The increasing networking of vehicles brings numerous advantages for both manufacturers and drivers. Manufacturers gain data to improve their products and services, while drivers enjoy additional convenience and increased user-friendliness. But the growing connectivity of vehicles also harbors a risk: it opens up ever wider attack surfaces for cyber criminals to penetrate and manipulate the vehicles' IT systems.
Manufacturers have therefore long since begun to integrate IT security components into their vehicles. But as is always the case in information technology, even this measure cannot guarantee one hundred percent protection. In addition, a system is needed that will look after networked vehicles and associated IT systems for decades, around the clock, analyzing cyber attacks, as well as always keeping defenses up to date with the latest security technology: an automotive security operations center, or automotive SOC for short.
Over the past three decades, many IT components have found their way into vehicles. Electronic components and connections for the digital exchange of vehicle data made the start in the early 1990s. This was followed by the installation of infotainment systems, car phone systems and finally entire sensor systems. In recent years, the so-called "vehicle-to-everything" (V2X) connection was added. It enables the exchange of data between networked vehicles, or the networked traffic infrastructure that is currently still being developed. The goal here is to establish an Intelligent Transport System that will sooner or later increase the safety of all road users and make traffic flows smoother. This complex, digital infrastructure of connected vehicles is controlled via control units in the vehicle itself and Car2X components, such as smart traffic lights. Whoever controls them can also control individual components of the car - and in extreme cases, the entire vehicle. This is a considerable risk for manufacturers and vehicle owners alike. After all, the number of cyber attacks on automotive IT has increased noticeably in recent years.
The risks of networking
Between 2010 and 2018 the number of automotive hacks reported by manufacturers increased by about 600 percent, as stated in Upstream's 2019 Automotive Cybersecurity Report – just as hackers' knowledge of networked automotive components increased year over year. However, the report's key finding is that in 2018, the number of attacks perpetrated by black hat hackers surpassed those perpetrated by white hat hackers for the first time. As a result, the report predicts that the automotive industry could face additional costs from hacker attacks of around $24 billion within the next five years alone. In extreme cases, a successful attack could already cause costs of more than one billion US dollars. One of the reasons, a significant proportion of vehicle owners still have clear reservations about the security of networked vehicles. More than 50 percent of German and U.S. drivers would currently not want to get into a fully autonomous vehicle - for fear of technical failure or a hacker attack. Correspondingly manufacturers should consider serious consequences in the event of a successful attack - even if only one of their models is affected. According to the 2017 Autonomous Driving Study conducted by TÜV Rheinland, 66 percent of German, 61 percent of U.S. and 60 percent of Chinese drivers would want to switch car brands immediately after a successful cyber attack on one of their manufacturer's vehicles.
Comprehensive protection for connected vehicles
Comprehensive protection of vehicle IT is therefore essential for every manufacturer if it does not want to unnecessarily put its customers - and thus its market share - at risk. Manufacturers around the world are already paying attention to the security of the IT components installed in their vehicles; for example, they are integrating attack detection systems into their vehicle IT. Manufacturers are also confronted with the fact that vehicle owners use their cars for several years on average, often for more than a decade. For networked vehicles, this means that patches and updates for the system software and the automatic attack detection systems must also be made available and regularly updated over unusually long periods for IT systems. For this reason, it is advisable for manufacturers to plan for the establishment of a central location where all data from the networked vehicle fleet is analyzed and examined for possible attacks. In addition, the secure, automatic refreshing of the attack detection systems takes place from there. By deploying an automotive security operations center, they will be able to provide their customers with an effective, round-the-clock, holistic cyber defense for their connected vehicle systems - over periods of years and decades.
Keeping vehicle security under control for decades with an automotive SOC
An automotive SOC operates similar to a regular security operations center. However, it is completely designed for the special IT infrastructure of vehicles. Set up as a central interface, it can respond quickly to threats and easily provide comprehensive protection for entire vehicle fleets against attacks. The core element of the automotive SOC is a security information and event management system (SIEM). In real time, it analyzes the incoming anonymized and pseudonymized data of the individual members of the vehicle fleet and produces useful security reports based on this data. If it detects a suspicious anomaly, it reports it to the highly specialized automotive SOC team. This team is built of IT experts from the areas of IT security and IT automotive. They identify and minimize existing risks, fend off attacks and undertake the necessary follow-up investigations. In doing so, they do not rely solely on vehicle data. They also set up so-called honeypots, dummies of potential targets, to attract attackers, analyze their strategies and tactics, and test suitable countermeasures. In addition, they are also in constant exchange with other IT security experts and IT automotive experts. In this way, the automotive SOC reduces the risk of cyber criminals being able to place malware, tap into data, take over vehicle components, individual vehicles or even a fleet of vehicles without being noticed.
But building an effective automotive SOC is a complicated business. Moreover, automotive and IT security experts are rare. For this reason, it can make sense for manufacturers to enlist the help of an external specialist, such as Telekom Security, when setting up a suitable automotive SOC solution.
Conclusion: Telekom Security helps you find the right automotive SOC
Successfully setting up and effectively operating an automotive SOC requires a considerable amount of experience and specialist knowledge. Telekom Security has both. Since the end of 2017, the security service provider has been operating Security Operations Center globally - in Bonn, as well as at other locations in Germany and abroad. Around 200 IT security specialists monitor the IT systems of connected customers here around the clock. This year, the center will be expanded to include a special area: the new Telekom Automotive SOC. This means that, for the first time, vehicle manufacturers now also have the opportunity to benefit from Telekom Security's knowledge and experience. In fact, Telekom's experts have been working in the IT sector of the automotive industry for quite some time. In the meantime, 13 of the world's 20 largest vehicle manufacturers, their international suppliers, as well as more than 3,000 car dealerships, rely on the automotive experts of T-Systems' Business Customers unit for support in the development of secure connected and autonomous vehicles. In the future, they will also be able to call on the help of Telekom's automotive SOC; whether simply for support in the complicated process of setting up their own automotive SOC, or to purchase individual SOC service solutions there - from the analysis of individual security incidents to the complete Telekom automotive SOC service.
Whatever manufacturers decide, they will significantly increase the security of their connected vehicles thanks to the support of Telekom Security Automotive-SOC.
