The trend towards digitalization, connectivity and automated driving means that cars are becoming part of the Internet of Everything. At the same time, however, today cars are already potential targets for hacker attacks, which is why the security of data and safety-relevant components is currently a burning issue throughout the automotive industry. The aim is to protect vehicles against hacker attacks. Of particular importance, for example, is the protection of safety-critical components such as the brake system. After all, to achieve the vision of accident-free driving (“Vision Zero”), cars and the infrastructure have to be able to communicate with each other through, for example, digital connectivity. This, however, potentially opens doors for hackers, meaning that digital systems must not only be functionally reliable but also resistant to external attacks. Therefore, the technology company Continental uses cyber security technology to ensure comprehensive protection against possible hacker attacks on both: safety-relevant vehicle components and in production plants.
“Our experts are working to bring security to the next level and safeguard our systems against hacker attacks. This depends on the production security in our plants, which we are also working on. The first production lines have already been equipped to integrate cyber security functions into the products,” said Felix Bietenbeck, Head of the business unit Vehicle Dynamics at Continental. “Security affects every single vehicle component, which is why not only communication interfaces need to be protected but also – and especially – safety components such as brakes systems need to be too.”
Cryptographic processes for a safety-relevant system have been implemented for the first time in the latest brake system, the MK C1. With the MK C1, the brake actuation feature, the brake booster and the control systems (ABS and ESC) are combined into a compact, weight-saving braking module. The MK C1 is more dynamic, lighter and more compact than conventional brake systems and has been specially developed for vehicles with extensive advanced driver assistance systems as well as recuperation and automated driving capability.
As the level of connectivity and the number of in-vehicle interfaces grows, this necessitates increases, and so does the risk of hacker attacks. Hackers are motivated by all sorts of reasons – data theft, financial interests and reputation being just three possible examples. In response, Continental is strengthening all possible points of attack and implementing cyber security solutions on multiple levels and layers: On the first level, the individual electronic system components are protected; on the second level, communication between the in-vehicle systems is protected; on the third level, all the vehicle’s external interfaces are protected; and on the fourth level, data processing outside the vehicle is protected against theft and manipulation. This level also includes cloud and backend solutions. These offerings have now been significantly augmented with the multiple end-to-end solutions provided by Argus Cyber Security, the automotive cyber security specialist company, which has been recently acquired by Continental.
Individual security key for maximum security
All future products from Continental – including the MK C1 – will contain cryptographic functions that can be used to introduce security keys. These keys are generated individually for each product, which ensures maximum security because even if one car is hacked, a second one is still protected. “The keys can be used for various operations and cannot be read externally – just like the PIN for your smartphone,” explained Dennis Kutschke, Cyber Security program manager at Continental. When it comes to cyber security, Continental also learns from the experiences and technologies in other industries. However, cyber security is relevant to vehicle systems not only when they are integrated but also during the loading of software and digital keys, which is why a special production security concept valid for all locations is being introduced worldwide. The concept is based on a risk analysis conducted to identify weaknesses. Automotive manufacturers, too, benefit from being able to transfer their own keys to the system via the secure Continental network.
Being quicker than the hackers
Cyber security is an asymmetric challenge. While Continental has to keep its eyes on dozens of systems, all hackers need to do is identify a single weakness. “It’s like a never-ending race between the people who want to protect the systems and those that want to hack into them. This is why it is so important to act as quickly as possible whenever any weakness is identified,” said Kutschke.
For this reason, Continental has introduced an incident response management system, which is an additional layer of security that responds immediately if there really is an attack. This was developed with the expertise of the Israeli startup Argus Cyber Security; which Continental acquired last autumn and has become part of the subsidiary Elektrobit. Together with Elektrobit, which specializes in embedded and connected software solutions, the security experts have already unveiled an all-in-one solution for over-the-air software updates. This solution will ensure that millions of cars can instantly be upgraded to the latest security level without having to visit the auto repair shop, an important requirement for “Vision Zero” – a future without road deaths, injuries or accidents. Continental is also utilizing this knowhow to support OEMs in all matters relating to cyber security.