In preparation for the rapidly-changing automotive industry, several companies and organizations have come together to form the Future of Automotive Security Technology Research—also known as FASTR. The group focuses on the cybersecurity of autonomous vehicles, recognizing that trust and safety of the technology go hand-in-hand, and that failure to ensure security of autonomous vehicles could slow down or prevent the technology from becoming ubiquitous. The group also recognizes there are currently gaps in how increasingly connected vehicles are being protected and secured from vulnerabilities.
With a strong belief that autonomous vehicles will benefit society by increasing safety and improving quality of life, the members of FASTR are working in tandem to ensure the autonomous future can come to fruition in a responsible and secure manner.
FASTR so far consists of Intel, Uber, Aeris, Karamba Security, and Rambus. The FASTR manifesto goes into detail about some of the risks and concerns that automotive makers have about the future of the industry, as well as outlining the shift in perspective in what makes a vehicle and how that ultimately impacts the supply chain.
Cars are being produced with increasing connectivity to the Internet, to Cloud storage, to other vehicles, and to environmental infrastructure. They're also relying increasingly on this connectivity to provide services to its users. In part to provide these services, vehicles are collecting more data on its users such as personal profiles, location history, and other sensitive information.
Complex embedded systems and sophisticated software are becoming just as important as the engine and wheels of modern cars, but this may be leaving vehicles vulnerable. In 2014, a report was generated from the response of 16 automotive companies which showed that, in vehicles which had wireless connectivity, nearly all of them were at risk of compromise due to unprotected access points. With the expectation that approximately 250 million connected vehicles will be on roads by 2020, this vulnerability presents a critical threat to drivers, passengers, and companies.
Click to enlarge. Image courtesy of FASTR.
FASTR’s definition of trust and security produces the following requirements:
- Trust in data confidentiality
- Trust in data and system integrity
- Trust in data and system availability
The idea is that collected personal data must be protected, the security of the vehicle’s system must be protected, and that continued access to services are also protected.
In order to work towards developing trust and safety in automotive vehicles, FASTR has a multi-layered approach which involves all level of vehicle manufacturing and production. One of these approaches is coordinating all the stakeholders in vehicle production and shifting the perception of vehicles from being individual components to being an entire system with a significant software element.
Some areas in which the group hopes to take action on are threat modeling and cybersecurity intelligence, implementation of hardware security features, security designs which encompass the entire life cycle of the vehicle, and threat intelligence.
Infograph detailing some of the connectivity points of modern automotives. Image courtesy of Harman.
Acting as an industry think-tank, FASTR intends to recruit more experts and stakeholders to get involved in the effort. In the future, the group plans to work on delivering workshops, developing white papers, and creating references for best-methods. FASTR has issued a call to action, inviting collaboration from organizations or individuals who wish to be involved in these efforts.
Featured image adapted from FASTR.