07.01.2019 by Daniel Kunz

Share article

Hackers are targeting connected cars. Protection is provided by specialist security operation centers, which monitor vehicle data around the clock.

Brakes, ABS systems, airbags and other such features are no longer enough to guarantee the safety of vehicles, drivers and passengers. Hackers are increasingly carrying the cyber war onto the streets to attack connected cars via mobile access routes, allowing them to literally grab the driver's steering wheel. Cybercriminals can also do considerable damage by breaking into carmakers’ back-end systems and stealing data. In addition, as of March 31, 2018, all new vehicle models in the EU must be equipped with the eCall automatic emergency assistance system. This will in turn create even more potential targets for hackers.

SECURITY GAPS COULD LEAD TO CUSTOMER EXODUS

According to a study by the testing association, TÜV Rheinland, 63 percent of motorists in Germany, the United States and China would switch car brands after a hacker attack. And according to a survey by market research firm Gartner, more than half of all motorists in the U.S. and Germany would currently not board a fully autonomous vehicle due to concerns about inadequate security and technical faults.

ENSURING PROTECTION FOR THE VEHICLE'S ENTIRE LIFECYCLE

The automotive industry has to take these concerns seriously. However, regular software updates and patches are not enough to provide IT security for a vehicle for its entire service lifetime of 15 to 20 years. Hackers could discover weak points, find new paths of attack and crack encryption. To defend against such threats, car manufacturers need intrusion-detection systems (IDS) in vehicles, mobile networks and back-end systems.

SECURITY OPERATIONS CENTER COMBINES IT AND AUTOMOTIVE EXPERTISE

In order to protect the growing number of connected vehicles on the roads, it’s necessary to constantly analyze the data flows in and around the car. This means establishing additional IT infrastructures and processes in the form of an automotive security operations center (SOC), which combines IT and security know-how with in-depth automotive expertise. In this central coordination center, a specialist cyber-security team collects and examines all the security-relevant data of the "connected car" ecosystem around the clock. This also includes telematics data and digital bait traps for hackers, so-called "honeypots." It’s particularly important that when automakers collect data for an SOC, they ensure data protection before further processing – for example through the pseudonymization of personal data.

PREVENTING ATTACKS WITH SIEM

The heart of an automotive SOC is a security information and event management system (SIEM). It searches and analyzes the data in real time to identify any potential cyber attacks, generates security reports and automatically alerts the SOC security analysts in the event of suspicious activities. The SIEM collects log files from various systems such as the IDS in the vehicle or the mobile networks’ fraud detection systems.

At the heart of the system are the rules that SIEM uses to correlate data and check for indicators of a potential cyber attack. The system takes the attacker's view: The rules are based on concrete use cases (attack scenarios) that describe in detail how a cybercriminal might proceed – for example, the scenario of a perpetrator who obtains a control unit with an activated SIM card from a vehicle he finds at a scrap yard. Once the SOC specialists have discovered and identified a security incident, they initiate previously defined countermeasures or develop new response strategies.

OPERATE SOC YOURSELF OR OUTSORCE TASKS TO PARTNERS

An automotive SOC can be operated as a complement to existing IT SOCs. Alternatively, automakers can outsource some tasks up to and including the entire operation to partners such as Telekom. In a new white paper, T-Systems’ security and automotive experts explain how to set up an automotive SOC.