Automotive Cyber Security – Security for the networked vehicle

  • Mobility
  • Networking
  • Smart vehicle

Every new car will be networked by 2020. New mobility concepts, such as car sharing, assistance services or even autonomous driving – a connection to the internet is always required for all of these. The more functions in a vehicle that are controlled by data over the air interface, the more important it is to ensure a high level of security here. The malfunction of critical systems or a hacker attack could have disastrous consequences.

On the subject of automotive cyber security, it is a matter of making all connections with the networked vehicle secure and protecting the vehicle against attacks. As this must be guaranteed over the entire life cycle, it gives rise to completely new questions, e.g. from technical, legal and economic points of view. To be able to offer a comprehensive consulting package here, AGGA Digital – formerly GIGATRONIK – has joined forces with Ernst & Young (EY) and Code White and has pooled technical expertise with method knowledge and hacking know-how. In the interview, Dr.-Ing. Achim Wohnhaas, member of the executive board of Embedded Solutions, and Ulrich Baby, responsible for the topic of Embedded Cyber Security at AKKA Digital, explained what advantages this cooperation offers to an OEM.

Facing the risks appropriately

  1. Security concept over the entire product life cycle
  2. Implementation of the risk analysis through to the simulated hacker attack
  3. Sustainable integration by means of procedural standards, independent audits and certification

”Our constellation and the associated expertise are unique on the market.”

Short interview with Dr.-Ing. Achim Wohnhaas of the executive board of Embedded Solutions, and Ulrich Baby, responsible for the topic of Embedded Cyber Security at GIGATRONIK

Ulrich Baby
Responsible for the topic of Embedded Cyber Security at AKKA Digital 

What is the cooperation between GIGATRONIK – today AKKA Digital –, EY and Code White about?

Many different players must be brought together in order to network a vehicle securely: These are of course our contacts in electronics development, but also many areas in OEM must join in here. So this is about legal aspects e.g. – who is responsible for security in the end? – or about a new business model, as security must be provided over the car's complete life cycle, regardless of the current owner. This sector is already technically very broad; what is crucial is to integrate these technical solutions into the complex product development process. We bring our experience from 15 years of electronics development, EY has extensive methodical expertise and Code White is one of the most distinguished providers of penetration testing in the automotive sector. Together we have a portfolio that is unique at the present time.

What does your collaboration look like specifically?

An OEM or a supplier who needs support on the matter of cyber security can approach any of the three cooperation partners. We will quickly coordinate enquiries with one another and we will compete together on tenders. In each case we will advise the customer jointly. First of all, we look at the processes very carefully and test at which points which requirements are set on the subject of security. Because of the complex processes, this is very laborious work in the first instance. We then compile the appropriate technical solutions and/or develop these or adapt them. Depending on the assignment, the main focus can shift, but the knowledge of all three partners is always in demand.

Can you give us an example?

In recent times one could read again and again in the media that weak points in vehicles' security systems have been detected and exploited. We can simulate such security loopholes and develop solutions which will be implemented into following generations of products. A single insecure car key is irritating and, at the worst, permits the theft of the vehicle. But if control systems of an entire series of vehicles are hacked and these fail at the click of a mouse, the consequences will be disastrous. Our trio is not only developing technical solutions for this purpose, but also concepts for risk management and for security relevant structures in the company.

Dr.-Ing. Achim Wohnhaas
Member of the Management Board Embedded Solutions at AKKA Digital

»Above all, the challenge is to match current security concepts with one another and to integrate them into the overall development process.«

Achim Wohnhaas

What are the greatest technical challenges in this area?

For a start, we basically have to determine what types of attacks and attackers the product should be protected against and which values have to be protected. In the automotive environment, as a general rule, a connection with the functional security must then be considered. The connectivity of the vehicle takes place via different communication channels: such as Bluetooth, WLAN, or mobile telephony and ad hoc networks, such as 802.11p or LTE-V, for example. First of all, this means that we must know and control all these wireless technologies – not a problem for us with our long-standing experience in matters concerning automotive electronics. And finally it is a matter of interference by means of physical impact, for example, if a memory has been manipulated or deleted. How can such attacks be prevented or manipulations be recognised? Cyber security is therefore a very complex and multi-layered technology topic – but above all, the challenge is to match current security concepts with one another and to integrate them into the overall development process. In this area, the three of us can not only advise our customers, but also implement the solutions.