Redefining Connected Car Cybersecurity

[By Dan Sahar, VP of Product]

“Cybersecurity is not top of mind for us”.

Just a few short years, chances are this is a common response you would would have encountered if you asked an automotive OEM executive of the effects of cyber threats on their vehicles. In all likelihood, they would not be wrong in this point of view. See, a car back then was just that – a car. A complex machine with many moving parts, but a machine that’s isolated from the outside cyber world. To use cybersecurity jargon – the car was “air gapped”, or physically isolated from unsecured networks, such as the public Internet.

Fast forward to today with the memory of Equifax, Stuxnet and the infamous Charlie Miller and Chris Valasek car hack still fresh – that mindset has changed radically.

Cyber Security Is A Business Risk, Not Just An IT Problem

Cars today have up to 100 ECUs and more than 100 million lines of code written by many different suppliers across the globe — a very fertile ground for hacking attempts.
In the past, potential attacks vectors were primarily limited to Near Field attacks such as car theft – essentially requiring the hacker to be close to the target vehicle. Enter vehicle connectivity, and the loss of that air gap, and with it an exponential increase of the risk level and potential damages.

Connectivity instantly opens up a vehicle fleet to Far Field attacks – an attack variety that can be generated remotely from numerous computers around the world and can exploit even a single vulnerability to inflict massive damage across tens of thousands of vehicles. As Elon Musk, Tesla’s CEO, recently stated – “I think one of the biggest concern for autonomous vehicles is somebody achieving a fleet-wide hack.”

The risk of fleet-wide hacks and the public safety concerns, has also prompted attention from international and US lawmakers with multiple proposed legislations to establish mandatory federal standards for auto cybersecurity, such as the Security and Privacy in Your (SPY) Car Act of 2017.

“A cyber incident is a problem for every automaker in the world,” General Motors CEO Mary Barra said in a recent speech. “It is a matter of public safety.”

The automotive industry is undergoing a transformation – decades old business models are rapidly changing and connectivity is quickly becoming an integral part of conducting business. Connectivity enables vehicle fleets and service providers to monetize car data and achieve superior business results. Consumer experience can be improved, and new business opportunities can be imagined. The key challenge automakers are facing is how to capitalize on this tremendous opportunity while at the same time ensuring the security and safety of drivers, passengers and businesses alike.

Security Now! Protecting Vehicles On The Road Today

Upstream Security was founded with the sole purpose of securing connected vehicles everywhere – this is a here and now mission, not a future one. There are over 100 million connected vehicles on the road today – we created a solution that can protect all of them right now – without having to wait for a typical automotive production cycle.

We are a team of cybersecurity pros and data scientists and many of us have dabbled in white hat hacking and reverse engineering in the past. When we first looked at this problem, we tried to think how a hacker would go about attacking a car and where can most damage be inflicted. Together with multiple cyber experts as well as automotive OEMs we reached at several key conclusions:

1. The most serious attack vector is a fleet-wide attack that targets multiple vehicles at the same time – this should be top of mind for us to protect.
2. Attempting to protect the car when the security solution is inside it may be “too little, too late” due to the complexity of the car internals and single vehicle context.
3. Solving near-field attacks is indeed important, but the more likely attack vector is far-field, one that is generated from the Internet from a remote location.

We’ve built solutions for IT departments throughout our entire careers – in Upstream we set out with a blank canvas to build a solution that tackles the conclusions above head on.
The result, in our humble opinion, is the most sophisticated cybersecurity platform in the automotive market and the only one that can provide automotive CISOs instant visibility and control required to ensure their vehicle fleets are running securely and safely – TODAY.

What makes Upstream Unique?

1. Centralized Cloud Based Architecture

In a similar fashion to the transformation undergone by cybersecurity solutions in enterprise IT, automotive security solutions need to move from an endpoint (in-vehicle) security model to a centralized cloud-based one. Attacks need to be identified before they even reach the vehicle while at the same time inspected across multiple vehicle and across the entire automotive stack – both cloud backend as well as in vehicle.

2. It’s all about the Data

Cyber solutions must be able to understand and distill the massive amounts of unique data sets created by connected vehicles. A typical automotive cloud infrastructure contains multiple application servers and each of these maintains communications with multiple types of vehicles – that’s a huge set of permutations and potential attack vectors. Encapsulated within this information are valuable performance indicators, such as driver and vehicle behavior, vehicle utilization, maintenance indicators, driving routes and much more. Upstream has a pioneered a patent pending automotive behavioral analysis engine which is capable of synthesizing these troves of data and distilling actionable cybersecurity intelligence from it.

3. Multi-layered Security Architecture

We often get asked, what security solutions can I compare you to? We like to say that you can’t really compare our solution to generic IT security products. Our platform draws inspiration from many technological concepts used by advanced IT cybersecurity products. Some technologies we adapted for the automotive environment, many of them we had to create from scratch, simply because what worked in an IT office space behaves completely different in a moving vehicle. We leverage advanced detection techniques and machine learning inspection algorithms with our multiple engines working in parallel – in both real-time and in batch modes – for an unrivaled protection result.

If what you’ve read so far has piqued your interest or if you’re an OEM looking to design a security architecture, drop us a line – we think we can help. upstream.auto.