UNECE R155&R156 regulation is now live for automotive manufacturers. Having 100% compliance to this standard requires many efforts. However, unfortunately, 100% compliance to any regulation will not guarantee cyber resilience in all domains.
Because it is not enough to care about one or two domains’ cyber security infrastructure. Each of the 3 pillars, which are edge, mobile application and cloud services, of a connected car should be cared both independently and also holistically.
Even if the required precautions, like embedding host based intrusion detection and prevention algorithms in a secure gateway for detecting CAN Bus traffic anomalies, are taken in the edge; mobile application can create an additional attack surface. All cyber security precautions should be taken for mobile applications which somehow communicate with cars and/or their cloud services. They should be at least OWASP Mobile Top 10 compatible. They should be tested periodically whether to understand if there is a vulnerability or not. And finally any new feature that is planned to add into mobile application requires a security review before software implementation to clarify end-to-end Security architecture.
Finally, cloud services of connected cars may be too complex and big as the number of the cars and their features increase year by year. Those services will not only interact within a brand’s own ecosystem, but they will also communicate with many different services from other companies. So cloud security should also be managed very carefully in order to create a sustainable and secure ecosystem.
During October, we, as CyberWhiz, presented our solutions and services in Automotive Security Conferences in İstanbul. We had shared some real world examples about how easy it can be to hack a car from its CAN Bus or through a mobile application. But we also brought required solutions with us, and demonstrate how 𝐂𝐲𝐛𝐞𝐫𝐖𝐡𝐢𝐳 𝐄𝐦𝐛𝐞𝐝𝐝𝐞𝐝, 𝐌𝐨𝐛𝐢𝐥𝐞, and 𝐃𝐞𝐟𝐞𝐧𝐜𝐞 𝐂𝐞𝐧𝐭𝐞𝐫 can help to create an end-to-end secure infrastructure.
We can help Automotive Manufacturers for their any cyber security need for their Edge·Mobile·Cloud.
We are One Stop Shop for Automotive Cyber Security.
