Can you imagine a life without your pocket-sized ‘butler’? The smartphone has become a necessity today, it makes our life easier and more comfortable thanks to the many apps. The more our little, digital helper ‘knows’, the better it can take over some tasks and support us in organising our lives.
But the more services I use, the more information I divulge about myself and the more transparent I become. It’s not just a matter of my personal data, but all data that I use.
The same goes for our ‘butler on four wheels’ in regard to autonomous driving. Vast quantities of data come up – with every trip! In principle, any set of information can be misused and every transmission can be manipulated. But it’s an impossibility to control all data and the flow of information.
No one-size-fits-all approach to security
Instead of setting an impossible goal, we should ask ourselves which vehicle functions should be monitored and how thoroughly. In other words, there is no such thing as 100% security for everything. That’s why it is recommended to consider what needs to be protected and how well it needs to be protected (see the following image).
 |
Low-level security: Infotainment functionality updates in the car, such as music streaming, should be as simple as possible, for example. That means without even log-in data. Such a function can be classified as non-critical with regard to safety, i.e. as having no effect on driving-relevant functions.
Mid-level security: Updates for services like ‘Car Finder’ poses a middle security challenge; the service is not relevant to driving, but important information about the driver and his/her movement habits accrue wit this service. During an update, it should be clearly evident which new functionalities are using what data about the driver.
High-level security: As soon as it’s about actual driving, we are in ‘high-security’ territory. One manipulated update, for example affecting the camera software, can result in the incorrect identification of traffic signage and, in conjunction with (partially) autonomous driving, consequently lead to the wrong speed at the wrong spot.
Highest level of security: It could become absolutely critical, if an ‘over the air’ update (OTA update) for the engine control is accessed. An extra 50 hp over the weekend for a drive through the mountains – that is every driver’s dream. But if something goes wrong there – read: hacker attack – then an OTA update might quickly become a nightmare.
The higher the security, the lower the user friendliness.
It is therefore of paramount to determine the right security level for the right service, in order to establish the right balance between functionality and security. That’s because the most secure service is useless, if activating or operating it is so complicated that nobody uses it!
Holistic security concepts with NTT DATA
Will it be the sole task of an OEM to anticipate the just-mentioned security levels? No! Due to the increasing interconnectedness of the vehicle, the responsibility for a unified security concept must be shared – among all participants in the ‘connected-car ecosystem’.
In the future, all ‘players’ will therefore work hand in hand vis-à-vis autonomous driving in all security matters: from the automotive industry to insurance companies, banks and telecommunication service providers, to energy suppliers and logistics companies.
NTT DATA has been at home in all of these industries for decades. Together with our sister company NTT Security, we are the ideal partner to bring everyone involved in autonomous driving ‘to the table’ for holistic security concepts.
