Continental’s Four Stage Plan for Automotive Cyber Security

Before Continental announced its purchase of Argus Cyber Security, the company announced it’s four stage approach to automotive security. To ensure that the complex vehicle system and all its individual components can be reliably secured, Continental has chosen a multilayered approach that maintains security at a consistently high level. This involves conducting a detailed risk analysis for new projects to ensure secure products and services that comply with the regulations. We find it interesting that Argus is a security firm and the purchase by Continental was leaked on Monday to the the Israreli media.

Together, Argus and Continental will offer multi-layered, end-to-end security solutions and services including intrusion detection and prevention, attack surface protection and fleet cyber security health monitoring and management via a security operations center (SOC) to protect vehicles in the field over their entire lifespan. The companies will also provide software updates over-the-air solutions. Argus’ technology was tested by vehicle manufacturers, their suppliers and independent third parties, and has repeatedly out-performed its competitors.

The further interconnectivity goes, the more demanding the requirements become on general security specifications and standardized frameworks, as a world that has been offline for decades is transforming into an environment that is perpetually online. That is why cyber security is at the heart of the development of products and services at Continental. The technology company is developing end-to-end solutions with the aim of ensuring the highest possible degree of security at all times.

“Until now, most reports of vehicle hacks have been attributed to security researchers or “white hat” hackers. To ensure that nothing changes in that respect, cyber security needs to be taken into account right from day one in product development, so that potential security loopholes do not arise in the first place,” says Andreas Wolf, head of Continental’s Body & Security business unit, explaining the company’s approach.

“We refer to this process as ‘security and privacy threat analysis, risk assessment and risk treatment’, and we consider not only initial development but also the entire product life cycle,” explains Wolf.

In addition, end-to-end security solutions are used with the primary goal of detecting and preventing attacks on a vehicle (external interface protection & monitoring). To do this, Continental protects the vehicle’s communication interfaces with the outside world. The vehicle system itself also needs protecting. One method of doing this is to constantly check communication on the CAN bus for anomalies, and for communication between individual control units to be encrypted (in-vehicle network protection & monitoring).

One significant aspect that Continental also takes into account in its approach to security is that of permanently monitoring the current status of the vehicle system (in-vehicle state-of-health monitoring). This must be reported regularly to a security operations center, such as the one operated centrally by Continental, so that vehicle fleets in the field can be checked for security loopholes. In serious cases, automotive manufacturers and suppliers can thus look for solutions, develop a security patch and update the vehicle fleet via over-the-air updates quickly and without the need for a workshop visit, all within a short space of time.

“We are building up an entire ecosystem of security-relevant elements for our solutions so that we can offer our customers a customized design from a single source, and one that is available right from the early definition phase of a project,” says Wolf.

The overall package is completed by the involvement of software products of the Continental subsidiary Elektrobit. This enables the developers to call upon both basic software components and application software when building the security architecture for the electronic control units so that they can make the system secure.

Cyber Security in 4 Stages

Cyber security is one of the major tasks facing the entire automotive industry when it comes to the connected car of the future. Continental looks at it from four angles. The first concerns the individual electronic components, which act as tiny computers responsible for all manner of functions in the vehicle, from the engine control unit to the windshield wipers and the access control system. Secondly, communication between these individual components, which represents the entire system that is the vehicle.

Thirdly, the numerous interfaces between the vehicle and the outside world. Fourthly, with the car as part of the Internet of Everything, cyber security needs to be considered beyond the limits of vehicles, including the cloud and the back end as well.

“It is clear that absolute security is not possible. Industry will always be racing against cybercriminals. With our solutions, however, we are creating state-of-the-art barriers against cyber-attacks and making them as high as possible.”