Advancing Role Of A CHRO

By John Lucas, SVP, Human Resources, The Goodyear...

Advancing Role Of A CHRO

The

By Tim King, Global VP of IT, Ideal Clamp...

The "Art of No"

Decoding Emotional Purchase Decisions

By Laura Schwab, President, Aston Martin

Decoding Emotional Purchase Decisions

Automotive Connectivity Innovations Require A New Approach To Cybersecurity

By Tim Frasier, President of Automotive Electronic...

Automotive Connectivity Innovations...

What Are the Requirements of Vehicle SOC?

By Auto Tech Outlook | Monday, February 17, 2020

Vehicle SOCs should utilize particular analytics, enabling it to detect and send alerts concerning anomalies, which could also signify a cyber-attack. The occurrence stems from the need to interpret the information and understand the context, and it is only possible using deep domain expertise.

FREMONT, CA: With the rise in the number and complexity of cyber-attacks targeting connected vehicles, it is not startling that large vehicle OEMs (Original Equipment Manufacturers) either run a Security Operations Center (SOC) or is in the process of establishing one.

A SOC can be used by these OEMs to watch, alert, and react to cyber-attacks with closeness, thus, protecting the connected vehicles, fleets, and services that they produce and administer.  The vehicle SOC is a concept that is facing unique challenges that are completely different from the traditional enterprise SOC. Hence, it requires a set of skills to allow it to handle new tasks:

1. Ingest Various Feeds

Mobility needs the use of multiple information feeds from diverse stakeholders using different protocols:

• Telematics (Data sent from vehicles to telematics servers, and instructions being sent the other way), proprietary protocols, different versions per car model.

• OTA software updates.

• Consumer mobile application–connected to the car remotely.

• Vehicle APIs (vehicle delivery).

• Mobility services and apps (car sharing).

• In-vehicle security and sensors.

The Vehicle SOC should be able to ingest all these feed types, process them, and analyze them.

2. Correlation between Various Feeds

Any SIEM (Security Information Event Management) platform, a primary tool used at SOCs can correlate between information feeds. Still, no platform was designed to see connection across multiple time zones, geographies, vehicle and driver types, and various ownership models (rented, private, and shared). Therefore, specific rules ought to be applied to allow for a correlation between several mobility-related objects and groups.

3. Mobility-Specific Analytics

Vehicle SOCs should utilize particular analytics, enabling it to detect and send alerts concerning anomalies, which could also signify a cyber-attack. The occurrence stems from the need to interpret the information and understand the context, and it is only possible using deep domain expertise.

For example, a few OEM vehicles send updates to the cloud in real-time, while others send them in batches. Understanding the function is the key to distinguish if such activity is regular (as it correlates to standard update patterns) or unusual (representing a malfunction or cyberattacks that thwart the vehicle from sending updates).  

4. Real-Time Detection

Vehicle SOCs must detect incidents in near real-time and mitigate the risk to avoid further threats to the entire fleet. The security analytics needs to have its algorithms run in real-time and able to analyze millions of messages per second and identify the attacks before they affect the whole fleet of cars.

See Also; Top Cybersecurity Consulting/Services Companies

Read Also

follow on linkedin follow on twitter Copyright © 2020 www.autotechoutlook.com All Rights Reserved | Privacy Policy
Top