Cisco’s remedy for connected car security: Treat the car like an enterprise

As cars become more connected, they also becoming more vulnerable to hacks. After all, your car — unlike your computer or phone — moves at 60 mph under its own power. A compromised connected car could be a fatal one.
Cisco Systems(s csco) and auto components maker Continental believe they have an answer to the security threat facing the vehicle of the future: treat it like an enterprise. Each car should have security and access permissions of a self-contained enterprise network, and every incoming and outgoing communication would be monitored and managed the same way an IT department walls off a corporate network from the outside world.
Cisco and Continental seem to be taking the threat of malicious hacks very seriously. In this rather dramatic slide, Cisco shows all the different points of vulnerability – or “surfaces of attack” – in a connected car as their number of outside connections increase, various vehicular networks become interlinked and automakers grant more access to the car’s underlying technology. (The flames and skull are a bit much.)

Cisco Connected Car security slide
Continental and Cisco this week showed off a concept car in Travers City, Mich., loaded up with the former’s routing gear and the latter’s software. Cisco’s contribution was essentially a software-based security gateway that manages user identity, filters content and guards against security threats, said Andreas Mai, Cisco director of product management for connected systems. The gateway also acts as an optimization tool, prioritizing certain types of traffic — for instance VoIP or video — and managing connections so that you’re not using high-bandwidth apps over expensive cellular networks, Mai said.
Today most connected car apps are confined to the infotainment system and don’t have access to the more sensitive systems or controls of the vehicle. But that’s changing. Automakers like Ford(s f) and General Motors(s gm) are beginning to let developers into the normally walled off controller area networks (CAN) of their cars. Those controller networks in turn link to the advanced driver assistance systems (ADAS) emerging in today’s vehicles as precursors to the autonomous vehicle.
At the Defcon 21 conference last month, two white hat hackers demonstrated how they could take control of a Toyota(s tm) Prius with their laptops, forcing the car to brake, accelerate and swerve suddenly. The security experts were in the car in question, plugged directly into the Prius’s CAN bus, so this isn’t exactly an example of hackers taking over your vehicle by remote control. But as the CAN network is linked to the internet at large, it’s not hard to imagine the potential grizzly outcome of a malicious attack.