SANTA ROSA, Calif.—Keysight Technologies, Inc., has launched an automotive cybersecurity program intended to enable automotive security professionals at car manufacturers (OEMs) and their Tier 1 suppliers to ensure the safety of their vehicles with proactive protection against cyberattacks throughout the R&D and production process, as well as post-sales, the company said in a press release.
The upsurge in connected cars in production and on the road provides fertile ground for hackers to exploit potential vulnerabilities from inside or outside the vehicle. Numerous on-board systems — infotainment, telematics, engine control units (ECUs) — are potential entry points for malicious attacks.
Connected vehicles also use increasingly complex software to provide advanced functionality, creating opportunities for malware to take over and compromise a connected vehicle’s braking or steering system, which could result in injuries or lost lives.
“In today’s vehicles, heavy reliance on connectivity and software improves convenience but increases the potential attack surface for emerging and evolving cyber threats,” said Siegfried Gross, vice president and general manager of Keysight Automotive and Energy Solutions, in the release. “This new program enables OEMs and Tier 1s to enhance vehicle safety by defining, implementing, and deploying a consistent, company-wide approach to the testing of potential vulnerabilities.”
Keysight said that its Automotive Cybersecurity Program consists of integrated hardware, software, and services needed by automotive OEMs and Tier 1suppliers to ensure the safety of their vehicles, address the scale and complexity of rapidly changing technology, facilitate time to market, and supplement internal cybersecurity activities.
According to Keysight, automotive cybersecurity needs to be part of product development from the beginning, throughout the development life cycle, and post- sales. The company uses multiple paths to address this need.
First, hardware connects to the device under test (DUT) via all relevant interfaces, including Wi-Fi, cellular, Bluetooth, USB, controller area network (CAN), and automotive ethernet. Software simulates attacks, reports on vulnerabilities (and severity), and offers recommended fixes. And device under test (DUT)-specific regression testing simplifies and accelerates verification of fixes.
Another key element is enterprise-level management of testing, which includes seamless integration with widely used OEM and Tier 1 enterprise platforms, according to Keysight.
Keysight (https://www.keysight.com/us/en/home.html) is also offering a subscription service to an evolving threat database, the company said. The subscription provides frequent updates of the latest security attacks, evasion tactics, and examples of live malware. The service also includes application protocol releases along with ongoing software updates and enhancements.
Keysight’s Automotive Cybersecurity Program is said to enable car manufacturers and their suppliers to implement and enforce company-wide security standards, establish a company-wide test procedure supporting supplier certification and auditing, and achieve repeatability through rigorous regression testing and documented workflows and results.
It is also said to help them identify potential vulnerabilities from the physical level to the application layer, including wireless and wireline connections; rapidly validate and implement software fixes; and stay ahead of hackers by proactively assessing security risks before an attack.