Connected Car Security - Transcript

Transcript

dotmagazine: Safety is a key topic in the discussions around the evolution of self-driving cars. And while we are each sure of our own capabilities behind the wheel, it is to be hoped that the self-driving car can bring down the number of injuries and fatalities caused by human error. 

dot: The connected car and the associated infrastructure is raising new challenges for the design of IT security.

Prof. Pohlmann: You have to see, we have the data stored and processed in the car, maybe on the edge, in the fog, but also in central cloud computing - for example, Artificial Intelligence - and it's really necessary that the data receives the same level of IT security at each level in the process. And therefore we need a comprehensive IT security concept and we need also a global security management system. 

dot: And so, with products as complex as connected and self-driving cars, a security strategy needs to be developed that encompasses the entire value chain.

Prof. Pohlmann: We have to see that a lot of different organizations would like to have access to the data in our car, and we have different kinds of communication. We have car-to-car communication and we have car-to-infrastructure communication, and car-to-infrastructure communication means we have companies for self-driving services; we have the car companies who would like to have access to the car; we have entertainment companies; we have emergency calls; we have payment systems and we have charging stations; insurance companies; and all these companies have differing kinds of requirements and we have different kinds of security needs and therefore we need also an infrastructure, a security infrastructure. We set out to offer for each different kind of information the right security functions, and this will be a real challenge to build up such an infrastructure for cars.

dot: Coming back to the human element, it is often claimed that human nature is one of the greatest risks to IT security. So, is it possible to design connected car security to be independent of the user?

Prof. Pohlmann: What we really need is that we have security functions and trust function as security by design in the car and so that most security functions work without the involvement of the user. But additionally we have to integrate the user very easily. We were involved in a project called SecMobile and here we developed a modern multi-factor authentication where the user uses his smartphone as a security device and they could use this smartphone for the authentication to open the car, to activate the charging station, to make authentication to the entertainment companies, and that makes it quite easy for the user. 

Norbert Pohlmann is a Member of the Board and Director of IT Security at eco – Association of the Internet Industry. He holds two positions at Westphalian University of Applied Sciences, Gelsenkirchen: Professor of Distributed Systems and Information Security in the field of IT, and Managing Director of the Institute for Internet Security. Since April 1997, Prof. Pohlmann has been chairman of the management board of the German Association for IT Security TeleTrusT, the role of which is to establish trustworthy IT systems. Prof. Pohlmann is co-initiator and chairman of the program committee of the "Information Security Solutions Europe" conference (ISSE), which takes place annually in different European cities (Berlin, Barcelona, London, Paris, Paris, Vienna, Berlin, Berlin, Budapest, Rome, Warsaw, Madrid, The Hague, Berlin, Prague, Brussels, Berlin). In addition, Prof. Pohlmann is a member of the scientific advisory board of the GDD (Society for Data Protection and Data Security e. V.) and a member of the steering committee "Taskforce IT-Security" (Federal Ministry of Economics and Technology). For five years, he was a member of the "Permanent Stakeholders' Group" of ENISA (European Network and Information Security Agency), the European Community's security agency (www.enisa.europa.eu).