Autonomous Car Safety and Security (2019)

Autonomous Car Safety and Security (2019)


what are you doing to reduce the risk
can you really make this car industry secure or safe its again a great
question it is it is a question of risk reduction as you said so when you when
you do security engineering from an automotive perspective there are several
things that can happen due to a security breach one is safety so someone can
attack and kill you so that will have to have the highest priority and highest
importance the second one is economic someone can steal your car so that’s
also important that you can be covered by by insurance but insurance company would
like some technologies in you know in place the third one is privacy so
someone can steal your data GDPR will applies also to automotive industry and
they’re taking GDPR seriously because the because of the fine is we wait – it
could be ridiculously high and these are big companies so these three things you
you need to you need to be able to protect the first one let’s start with
the first one safety. you have to be able to create an infrastructure that makes
that kind of look for safety envelope for those safety critical safety
critical ECU’s and you have to protect them for the rest of your network in
order to ensure safety so the safety is number one there is no way you can you
can you can bypass safety with the safe and security will have safety
consequences now ISO 26262 has been a standard for a while it focuses on
safety unfortunately there is not much about security in ISO 26262 – so the
government cannot point out the legislators, the lawmakers is going to
point out that this is where you have to you
to focus on so as you know the German law for the standard technique you know
the product has law is very very very clear about the state of the art
the definition of the state of the art so you have to have a state of the art
and one of them is we have in in in safety this we need something for
security as well and the good news is we are almost there there will be a
security standard and once you fulfill the security standard, the ISO 26262 and the ISO 21434, they work hand in hand we will be able to
secure the first let’s say I wouldn’t say hundred percent secured but we will
be able to secure the majority of the majority of the vulnerabilities that can
be potentially harmful to people’s life that is safety then comes to the
question of economy I mean you if your car is stolen you know somebody can
somebody get hack and steal your car that’s the problem someone can ask for
ransomware that’s the problem is that’s the second problem we have the
most important one was the safety now we have the second problem
this is how we engineer this kind of scenario we look at the we consider
moose law the technology will get cheaper and cheaper computation power
will increase and the lifetime of the car is about 20 years so within this 20
years the cost of brute forcing or cracking the car if that is higher than
the price of the car the manufacturer would would say that I’m unhappy with
that because with an economic incentive nobody will will lose still a car if
they have to put more money computationally computational costs to
to hack the car so this is how we secure the economic bit what is what hasn’t
happened so much in the automotive industry to the best of my knowledge in
the privacy domain because we will be collecting data we’re collecting data
it’s really really interesting data it’s the sensor data it is the you know
the the data that you that you it tells you about the the quality of the street
real-time data this is the kind of data even big players like Google Facebook do
not have access to this is a unique kind of data that that only the automotive
manufacturers have access to and there is a huge business case about it and I
think to my opinion automotive industry is not ready to to also see how what
will be the GDP our comp of consequence to that data if they collect it and what
can they do with it in my opinion there can be a lot of innovation from this
data but at the same time they have to be GDPR compliant

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *