With an Aim to Optimize Telematics Security
By Kevin Baltes, CISSP Director & CISO – Product Cyber security, General Motors
With individuals averaging over 290hours a year in a vehicle (AAA.com, 2016), the use of connected services and telematics has become common for drivers and passengers. Individuals are fueled by the need to be constantly connected with their surroundings and devices, and most of their environment is a part of the Internet of Things (IoT). Another “device” that is part of the IoT is the modern connected vehicle.
Individuals’ needs for convenience, sharing, safety, and peace of mind have extended to automobiles with advanced infotainment systems and the availability of services like General Motors (GM) OnStar. Today, GM’s available infotainment systems have advanced personalization settings to store car’s seat settings, radio presets, displays, etc. With theavailable4G LTE hotspot available in the GM vehicle, up to seven passengers can remain connected while in transit. GM has over 5 million 4G LTE connected vehicles on the road today. These connections are resulting in a large amount of data being exchanged between the vehicle and the cloud. (The “cloud” can be the manufacturer’s IT back office, or IT services hosted by a third party, or a combination of both.)
"A best practice is to use threat modeling and to adopt a risk-based methodology to identify assets and data that need protection, and to what degree"
The modern connected vehicle helps automobile manufacturers not only create a premium vehicle ownership experience, but it also helps from a business perspective. The manufacturer can monitor vehicle data to improve features, quality, and sales. The gathered data also leads the way to new revenue-generating services and operations-related techniques. Some of the latest technological advances in GM vehicles include proactive diagnostic monitoring and alerts, through which vehicle information is collected and analyzed by GM to provide service information to customers.GM also has more than half a million enrolled in Insurance Discount programs. Protecting customer privacy is imperative, and in the connected vehicle context, GM does not collect or use personal information unless it receives appropriate consent to do so from the consumer.
With such a vast array of data being exchanged, security becomes a primary concern. In the case of the connected vehicle ecosystem, authentication between the endpoints and encryption of data are major steps towards securing the vehicle and ensuring the customer’s privacy. Authentication between the vehicles and the back office acts to mitigate unauthorized access to the communications channel. By leveraging industry best practices for security techniques and protocols, a balance between user experience and security can be achieved.
A best practice is to use threat modeling and to adopt a risk-based methodology to identify assets and data that need protection, and to what degree. Understand the sensitivity and importance of the assets and data in the ecosystem. A risk-based approach will govern the amount of protection your assets and data need. Depending on its sensitivity and importance to the company and a hacker, the level of security is set to assure the confidentiality, integrity, and availability of the information or asset. The CIA triad is a tried and true model to guide your information security program.
Another best practice is to use layers of protection, or a defense-in-depth strategy. No system is impenetrable given enough time and effort; therefore, the goal is to make it difficult for a hacker to break through by using a series of defensive measures so he or she moves on to an easier target. Or, in conjunction with a robust and well monitored intrusion detection system, an adversary can be quickly identified and thwarted.
Next, the ability to recognize a security “event” is critical in your telematics system. You must have an Incident Response Plan (IRP) to help guide stakeholders in determining whether a “security incident” has occurred and if it requires special action. The IRP should call out the technical team members and business team members and their responsibilities. While it’s certainly important to contain, asses root cause, and remediate the incident, it’s also important to work in parallel with legal, communications, and public policy staff to determine if any communications are required for internal leaders, public officials, and customers. It is also likely a Cybersecurity IRP will call, and be called by, other IRP’s within the broader organization.
A security event may originate from many sources, including intelligence gathering from your Security Operations Center. Another source is academia and the research community. GM values the work of third-party researchers, and in early 2016 formally launched the GM Security Vulnerability Disclosure Program through which security researchers who find suspected security bugs or vulnerabilities can inform GM via a security website portal hosted by a trusted third party. The Program was developed with close attention to published standards related to disclosure, benchmarking of other disclosure programs, and direct interaction with the research community.
Finally, cybersecurity must be a priority for top leadership. This is an organizational mindset to be driven top-down. GM takes cybersecurity very seriously, has devoted substantial resources to address it, and continues to do so. GM was the first auto manufacturer to create an integrated and dedicated global organization, Product Cybersecurity, about three years ago. This organization consists of a growing team of internal experts who collaborate with outside specialists and third parties to ensure our products keep our customers’ safety, security, and privacy at the center of everything we do.