������Ƶ

Why are vehicle manufacturers so interested in cybersecurity today? Is it the prospect of driverless cars?
 

Laurent Sudarskis - It would be a mistake to think that cybersecurity in the automotive sector is just about driverless cars. Whenever a vehicle is fitted with a connected device, cybersecurity automatically becomes an issue. In fact, drivers may not even be aware that their vehicle is connected. Beyond the in-car entertainment system with its 4G or Bluetooth connection, most cars now send and receive data wirelessly across 2G or 3G networks to report on mileage, location, fuel consumption or other parameters that can help to manage vehicle fleets. In addition, whenever the vehicle goes in for a service, the garage plugs it into a diagnostics system to get all sorts of readings.

Why are connected devices such a game-changer?

LS - The benefits of connectivity are beyond dispute. But we have to remember that every connected device is a potential point of entry for hackers and cyber attackers. They can use these devices to try to gain access to other components — usually with a view to stealing the vehicle or the driver's personal details, but potentially also to disrupt vehicle operation. It could be something relatively benign, like taking control of the audio system and creating a sudden noise that would distract the driver. But in theory cyber attackers could also take control of the vehicle itself or even hijack a whole fleet of vehicles.

What can Thales do to prevent cyber attacks on connected vehicles?
 

LS - Thales is there to assist vehicle manufacturers in every aspect of onboard equipment security, from evaluating risks related to new functions to defining the security measures that need to be put in place, or checking the level of security of the equipment installed. In concrete terms, we have worked with PSA to develop a specific automotive risk analysis methodology as a first step in defining the security measures that need to be put in place. As well as developing the basic methodology, Thales also plays a more technical role. For example, we may conduct security audits and run penetration testing on vehicles to determine where vulnerabilities lie. We may analyse the connections between the in-car entertainment system and the vehicle network, or examine a manufacturer's software update processes, or assess the level of separation between the entertainment system and the vital vehicle functions.

What are carmakers doing to address cybersecurity issues?

LS - You have to remember that onboard system components were not necessarily designed from the outset to support security functions because critical performance characteristics such as steering and braking have always been at the top of the list of priorities. So it's quite a complex task to develop cryptographic or encryption functions for some of these components. There is growing awareness among vehicle manufacturers and their equipment suppliers, who now understand that cybersecurity has become interwoven with the notion of vehicle safety and dependability. They realise that cybersecurity and safety are part of the same objective, and addressing cybersecurity issues is becoming a basic reflex in everything they do. Cars are really in the process of becoming computers on wheels, and that will be even truer with the arrival of self-driving cars expected in 2020. Autonomous vehicles will need to interact closely with the road infrastructure and with other users. But the new technology will not achieve its full potential unless extremely effective cybersecurity solutions are in place.