Search This Blog

BlackBerry’s 7-Pillar Recommendation to harden Cybersecurity for Automobiles

Auto cybersecurity is one of the most important agendas because with advancing technology automobiles are now exponentially connected to the Internet and other systems, which can be easily targeted by bad elements of the society and would result in dangerous outcomes.

BlackBerry published a 7-Pillar recommendation for auto manufacturers which can provide a significant solution to harden automobile electronics from attack.

There are basically four industry trends that make modern vehicles vulnerable to cyber attacks and failures: vehicles access, software control, autonomous driving, and the changing state of software.

 Through their whitepaper, the company recommended changes via a seven pillar approach:

1) Secure the supply chain: Ensure that every chip and electronic control unit (ECU) in the automobile can be properly authenticated (via certificates) and are loaded with trusted software, irrespective of vendor tier or country of manufacture.
a)  Code Scanning: Use sophisticated binary static code scanning tools during software development to provide an assessment which includes: open source code content, the exposure of this open source code to common vulnerabilities and indicators of secure agile software craftsmanship.

2) Use Trusted Components: Use a recommended set of components (hardware and software) that have proper security and safety features and have been verified to be hardened against security attacks.

3) Isolation:  Use an electronic architecture for the automobile that isolates safety critical and non-safety critical ECUs and can also “run-safe” when anomalies are detected.

4) In Field Health Check:  Ensure that all ECUs software has integrated analytics and diagnostics software that can capture events and logs and report the same to a cloud-based tool for further analysis and preventative actions.

5) Rapid Incident Response Network: Create an enterprise network to share common vulnerabilities and exposures (CVE) among subscribing enterprises such that expert teams can learn from each other and provide bulletins and fixes against such threats.

6) Life Cycle Management System: When an issue is detected, using Pillar 4, proactively re-flash a vehicle with secure over-the-air (OTA) software updates to mitigate the issue. Manage security credentials via active certificate management. Deploy unified end point policy management to manage, among other things, applications downloaded over the lifetime of the car.

7) Safety/Security Culture: Ensure that every organization involved in supplying auto electronics is trained in safety/security with best practices to inculcate this culture within the organization. This training includes a design and development culture as well as IT system security.

"Protecting a car from cybersecurity threats requires a holistic approach," Sandeep Chennakeshu, President of BlackBerry Technology Solutions, said in a statement. "Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats. If followed, we believe vehicles will not only be secure but BlackBerry Secure."

Share it: