Why do software-defined vehicles provide a superior platform to prevent, detect, and counter cyberattacks?
Passenger vehicles have experienced a tremendous increase in connectivity over the past decade, with more and more cars now being connected at all times. This trend will only continue to grow with the rollout of 5G networks, expansion of the software deployed in vehicles and increasing consumer demand for more personalization and connectivity and the beneficial capabilities they bring.
Moreover, manufacturers and OEMs need the ability to update vehicles without requiring service visits. Delivering over-the-air updates and upgrades even after a vehicle has left the manufacturer’s lot can offer significant cost savings and deliver vehicle improvements, but this leaves the vehicles’ systems open to attack.
Finally, the amount of computing capabilities in vehicles is increasing rapidly. The addition of more capable driver assistance, enhanced infotainment systems, and better safety features all bring more compute into the car. It’s not an exaggeration to say that our cars are rapidly becoming more like data centers on wheels.
Unfortunately, the inconvenient truth is that all connected systems are vulnerable to attack. By being connected to the internet, cloud, and road infrastructure, modern cars have an expanded attack surface with many potential vulnerabilities. In fact the numerous connections in modern vehicles— wireless networking, Bluetooth, and cellular data—can all be exploited by potential hackers in different ways.
As connectivity becomes our way of life, the need for better systems and security expertise for in-vehicle systems is a top concern. Automakers must protect the whole vehicle (and indeed the entire fleet of vehicles) including their network and connections to the cloud from cybercriminals attempting to steal information, extort money, or otherwise disrupt their operations. Protecting against these risks requires security expertise, constant vigilance, and the ability to act quickly to thwart cyberattacks.
Why dynamic cybersecurity is needed to address cyber threats?
Automakers must leverage modern software technologies that are proven in enterprise servers and networking as the foundation of their cybersecurity solutions. True dynamic cybersecurity requires two key vehicle capabilities: vehicle-wide visibility, dynamic vehicle configuration, and rapid responsiveness to new threats. These key capabilities are found only in software-defined vehicles, that is, vehicles with a rich software framework that allows extensibility and configurability.
Software-defined vehicles offer the promise of extensibility to respond to cybersecurity threats after shipment, and indeed deliver other valuable upgrades. With software-defined vehicles, automakers can centrally monitor, configure, and control updates to vehicle functionality and features throughout the life of the vehicle.
One challenge posed by initial efforts to deliver software-defined vehicles is the heavy code development, validation, testing, and deployment that updates require. Typical Over The Air (OTA) updates require such complicated validation that their rollout can be slow. What’s worse, the updates themselves can be massive in size, from megabytes to even gigabytes. Downloads that large require high speed networks that may not always be available and inevitably take significantly longer to deploy across the fleet.
Sonatus is working to bring the best of both worlds by offering the benefits of software-defined vehicle extensibility while reducing or eliminating the validation burden that delays updates and by shrinking those updates to only kilobytes in many cases. Sonatus Dynamic Data Collection, for example, allows OEMs to quickly create and deploy policies to collect a wide range of vehicle data under specific conditions and events. Dynamic reconfiguration allows new or updated data collection, network configuration, and other policies to be deployed and safely implemented in seconds. These policies can be used to rapidly identify cybersecurity threats, better target the right response, and accomplish both vastly sooner than any conventional heavyweight OTA update could achieve.
Discussions have begun at the regulatory level with The United Nations World Forum for Harmonization of Vehicle Regulations (WP.29) which adopted the new cybersecurity regulation covering the identification and management of cybersecurity risks in vehicle design, monitoring and responding to attempted and successful cyberattacks, and the use of a cybersecurity management system and data forensics systems. These discussions and others like them are helpful to bring collaborative frameworks together to share information and mitigate future threats.
There are also valuable industrial collaboration efforts underway, such as the Scalable Open Architecture for Embedded Edge (SOAFEE), an industry-led collaboration defined by automakers, semiconductor suppliers, open source and independent software vendors, and cloud technology leaders. The initiative intends to deliver a cloud-native architecture enhanced for mixed-criticality automotive applications and advocate for common standards-based firmware and security interfaces. This kind of collaborative effort can be helpful to shine a light on the critical standards needed for the success of software-defined vehicles for cybersecurity and beyond.
Identifying and responding to cybersecurity threats requires a “round-the-clock” approach. In today’s dynamic security environment, automakers cannot wait for vulnerabilities or exploits to be reported in the media; they need to resolve the issues before they become news. To accomplish this, automakers must maintain the highest level of situational awareness. This requires effective aggregation, classification, and prioritization of data from vehicle telematics, security experts, and third party threat intelligence feeds, all presented in an intuitive operations dashboard.
October is Cybersecurity Awareness Month, and a perfect time to refresh your own “cyber hygiene” habits, operations dashboards and more. Download our free white paper Dynamic Cybersecurity for Software-Defined Vehicles to arm yourself with information to protect your connected vehicles.
Our Dynamic Cybersecurity for Software-Defined Vehicles white paper includes information about:
Sonatus helps automakers build dynamic software-defined vehicles that can evolve and adapt over their entire lifetimes through code-less updates that don’t require new software. Leveraging extensive software-defined and automotive expertise, the company compresses decades of digital innovation into scalable vehicle and cloud software solutions, empowering OEMs to innovate faster, reduce complexity and costs, and become more agile. Sonatus’ award-winning Digital Dynamics™ platform is currently in-market in Hyundai, Kia, and Genesis, and will be on the road in millions more vehicles by 2023. The company is backed by world-class automotive, technology, and venture investors including Hyundai Motor Group’s Kia Corporation, LG Electronics, Marvell, SAIC Capital, Translink Capital, UMC Capital, and Wanxiang Group Company. The company is headquartered in Sunnyvale, CA, with offices in Detroit, MI, and Seoul, Korea.
# # #
For more information contact:
Director of Marketing & Communications