“For full IT security in the transport infrastructure it is not enough simply to make the cars themselves secure. The more autonomous cars become, the more they depend on external information,” says Alexander Kruse, Senior Key Account Manager at secunet, G+D’s cybersecurity subsidiary and Germany’s leading cybersecurity company.
Consider the “external information”: it comes from roadside units, which look at, among other things, data on the condition of the roads, hazards, and possible accidents. All this tech derives from good intentions: it is there to maximize traffic flow without compromising safety, and it seeks to mitigate automotive impact on the environment, for example by shortening drive times, which reduces emissions. All this information is being fed to, and processed by, the individual car. That car may well be security-compliant to a very high degree when it comes to cybersecurity. But the environment it is embedded in is open to attack. Eventually, then, the car itself is at risk.
The move towards smarter, more autonomous vehicles is gathering momentum. More sensors means more information, the better to react to any traffic scenario. Increasingly sophisticated software is being deployed, to make driving both more convenient and safer through better communication between the vehicle and the larger transport system. This system is of course highly connected with an ever-growing number of interfaces, all of which are portals to possible attacks. Standalone systems won’t be able to cope with these threats. Traffic safety depends upon consistent security standards being set that all manufacturers and suppliers follow, and a strategic template of system design that allows for ongoing innovation.
“Cybersecurity in the automotive sector cannot be achieved purely through standalone solutions – especially not in the case of a highly networked, intelligent transport infrastructure,” says Kruse. “Manufacturers and suppliers must therefore consider the entire technical chain, from hardware, control units, and internal and external communication interfaces, through to back end. They then need to aim to create an all-in-one solution in the form of a comprehensive and secure system design.”