WATERLOO, ONTARIO – December 6, 2017
– While the integration of technology and connectivity in automobiles greatly improves
the driving experience, it also creates complex cybersecurity challenges for
automakers. To address these new concerns, BlackBerry Limited (NYSE: BB; TSX:
BB) today laid out a recommended framework to harden connected and autonomous vehicles
against cyberattacks.
– While the integration of technology and connectivity in automobiles greatly improves
the driving experience, it also creates complex cybersecurity challenges for
automakers. To address these new concerns, BlackBerry Limited (NYSE: BB; TSX:
BB) today laid out a recommended framework to harden connected and autonomous vehicles
against cyberattacks.
“Protecting a car from cybersecurity
threats requires a holistic approach,” said Sandeep Chennakeshu, President of
BlackBerry Technology Solutions. “Leveraging our experience as a leader in
cybersecurity and embedded automotive software, BlackBerry has created a
recommended framework to protect cars from cybersecurity threats. If followed,
we believe vehicles will not only be secure but BlackBerry Secure.”
threats requires a holistic approach,” said Sandeep Chennakeshu, President of
BlackBerry Technology Solutions. “Leveraging our experience as a leader in
cybersecurity and embedded automotive software, BlackBerry has created a
recommended framework to protect cars from cybersecurity threats. If followed,
we believe vehicles will not only be secure but BlackBerry Secure.”
Within this framework automakers and
their supply chains can deploy their technology choices to differentiate.
their supply chains can deploy their technology choices to differentiate.
BlackBerry’s recommendation leverages
the company’s proven expertise in security and accounts for industry trends in
connectivity and automated driving. The key points, outlined in the whitepaper
titled “Cybersecurity for Automobiles: BlackBerry’s 7-Pillar Recommendation,” are
summarized below. The full version of the whitepaper can be downloaded here.
the company’s proven expertise in security and accounts for industry trends in
connectivity and automated driving. The key points, outlined in the whitepaper
titled “Cybersecurity for Automobiles: BlackBerry’s 7-Pillar Recommendation,” are
summarized below. The full version of the whitepaper can be downloaded here.
1. Secure
the supply chain: Establish a root of trust
by ensuring every chip and electronic control unit (ECU) in the automobile can
be properly authenticated and loaded with trusted software, irrespective of
vendor or manufacturer. Scan all software deployed for compliance to standards
and required security posture. Conduct regular evaluations of the supply chain
from a vulnerability and penetration testing perspective to ensure they are
certified and “approved for delivery.”
the supply chain: Establish a root of trust
by ensuring every chip and electronic control unit (ECU) in the automobile can
be properly authenticated and loaded with trusted software, irrespective of
vendor or manufacturer. Scan all software deployed for compliance to standards
and required security posture. Conduct regular evaluations of the supply chain
from a vulnerability and penetration testing perspective to ensure they are
certified and “approved for delivery.”
2. Use
trusted components: Create a security architecture that is deeply
layered in a defense in depth architecture, with secure hardware, software, and
applications.
trusted components: Create a security architecture that is deeply
layered in a defense in depth architecture, with secure hardware, software, and
applications.
3. Employ
isolation and trusted messaging: Use an electronic system architecture
that isolates safety critical and non-safety critical ECUs and can also
“run-safe” when anomalies are detected. Additionally, ensure all communication
between the electronics in the automobile and the external world are trusted
and secure. Further, ECU-to-ECU communication needs to be trusted and secure.
isolation and trusted messaging: Use an electronic system architecture
that isolates safety critical and non-safety critical ECUs and can also
“run-safe” when anomalies are detected. Additionally, ensure all communication
between the electronics in the automobile and the external world are trusted
and secure. Further, ECU-to-ECU communication needs to be trusted and secure.
4. Conduct
in-field health checks: Ensure all ECUs have
integrated analytics and diagnostics software that can capture events, and are able
to log and report the same to a cloud-based tool for further analysis and to
initiate preventative actions. Moreover, automakers should confirm that a
defined set of metrics can be scanned regularly when the car is in the field, as
well as be able to take actions to address issues via secure over-the-air (OTA)
software updates.
in-field health checks: Ensure all ECUs have
integrated analytics and diagnostics software that can capture events, and are able
to log and report the same to a cloud-based tool for further analysis and to
initiate preventative actions. Moreover, automakers should confirm that a
defined set of metrics can be scanned regularly when the car is in the field, as
well as be able to take actions to address issues via secure over-the-air (OTA)
software updates.
5. Create
a rapid incident response network: Share common
vulnerabilities and exposures among a network of subscribing enterprises so
expert teams can learn from each other and provide advisories and fixes in
shorter time frames.
a rapid incident response network: Share common
vulnerabilities and exposures among a network of subscribing enterprises so
expert teams can learn from each other and provide advisories and fixes in
shorter time frames.
6. Use
a lifecycle management system: Proactively re-flash a
vehicle with secure OTA software updates as soon as an issue is detected. Manage
security credentials via active certificate management. Deploy unified endpoint
policy management to manage applications downloaded over the lifetime of the
car.
a lifecycle management system: Proactively re-flash a
vehicle with secure OTA software updates as soon as an issue is detected. Manage
security credentials via active certificate management. Deploy unified endpoint
policy management to manage applications downloaded over the lifetime of the
car.
7.
Make safety and security a
part of the culture: Ensure every organization
involved in supplying auto electronics is trained in functional safety and security
best practices to inculcate this culture within the organization.
Make safety and security a
part of the culture: Ensure every organization
involved in supplying auto electronics is trained in functional safety and security
best practices to inculcate this culture within the organization.
BlackBerry
has developed and is developing innovative technologies, tools, and services
for each of these 7-Pillars. The company will demonstrate its vision for connected
cars and autonomous vehicles at the 2018 Consumer Electronics Show in Las Vegas
on January 9-12 (Booth #7523, North Hall). For reporters interested in meeting
with BlackBerry, please email mediarelations@blackberry.com.
has developed and is developing innovative technologies, tools, and services
for each of these 7-Pillars. The company will demonstrate its vision for connected
cars and autonomous vehicles at the 2018 Consumer Electronics Show in Las Vegas
on January 9-12 (Booth #7523, North Hall). For reporters interested in meeting
with BlackBerry, please email mediarelations@blackberry.com.
About BlackBerry
BlackBerry is a cybersecurity software
and services company dedicated to securing the Enterprise of Things. Based in
Waterloo, Ontario, the company was founded in 1984 and operates in North
America, Europe, Asia, Australia, Middle East, Latin America and Africa. The
Company trades under the ticker symbol “BB” on the Toronto Stock Exchange and
New York Stock Exchange. For more information, visit www.BlackBerry.com.
BlackBerry is a cybersecurity software
and services company dedicated to securing the Enterprise of Things. Based in
Waterloo, Ontario, the company was founded in 1984 and operates in North
America, Europe, Asia, Australia, Middle East, Latin America and Africa. The
Company trades under the ticker symbol “BB” on the Toronto Stock Exchange and
New York Stock Exchange. For more information, visit www.BlackBerry.com.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!