers, this risk is reduced. Defense in Depth - security in depth - is the keyword here.
- Import updates: Attacks are evolving so quickly that it is difficult to keep up with them. This is precisely why it is important in such a critical area as the vehicle that IT security is always up to date. Because only then can the risk of a successful attack, while not completely eliminated, at least be reduced.
- Create awareness: The most important factor in vehicle security, as in classic IT security, is to create an awareness among all those involved of the risks and how to deal with them. Because only those who are aware of the risks can take the adequate measures and thus reduce the risks.
There is one crucial risk when it comes to attacks on IT security in vehicles: "In contrast to most other attacks, human lives are quickly at stake in an attack on a vehicle. When a credit card company is attacked and user data is exposed, there is image damage as well as financial damage," explains Raphael Friedrich, an automotive security expert at msg. "While these can hit a company hard, the risk is disproportionately higher for a vehicle that can no longer be controlled. Therefore, it is necessary to ensure IT security in the car, because it directly affects the overall security of the vehicle and the integrity of people," Friedrich continues.