Home Security BlackBerry addresses smart vehicle security

BlackBerry addresses smart vehicle security

Security vendor BlackBerry has unveiled a "seven-pillar" strategy to harden connected and autonomous vehicles against cyberattacks.

Thanks to its 2010 acquisition of QNX, BlackBerry has extensive experience in automotive software.

The company has used this expertise to develop a framework that it says will, if applied by the automotive industry, significantly improve the security of connected and autonomous vehicles.

Here's the potted version of the recommendations:

  • Secure the supply chain: Establish a root of trust by ensuring every chip and electronic control unit (ECU) in the automobile can be properly authenticated and loaded with trusted software, irrespective of vendor or manufacturer. Scan all software deployed for compliance to standards and required security posture. Conduct regular evaluations of the supply chain from a vulnerability and penetration testing perspective to ensure they are certified and 'approved for delivery.'
  • Use trusted components: Create a security architecture that is deeply layered in a defence in depth architecture, with secure hardware, software, and applications.
  • Employ isolation and trusted messaging: Use an electronic system architecture that isolates safety critical and non-safety critical ECUs and can also 'run-safe' when anomalies are detected. Additionally, ensure all communication between the electronics in the automobile and the external world are trusted and secure. Further, ECU-to-ECU communication needs to be trusted and secure.
  • Conduct in-field health checks: Ensure all ECUs have integrated analytics and diagnostics software that can capture events, and are able to log and report the same to a cloud-based tool for further analysis and to initiate preventative actions. Moreover, automakers should confirm that a defined set of metrics can be scanned regularly when the car is in the field, as well as be able to take actions to address issues via secure over-the-air (OTA) software updates.
  • Create a rapid incident response network: Share common vulnerabilities and exposures among a network of subscribing enterprises so expert teams can learn from each other and provide advisories and fixes in shorter time frames.
  • Use a lifecycle management system: Proactively re-flash a vehicle with secure OTA software updates as soon as an issue is detected. Manage security credentials via active certificate management. Deploy unified endpoint policy management to manage applications downloaded over the lifetime of the car.
  • Make safety and security a part of the culture: Ensure every organisation involved in supplying auto electronics is trained in functional safety and security best practices to inculcate this culture within the organisation.

The full white paper Cybersecurity for Automobiles: BlackBerry's 7-Pillar Recommendation is available for download.

"Protecting a car from cybersecurity threats requires a holistic approach," said BlackBerry Technology Solutions president Sandeep Chennakeshu.

"Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats. If followed, we believe vehicles will not only be secure but BlackBerry Secure." 

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.