Greater visibility, collaborative innovation, and consolidation among the key priorities to secure the next generation of connected cars
Two-day Virtual Summit sees Device Authority and partners reach consensus on how to secure the major advances in connected vehicle technology
Making the connected car revolution a reality in the era of AI, Device Authority and its partners have agreed on ten vital security principles for the automotive industry. These principles were outlined at Device Authority’s Virtual Summit, this year focused on the theme of Zero Trust in the Era of AI.
Vehicles are fast becoming mobile computers communicating automatically with myriad external devices and services to deliver massive gains in efficiency, safety and consumer experience. But the cyber security threats are significant and constantly evolving.
Device Authority, a global leader in identity and access management for enterprise IoT, was joined by distinguished speakers from its partners such as Microsoft, CyberArk, Entrust, Argus Cyber Security, PTC and Cumulocity for the summit – this year held on May 14 and 15. The connected vehicle was one of the main topics during two days of in-depth talks and discussions.
The consensus of experts from the event was that the following ten points are priorities:
1. Compliance now and for the future
Vehicle security must comply with the mandatory United Nations Economic Commission for Europe (UNECE) WP.29 regulation and best practice standard ISO21434. These measures require threat analysis, and cover risk management and response, supply chains, post-production and lifecycle security. WP.29 will not be the last such regulation, and automotive organisations must be ready to adapt to developments whenever they occur.
2. Vehicles must be secure by design, from factory to crusher
A holistic approach throughout the 15-20-year lifecycle of each vehicle is required, covering every aspect of security – from design and development to production and operation.
3. The need for collaborative innovation
Collaboration between innovators will be necessary to create next-generation solutions for automotive cyber security. From global companies to smaller organisations with specialised expertise, a pooling of talent and insight is what will keep vehicles secure. A good example is the partnership between Microsoft, Argus Cyber Security and CyberArk.
With scaled quantum computers on the horizon, the automotive industry must prepare for the world of post-quantum cryptography. Innovation will be utterly essential to secure devices, applications and their data, using accurate inventories, crypto-agility and new technologies to automate processes.
4. The advantages of a platform approach
The complex security requirements of connected vehicles demand a comprehensive, platform-based approach to ensure data sovereignty, effective management and regulatory compliance.
5. Embed end-to-end security from the car to the cloud
Security must cover the connected vehicle’s entire data ecosystem seamlessly. This requires successful integration of cyber security solutions. Perfectly-interlocking protection should extend to the cloud including the Vehicle Security Operation Centre (VSOC) and vehicle-to-cloud (V2C) communications.
6. Comprehensive threat-detection is vital
Real-time monitoring, threat-detection and analysis is necessary to provide insights that power incident response automation. A good example is the implementation of Azure OpenAI Copilot to detect threats with a high level of accuracy, reducing response times and human involvement.
7. 360-degree security visibility is a must
Organisations need to ensure that monitoring of connected vehicle security is genuinely comprehensive, using data connectors where necessary to encompass the cloud, the VSOC and all applications used. This includes understanding the converging of IT and OT worlds which introduces new entry points for potential threats across connected cars, manufacturing floors, back-end services, and car dealerships.
8. The importance of lifecycle management tools
On-the-road security and compliance demand a full suite of solutions to manage requirements such as the US Software Bill of Materials (SBOM). An intrusion detection and prevention system (IDPS), and solutions such as Microsoft Security Copilot to put the immense capabilities of AI into the hands of defenders. Given the complexity of the lifecycle of a car, it’s critical to introduce security from the start. Implementing a device twin can support and ultimately shorten the development cycle by automating and introducing new techniques or processes.
9. Ensure agile and secure development cycles
The automotive industry is witnessing a shift towards new business models such as subscription and service-based, where cars can be upgraded with new features at any point, changing the traditional ownership model. This evolution requires faster development cycles to meet regulatory requirements and the increasing complexity of vehicles. This push for quicker, higher-quality, and more secure development is now a major global issue for car manufacturers.
10. Consolidation is key
Organisations are increasingly looking to consolidate security capabilities. It is estimated that, on average, there can be up to 70 different vendors needed to cover all aspects of security. By integrating and consolidating these solutions, CISOs can improve risk posture significantly. Tightly-connected and integrated solutions provide a major benefit, making the overall solution more secure and encompassing the entire ecosystem end-to-end.
Device Authority CEO Darron Antill said: “Our ten principles emerged from a highly successful summit that brought together some of the foremost experts in device security. These principles are the essentials for the secure future of the connected vehicle as the automotive industry enters a revolutionary era of connectivity and intelligence. IoT technologies are converging with AI to give us new capabilities. But we must be rigorous about security to achieve compliance and we must innovate to make sure we have maximum protection now and into the future as threats develop.
“From enhancing vehicle performance and safety to enabling predictive maintenance and greater personalisation of the whole driver and passenger experience, the integration of AI with IoT is reshaping the automotive world, but it demands the most effective security possible, enabling performance without compromising on protection and compliance.”