What is a Collaborative Cybersecurity model, and what are its benefits? Why is one especially critical — particularly as it applies to semi- and fully autonomous vehicles?
Collaborative Cybersecurity is an essential, disruptive, and logical model to enable the introduction of autonomous vehicles on our roads in the safest manner possible. All industries, and not just the vehicle original equipment manufacturers (OEMs), need to turn the current cybersecurity model on its head. Governments and commercial organizations alike need to rethink how cybersecurity should work for them to better position themselves against the growing number of threats. Cybersecurity companies who develop solutions need to reconsider how to increase the value of their product offer by re-imagining their delivery model via cooperation and collaboration both horizontally and vertically. It can no longer be about delivering standalone solutions from individual companies leaving the customers to integrate all these. Here’s why:
The “Current” Cybersecurity Model
The current cybersecurity model for vehicle OEMs, and pretty much any other large organization attempting to protect its products and services and internal systems, follows the typical methodology of:
- Research available cybersecurity technologies in the market from various companies as they pertain to their industry/company’s products and services, and internal systems
- Determine which technologies can address which specific cybersecurity problems
- Do some assessments of targeted technologies which seem most promising
- Acquire some of the targeted technologies to integrate within their internal IT processes and for protecting their products and services
- Maximize the use of each technology based on its features and functionality
- Attempt to stitch together these various disparate cybersecurity technologies to create a more unified holistic view and interpretation of the data to discover and act on threats
- Deal with the myriad of updates/upgrades and product overhauls for each cybersecurity technology acquired. Attempt once again to retain a cohesive, integrated security solution, and in parallel attempt to maintain some of the automated processes you had achieved with the earlier versions of these cybersecurity products
- Deal with replacing a product outright when the licensing scheme simply gets too expensive or when the product becomes much less effective compared to others
- Train, train, and retrain your cybersecurity staff to stay on top of all the above
- Retain the services of cybersecurity consultants to assist internal staff in dealing with the onslaught of dealing with all of the above
Securing the Modern Vehicle
Findings from a 2018 study by the Ponemon Institute “Securing the Modern Vehicle” shows the precarious position that both vehicle OEMs and their suppliers find themselves.
- 84% of respondents in this study have concerns that cybersecurity practices are not keeping pace with evolving technologies
- 30% of vehicle OEMs and suppliers combined do not have an established product cybersecurity program or team
- 41% of automotive suppliers alone do not have an established product cybersecurity program or team
- 63% of respondents test less than half of hardware, software, and other technologies for vulnerabilities
- 52% of respondents in the study are aware of potential harm to drivers of vehicles because of insecure automotive technologies, whether developed by third parties or by their organizations
The cycle is never-ending with little to show for other than attempting to keep up with rapidly increasing and adaptive threats. This model also makes it impossible for organizations to achieve their cybersecurity goals since in the end, constant requests for added funding, time, and resources cannot be met.
The Collaborative Cybersecurity Model
In contrast to the current model, the Collective Cybersecurity Model is all about collaborating with participating cybersecurity companies, vehicle OEMs and their suppliers, sharing and exchanging cybersecurity-related information in a continuous real-time manner. From a high level, when signing on to this model, no partner keeps any information to itself and or waits to share information. Once information is shared, the partners work together to address the issue as one company. This way, vehicle OEMs will interact with, a single entity — not four or five different cybersecurity companies. It’s that simple.
The key concepts are “share and exchange” and “continuous real-time.” Threat related information is always made available to all partners for analysis and action when and/or if necessary. Not only is the threat info shared, but so is the evolving analysis of the threat as well as any required actions to counter it.
As part of the three-plus years of research ATIS has conducted on Collaborative Cybersecurity, working with the various cybersecurity companies, it is undeniable that every industry needs to revamp its current cybersecurity model. Industries should move to a model that is collaborative at its very roots. A collaborative model will produce the most effective and timely information and provide the best overall protection against the gambit of cyber threats that continue to evolve and grow.
The Collaborative Cybersecurity model is defined by five Key Elements which consist of the following:
- Threat Intelligence
- Hardware Security
- Software Security
- Network Security
- Cloud Security
Outlined below are some examples of the high-level functional requirements that fall under each of the Key Elements. The functions listed below are by no means exhaustive but serve as a guide as to what one would expect to see under each pillar.
Whenever there is talk of disruptive technology, methods, and processes challenging the Status Quo, there is always a good dose of skepticism. Some will knock the idea down because it doesn’t fit within their plans. Some will want to protect their interests by retaining the current way of doing business. Even if it is proven to be a failed model to address new cybersecurity problems that keep growing, adapting, and getting smarter faster.
Cybersecurity and technology companies need to bring their diverse expertise, experience, and knowledge to the table to showcase the value of a Collaborative Cybersecurity Model for the vehicle OEM industry. If vehicle OEMs cannot demonstrate and develop a coordinated and collaborative cybersecurity strategy to safeguard consumers, governments will likely step in quite vigorously. Governments may enact specific mandated cybersecurity policies/laws that vehicle OEMs may find expensive and time-consuming to develop, introduce, and support.
Learn more about the ATIS Connected Vehicle Cybersecurity initiative.
Read the full post from which this blog is excerpted here.
Denis Niles currently leads TELUS’ 4G LTE & 5G wireless lab and field testing for drones and Unmanned aircraft Traffic Management (UTM) systems to enable Beyond Visual Line of Sight (BVLOS) drone deployments for commercial use. He is part of the Canadian Regulatory Action Team that is tasked with developing the rules, policies and regulations for NAV & Transport Canada towards enabling secure & safe drone flights in Canadian airspace.
Denis also works as part of ATIS’ Connected Vehicle Cybersecurity Ad Hoc, which is developing a new Vehicle OEM cybersecurity architecture, entitled the Collaborative Cybersecurity Framework. At the global level, he is part of the new ITU Focus Group on Artificial Intelligence for Autonomous & Assisted Driving with the goal of significantly reducing traffic deaths globally through the use of AI in autonomous vehicles. Denis has previously worked at the Royal Canadian Mounted Police in network engineering, Nortel Networks within Optical R&D, as well as several technology start-ups.