This is part 4 of a four-part series on autonomous vehicle cybersecurity. Part 1 explains the autonomous vehicle software stack, part 2 and part 3 review the various attack vectors and security gaps, and finally, this part explains why you need expertise for development and ongoing risk mitigation.
Autonomous vehicle engineers have an obligation to do everything they can to defend against firmware threats. If nothing else, they need to protect themselves. Selling vehicles that are later revealed to have vulnerabilities is expensive and scars the company’s reputation. Instead of taking a reactive approach, OEMs should develop robust internal processes for firmware development and ongoing risk mitigation.
Protection from the Start: Design and Development
Firmware development across any device is a resource-intensive project. Add in the elements of numerous interacting systems and devices within a single vehicle, and the complications increase exponentially. However, proper firmware development is of the utmost importance as it is the first line of defense against attacks. Given the recent developments in autonomous vehicles, especially at the L4 and L5 levels, it is particularly challenging to find individuals or teams with the right expertise.
Never Let Your Guard Down: Ongoing Risk Mitigation
Industry Group and Public Sector Support
Luckily, firmware risk has already been significantly mitigated thanks to the work done by industry groups and public sector organizations. These groups have already invested a lot of resources into developing and promoting firmware standards and specifications to help improve security, including cybersecurity in autonomous vehicles.
For example, the Unified Extensible Firmware Interface Forum publishes the UEFI specification, including the UEFI Secure Boot protocol. In addition, the Trusted Computing Group (TCG) designs hardware that can store and protect platform secrets like encryption keys and other data that need to be secure.
For cybersecurity in autonomous vehicles specifically, the following groups are developing critical baseline security standards:
- Automotive Cybersecurity Industry Consortium (ACIC)
- Automotive Information Sharing and Analysis Center (Auto-ISAC)
- Alliance for Automotive Innovation
- SAE International
Understanding the Responsibility of Cybersecurity in Autonomous Vehicles
While the work and support from these groups are of great use to the industry, it is still up to automotive manufacturers to:
- Build secure firmware based on industry best practices
- Implement recommendations and standards
- Monitor all of the specifications and vulnerability alerts
- Develop and distribute patches for vulnerabilities once they become aware of them
Unfortunately, not all organizations have the expertise to establish a secure development process as well as perform ongoing risk mitigation.
Some OEMs are diligent about firmware patching. They may even have an automated firmware updating service that pushes patches to end-user devices. However, not all OEMs patch firmware. This is not a healthy state of affairs, but it is very real. This deficiency can be due to a lack of resources, expertise, or both. The result is a firmware ecosystem that is rife with unremediated vulnerabilities.
The solution: Outsource autonomous vehicle firmware development and security to experts.
Partner with Phoenix, the AV Security Experts
As the original independent firmware company, Phoenix has over 40 years of experience developing, deploying and patching firmware across various devices. We collaborate closely with leading Tier 1 autonomous vehicle system providers to architect complete autonomous vehicle firmware solutions. Our software is built to support the L4/L5 future of autonomy based on our deep understanding of the critical roles that firmware and firmware security play in the autonomous vehicle industry.
At Phoenix, we partner with you throughout the entire firmware life cycle, from initial development and deployment through post-production support and ongoing security:
- Research and development: comprehensive consulting and research services
- Customer engagement: expert autonomous vehicle engineering and support services
- Production and delivery: custom development built on the established Phoenix firmware base
- Post-production support: continuous support and security patches
Phoenix also offers a security subscription service that helps manufacturers track and remediate firmware vulnerabilities. With our Phoenix FirmCare security-as-a-service program, we quickly identify security gaps and develop patches, then help manufacturers successfully deploy them.
Our dedicated security team is backed by years of experience and deep-rooted industry partnerships.
Phoenix’s firmware experts understand what it takes to secure the future of autonomous vehicles. From development through ongoing risk mitigation, our available services support your team every step of the way.