Thursday, March 17, 2016

Antivirus for your car

OK, that title isn't actually correct, but hey - it got you reading this, right?  Long time readers remember that one of my pet peeves is computerized cars.  As I often rant, security wasn't an after thought - it wasn't thought of at all.

Well, that may be changing:
IBM is developing a security stack for connected cars as part of a wider strategy to secure vehicles against a growing range of hacking attacks.

Some describe modern cars as computers on wheels but for Martin Borrett, CTO IBM Security Europe the range of communication options (Bluetooth, 3G) and range of embedded computing technologies is turning vehicles into “small data centre on wheels”.
That's an interesting way to look at it - actually a technologically mature way to look at it.  After all, while networked computers are brand spanking new in cars, we've been dealing with security for networked computers since the 1980s.
Designing a secure vehicle needs to happen alongside creating a trusted supply chain, hardening a vehicle and creating a trusted maintenance ecosystem.
Hells yeah.  It's refreshing to hear someone talking like this.

Multiple integrated levels of protection are needed. IBM's vehicle security stack features secure identities, secure data storage, secure access, secure communication, intrusion detection and protection, security intelligence and security of operations and execution.
A cynic would say that IBM has these security technologies, so "of course a connected car needs them.  That skates by the fact that the system and ecosystems of the connected car/truck do need the same sort of protections that networked computers need.  IBM has pretty decent technology and system here, and they cover a lot of bases.  One of their selling points historically has been that they can integrate  lot of different things into a solution, and this would be pretty important to a car manufacturer, I'd think.

Disclosure: I know some of the folks at IBM's security division, because I used to work with them in one of my startup days.  They're pretty smart, and IBM is pretty serious about this field.
A recent presentation by Borrett on the security of connected cars, delivered at the mobile and cloud conference InterConnect 2016 in Las Vegas last month, can be found here. The talk was entitled Code is my co-pilot: Security & privacy in connected vehicles.

Will this be a panacea?  Of course not.  Would I want one of these if I had a "connected car"?  Hells yeah.


Richard Blaine said...

And if they get it - a MONSTER HUGE contract for IBM with approximately 15 million cars sold per year in the US alone.

Anonymous said...

This is one of the many many reasons I still prefer vehicles made prior to the 90's. With carburetors.

Borepatch said...

Richard, this makes sense. If IBM can solve the problem better at $100/car (almost certainly better and cheaper than the auto companies can), then that's a Billion and a half dollar market. Each year.

EMS Artifact said...

How long before the feds demand a "back door" into car computer systems? If they haven't already.