Coinciding with CES there have been many automotive cybersecurity related announcements. For details of almost EVERYTHING automotive at CES check out our best of CES article that contains almost every automotive announcement you can think of, except for cybersecurity companies.
Upstream Profiles How Hackers Attack
Cyber hacks might cost the auto industry $24 billion within five years, according a new study released by Upstream Security, the first and only cloud-based Smart Mobility Cybersecurity provider.
Upstream issued its first comprehensive report studying the impact of more than 170 documented, Smart Mobility, cyber incidents reported between 2010-2018 and projects future trends based on that eight-year history.
Upstream Security Global Automotive Cybersecurity Report 2019 outlines how hackers attacked — from physical to long-range to wireless and more — and who they targeted in the Smart Mobility space.
“With every new service or connected entity, a new attack vector is born,” said Oded Yarkoni, Head of Marketing at Upstream Security. “These attacks can be triggered from anywhere placing both drivers and passengers at risk. Issues range from safety critical vehicle systems, to data center hacks on back-end servers, to identity theft in car sharing, and even privacy issues. The risk is immense. Just one cyber-hack can cost an automaker $1.1 billion, while we are seeing that the cost for the industry as a whole could reach $24 billion by 2023.”
Increasingly, the automotive world is becoming a Smart Mobility ecosystem, according to Yarkoni. Connected cars, autonomous vehicles, ride-sharing services and aggregated transport of all kinds are adding complexity and risk at an incredible rate. This report is the first of its kind; based on real-life incidents and provides an insight into who is at risk, how key stakeholders are protecting themselves and emerging trends for 2019.
Key Highlights and Insights
- While car manufacturers are an obvious target, Tier 1 suppliers, fleet operations, telematic service providers, car sharing companies and public and private transportation providers are facing an ever-increasing threat.
- In 2018, the number of cybercriminals (what the industry calls Black hats) attacks eclipsed the number of White hat (security specialists who breaks into protected systems to test and asses their security) incidents. This is the first time in the history that has happened in the Smart Mobility space.
- Security needs to be multi-layered. This includes in-vehicle for close-proximity attacks, automotive cloud security for multiple vehicles, services and applications, and network security for the network side of the architecture.
- 42 percent of automotive cyber-security incidents involve back-end application servers.
- Two new kinds of cyber-attacks are emerging through car sharing and driver exchange. These are having a measurable impact on fraud and data privacy.
These highlights and more are in the full report, available for download here.
Karamba will be presenting at CES 2019 the latest in automotive cybersecurity. At this innovation-filled show, that demonstrates the future of smart mobility, Karamba will focus on how to protect the industry from cyberattacks and secure industry growth.
Come participate in a real car hacking demo or prevent cyberattacks launched at the car. Meet Karamba Security’s executives, learn about the latest technologies and trends for In-Vehicle Security and see the partners eco-system that is developing around automotive-cybersecurity. Westgate Paradise Center, Smart Cities Hall, booth #929.
Upstream Security, provider of automotive cloud-based cybersecurity solutions, introduced a program that will provide carmakers protection in and outside vehicles and safely enable transformational technologies under development.
“Car companies want the freedom to work with multiple security and infrastructure suppliers,” said Yoav Levy, Upstream CEO, and co-founder. “We get that, which is why we worked so hard to make in-vehicle, infrastructure and application providers work with our unique, cloud-based solution. Now they can have protection in the cloud and in the vehicle and not be forced into a supplier relationship that is less than ideal.
“More importantly, for example, we can protect the integrity of three dimensional mapping required for autonomous vehicles or help a car ‘talk’ to its surrounding infrastructure as it moves through a smart city. It’s these transformational technologies that require protection in the cloud, not just in the vehicle.”
Upstream announced its Secured Mobility Partner Program to meet growing worldwide demand for its smart mobility cyber security solution.
Upstream’s ecosystem of Technology, Consulting and Channel partnerships features multiple certified partners. Partners align their products and solutions with the industry’s first and only centralized cybersecurity data platform built specifically for smart mobility and automotive requirements.
Partners joining the growing ecosystem directly team with Upstream to optimize and document how their products integrate and operate with Upstream’s commercial products. This includes drawing upon Upstream’s in-house engineering and cybersecurity expertise to design, experiment, test and validate their technical solutions. Technology partners integrating with Upstream’s C4 Centralized Connected Car Cybersecurity platform enable customers to access to a comprehensive and effective vehicle and infrastructure protection offerings across the entire smart mobility stack, from vehicle components to next-generation services built around the connected car.
SafeRide Technologies, the first automotive cybersecurity company to offer a multi-layer deterministic and heuristic anomaly detection and threat prevention solution, today announced the launch of vXRay, a behavioral profiling and anomaly detection technology for connected vehicles’ Security Operation Centers (SOC). vXRay can be seamlessly integrated into customers’ connected vehicles’ SOC independently of vehicle architecture or ECU sourcing. It can help customers uncover zero-day vulnerabilities, provide early detection of vehicle malfunctions and flag misuse and abuse problems.
vXRay uses advanced, unsupervised machine learning paradigms in a fully autonomous process to establish the normal behavior of the vehicle without dependencies or previous knowledge of ECU properties and protocols. Once the behavioral baseline is established, the machine learning models can accurately detect, categorize and flag any abnormal behavior and report it to the connected vehicles’ SOC for further analysis.
SafeRide’s vXRay technology was proven to effectively detect all cyberattacks and vehicle malfunctions in multiple vehicle models in customer testing, and is being implemented by several major automotive vendors as part of their 2019 security strategies.
(Trillium), the leader in secure data management, is offering a full-scale experience of the world’s most trusted mobility services platform at CES 2019.
Trillium’s Trusted Mobility Platform and Services are predicated on establishing two distinct elements of trust – security and data integrity beginning in the electronic control units (ECUs) within the vehicle where raw data is derived, and in the cloud where blockchain technology encapsulates and verifies data for machine learning processing and secure mobility commerce.
Trillium’s platform and trusted data services address the $1.5 trillion question of how to unify mobility-as-a-service providers, technologies like artificial intelligence, and the necessary qualities of security and data integrity, towards the cause of transforming transportation.
Trillium’s booth at the show to gain an in-depth understanding of the platform and its transformative effect on the industry of connected and autonomous vehicles. Trillium’s booth location for the event is: Enterprise Solutions Hall, Westgate – Booth #501, Westgate Paradise Center.
In addition, a fleet of Trillium-branded Teslas will be deployed in full force through Las Vegas, with the Model 3 squadron up and down “The Strip” while a Model X in the booth will feature every part of the Trillium Secure trusted data services platform.
Trillium Secure makes connected and autonomous vehicles safe and keeps personal information private through its Trusted Mobility Platform and Services powered by blockchain and AI. By establishing trust in data integrity, Trillium facilitates a marketplace for trusted data, applications and services, in addition to positioning customers for compliance with privacy regulations and protecting them from cyber-threats. Trillium accelerates innovation and monetization for OEMs, insurance and mobility-as-a-service providers.
ZeroDayGuard with DENSO
ZeroDayGuard is Dellfer’s IoT cybersecurity solution that prevents zero-day cyberattacks on IoT devices through built-in code execution protection. It is enabled with one operation in the development of IoT device code, and subsequently can instantaneously detect root cause hacks and cyberattacks remotely in the cloud. Dellfer’s solution approach does not use signatures or machine learning to thwart attacks, but an inside out rapid instrumentation to increase immediate precision and virtually eliminate the false positive problem that plagues many cybersecurity solutions.
Dellfer and DENSO are demonstrating ZeroDayGuard at CES 2019 in Las Vegas (North Hall, booth #4619) next week.
Other cybersecurity companies on display at CES include
CRI Cyber Readiness Program
The Cyber Readiness Institute (CRI) announced the launch of the Cyber Readiness Program, backed by global enterprise leaders, to educate and equip small and medium-sized businesses (SMBs) with tools and resources to address four primary cybersecurity issues: authentication, phishing, patching, and USB use. The Program focuses on embedding basic cyber policies and processes into a company’s operating culture. The goal is to engage a company’s entire workforce, create a culture of cyber readiness, and build a more cyber secure and resilient organization.
Verizon Data Breach Investigation
According to the Verizon 2018 Data Breach Investigations Report (DBIR), 58 percent of data breach victims globally are small businesses. On top of this, many SMBs report doing very little to protect themselves because they lack the required resources, capabilities, and knowledge to do so.
The Cyber Readiness Program was developed with input from leading security experts at global companies, subject matter experts, and feedback from a pilot program of SMBs. The free, self-guided online program provides resources and tools—including policies, posters, and workforce education materials —that align with each step of the Program’s five-stage process. Companies are prompted to designate a Cyber Leader, who already works within their organization, to take ownership of the Program.
For companies primarily interested in the policies and communications materials of the Program, an Awareness Kit is also available.
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.