Beijing, 2021 / US News Prepared, BSI new release, “Automobile Network Security Insight”, the report focuses on the rise of networking vehicles and the continuous growth of automotive network security Demand, help you meet the challenges encountered in the transformation to meet new network compliance requirements.
This article will explain how these major changes transformed into new network security threats and challenges facing manufacturers, as well as how ISO / SAE 21434 and BSI E2E internet automated network security models help you overcome these issues.
BSi new release of automobile network security insights 
Networking car Network security situation
The concept of network automatic driving cars and driverless cars is not fresh. As early as 1920, people were experimenting on the Automatic Driving System (ADS) and were started in the 1950s. In 1977, the Japanese Building Wave Mechanical Engineering Lab has developed the first automatic driving vehicle, requiring driving on the road with a dedicated sign, two cameras on the car through analog computer recognition mark. With the aid of elevated tracks, the speed of the car has reached an amazing 30 kilometers / hour (19 miles / hour).
After nearly 50 years, due to succession of a series of subversive innovative technologies, the situation has changed, and the development of the automotive industry exceeded everyone’s expectations. With the industrial 4.0, information physics system and digital acceleration, the industry will usher in a huge change in 2021.
For example, the AI-based automatic driving vehicle has become the leader of the automotive industry, and artificial intelligence has implemented smart driving mode through automatic driving, no need for drivers but relying on sensors and software for navigation and control. . In addition, according to the “Research and Markets, 2020), the networked function is no longer an optional function of the car, but is embedded in design.
The automotive industry is in large-scale transformation, this is the automotive industry since the internal combustion engineThe biggest change of experience, car manufacturers are no longer hardware manufacturers, but developed into technology companies.
Network Security Mode
For all networking things, risk, vulnerabilities and threats are everywhere. As the US reporter and the Victimor Brian Krebs have proven, “Everything will be attacked by hackers”, “enterprises and IT professionals need to start accepting this ‘frustrated reality’.” The networked automotive industry is no exception.
The example in this area is not amended. Some famous data leaks include: 2017 Honda is subject to notorious lessov virus Wannacry attack, the global computer system is seriously damaged; 2018, Tesla, Toyota Motor, Volkswagen and Fiat Krysler Motor Company, Ford Motor The company and General Motors were involved in a data leak event, and thousands of factory record documents involving the company’s commercial confidentiality were leaked.
Recently, in 2020, Tesla filed a proceedings for a former employee, accused the employee to change the company’s source code and export the proprietary data of the Gigab to unknown third party, causing the company to suffer internal Attack, the loss is heavy.
Other main trends present in automotive and interconnected markets are also compelling:
“Automotive Market” or “Car Business” to make end users can book, order and Buy all goods, let people have a demand for automotive retail and car payment systems
The on-demand function is a subscription-based service provided by the original device manufacturer (OEM), such as custom lighting, night vision assistant and navigation. Map, etc.
- Key attention to track statistics, mobile, and design systems (such as CEDRIC / E PALETTE) intelligent transportation system, with shared behavioral topic
- The biggest challenge facing the customer is how to prevent ubiquitous threats, cars have become a variety Aggressive object of malicious threat factors. Connection via USBInfected malware. We all know that it will be dangerous to insert unprotected unknown USBs into any device, while the USB port is also true.
Neutral server platform, currently planning related legislation To protect the benefits of the car after-sales market participants
If the end user downloads the app to the car dashboard and the CPU, it may also be attacked. Whether it is a cloud-based application, or local applications, you need to verify and check security before downloading. Be vigilant before downloading any car applications. The middleman (MATM) attack is also very common. In this attack mode, the attacker will secretly transfer their communications in the case of directly communicating, and may change the content of communication, just like eavesdropping the conversation of others. same.
While various ways can be used to solve this problem, such as authentication, key negotiation protocol, tamper detection (will cause normal flow spending longer) and digital forensics. Digital forensics are obviously advanced, but you can use event forensics to check and monitor suspicious attack behaviors. Detailed description of data is disclosed, the attacked position, and provides threat information to remedy.
Automobile network security – responding to the challenge in the transformation of the industry
Industry Another challenge is the lack of technical network security compliance standards leading to lack of standardization in the industry. Before ISO / SAE 21434, there is no networked automobile network security standard *.
The ISO standard established “design security” in the entire life cycle of the vehicle. ISO / SAE 21434 provides a model of development risk assessment systems and detailed processes and work products. 
The BSI can be contacted as follows, obtain the full version of “Automotive Network Security Insights”, and more fully understand industry dynamics and analytical perspectives.
BSI National Hotline: 400 005 0046
BSI Email: Infochina@bsigroup.com
Official WeChat: BSI_China
Mark Brown, BSI network security and information toughness Global General Manager
- Mark joined BSI in February 2021, responsible for global The overall promotion of network security and information toughness, focusing on the Internet of Things (IoT) strategy and how BSI helps customers address network security and data governance challenges.
- Mark has accumulated more than 25 years of expertise in network security, data privacy, and business toughness consultation. He has served as leadership positions in Wipro Ltd. and Ernst amp; young (EY). He has a wide range of knowledge, including the Internet (IoT) and the continuous expansion of the network security market, has been a global CISO and global CIO / CTO for the Top 10 and Fortune 500 companies. He serves customers with consumer goods, retail / e-commerce, legal, oil and gas, mining, technology, media, manufacturing, IT and real estate, and customers in many industries and vertical industries.