The safety of intelligent and connected vehicles has become a worldwide proposition

The safety of intelligent and connected vehicles has become a worldwide proposition. The first-mover advantage and rapid development in the field of new energy and intelligence make it possible for China to solve the safety problems of intelligent and connected vehicles. The biggest feature of this round of automotive industry reform is innovation while developing: automotive design innovation, power battery innovation, intelligent system innovation, intelligent safety innovation, consumer experience innovation... China has become a global automotive innovation testing ground. This is also the reason why international auto giants such as Tesla and BMW have come to China to build factories, leaving China's innovation experimental field and huge consumer groups, the rapid innovation of the automobile industry has no base and foundation. In the rapid development of intelligent networked vehicles, the establishment of the security system is also "crossing the river by feeling the stones", and in the face of the surging huge demand, the opportunity period is fleeting. Only when the safety of intelligent networked vehicles is in the hands of Chinese can China's automobile industry truly achieve leapfrog development and China can truly become an automobile power.

With the landing of a new generation of information and communication technology in the field of transportation, especially the accelerated application of the Internet of Vehicles, the degree of digital link between vehicles and vehicles, vehicles and roads, vehicles and people, and vehicles and networks will become higher and higher, and the ensuing security risks are also increasing, which has higher requirements for vehicle information and digital security.

Experts believe that automakers need third-party companies as "security partners", and they need to lay a solid "base" for system and platform security. The automotive industry chain should incorporate network security considerations into product needs from the beginning of product design, form an integrated, sustainable, closed-loop ecological security system, and run through the whole life cycle of products, and market opportunities in this field will gradually appear in the future.

The security of the Internet of Vehicles is not optimistic

The recently released "14th Five-Year Plan" Modern Comprehensive Transportation System Development Plan (hereinafter referred to as the "Planning") proposes to promote the deep integration of new technologies and the transportation industry, steadily develop travel services such as autonomous driving and vehicle-road coordination, encourage the testing and application of automatic driving in limited areas such as ports and logistics parks, and promote the development of intelligent buses, smart parking, and smart security inspections.

The development of the Internet of Vehicles is still accelerating, but the industry generally believes that the overall level of the current Internet of Vehicle Security is still in the stage of "climbing and improving". Gao Xi, vice president of Beixinyuan, told reporters that the security situation of the Internet of Vehicles cannot be described as optimistic, "Most of the safety events that the public is concerned about at present are limited to the safety of automatic driving, although such incidents are more likely to arouse the attention and discussion of the media and the public, but driving safety is only a part of the overall safety, and users will produce a large number of various data in the whole life cycle of the car. ”

"In the early days of the Internet of Vehicles technology, it was biased towards business exploration, and the security level was relatively weak, so many security vulnerabilities in the Internet of Vehicles were exposed, and some security researchers in previous years could even control Tesla cars without contact." Kong Xianzi, a security expert on the Internet of Vehicles at Qianxin, introduced that there is a "short board effect" in the security of the Internet of Vehicles, from the perspective of software supply chain, user-side mobile applications, cloud services of the Internet of Vehicles and local services on the side of the car, any party may be a weak point, "Once a loophole occurs, it may affect the security of users and manufacturers." ”

Liu Yue, head of The Qianxin Tiangong Laboratory, said in an interview with reporters that the security of the Internet of Vehicles is currently facing three challenges: First, the safety of vehicle data. For example, cars with autonomous driving functions have a variety of forms of sensor devices, and the data obtained in vehicle driving should be strictly regulated; the second is the problem of security loopholes in the Internet of Vehicles, such as the digital key of the car has been exposed many major security loopholes in recent years; the third is that the security construction of new technology applications is lagging behind.

From the perspective of attack technology, the security of the Internet of Vehicles involves Web security, protocol security, wireless security, kernel security, mobile terminal security, etc. Attackers can usually mine vulnerabilities from multiple attack surfaces, and then combine some features of the Internet of Vehicles framework for vulnerability exploitation, such as the realization of car control. According to data disclosed by the Ministry of Industry and Information Technology in October 2021, more than 2,000 pieces of information on the security vulnerabilities of the Internet of Vehicles have been included, including on-board intelligent gateways, remote communications and other vulnerabilities.

The safety capabilities of car companies need to be improved

Compared with the increasingly severe security situation of the Internet of Vehicles, the security capabilities of vehicle manufacturers are still lagging behind. An information security industry insider commented that most of the models on the market are currently at a low level of information security protection, the reliability of the protection of the related network components and control components in the car is not high, and the lack of certain safety strategies may lead to the leakage or tampering of sensitive information in the car, abnormal behavior in the driving of the vehicle, and even the safety of human life.

"At present, the Internet of Vehicles security market is fragmented and has strong boundaries, and it is difficult to open up data." The above-mentioned person said that the traditional Internet security has been unable to cope with the security risks of the Internet of Vehicles, and it is urgent to need an integrated, sustainable and closed-loop ecological security system including security consulting, product design, safety development, security testing, operation supervision, etc.

According to the "2022 Cybersecurity Development Trend and Top Ten Threat Predictions" released by AsiaInfo Security, automakers need "security partners" more. There are security risks of different natures in the whole life cycle stage of collection, transmission, storage, use, migration and destruction of ioV data, and full, comprehensive and in-depth risk analysis is the key to risk response and security protection.

Gao Xi also believes that the security technology of upstream and downstream enterprises in the Internet of Vehicles is uneven, and some vehicle manufacturers have a need to improve their understanding of the importance of vehicle networking security. "For car companies, security capabilities are difficult to 'get started at once', because information security capabilities require a long period of experience and precipitation, especially to dynamically study the latest security threats and have the ability to give solutions, of course, also require considerable cost investment." If the architecture and planning are not started from the underlying security architecture and the security of the Internet of Vehicles platform itself, it is not advisable to only use the 'patching' method to solve security problems. ”

"It's like saying that my product is ready, and then asking you to build a safety shield and 'build a fence' around my product." Gao Xi said, "If the bottom layer of the system is done well, there is no need for so many 'fences'. "Only the communication, storage, authentication of the three core security "base" is complete, in order to truly have a system-level security capabilities, "car companies do not have a system-level security 'base', may lead to the security architecture in the later stage of more and more chaotic, in the face of new security threats, headaches, foot pain, just like spider webs, stability is also relatively poor." "Ultimately, it will affect the brand image, user experience and social security of car companies."

In this regard, Kong Xianzi also said that from the perspective of the historical vulnerabilities of the Internet of Vehicles, it is not difficult to find that most of the vulnerabilities of the Internet of Vehicles are essentially the combined use of multiple traditional vulnerabilities in the framework of the Internet of Vehicles, "so it is more important to protect the security of the Internet of Vehicles and lay a solid security foundation to avoid short-board vulnerabilities." ”

Multi-party joint construction of automotive safety system

In the face of the urgent situation of the security of the Internet of Vehicles, industry insiders suggest that the automotive-related industry chain should incorporate the consideration of network security into product requirements from the beginning of product design, and add security design, safety research and development, safety testing, and safe operation of products in the whole life cycle of products.

Zhou Hongyi, founder of 360 Group, previously said: "The challenges of new technologies such as data security, cloud security, and Internet of Things security, as well as new security scenarios such as the Internet of Vehicles, industrial Internet, and smart cities, are risks that cannot be solved by piling up products, and challenges that traditional network security fragmentation defenses cannot meet." ”

Gao Xi said that the state attaches great importance to the vigorous development of the Internet of Vehicles, the Ministry of Industry and Information Technology in accelerating the construction of the industry network data security management system continues to exert efforts, promote the introduction of the "Data Security Law", "Personal Information Protection Law" and other laws and regulations, research and draft the "Data Security Management Measures in the Field of Industry and Informatization (Trial)", in 2020 issued the "Internet of Vehicles Information Service Data Security Technical Requirements", covering all data in the process of Car Networking information services except for the user's personal information. Including but not limited to carrier-related data from vehicles, mobile intelligent terminals, roadside facilities and vehicle networking service platforms, "the upstream and downstream of the industrial chain should work together to do a good job in the top-level design of system-level security, while exploring data security solutions for users' personal information in the Internet of Vehicles, and finally promoting the introduction of relevant standards based on technical requirements." ”

In this regard, experts suggest that we should promote a sound and reasonable mechanism for the discovery, disposal and management of loopholes, and accelerate the formulation of industry standards. At the same time, a safety supervision responsibility system should be established, and safety responsibilities should be implemented in all aspects of the life cycle before going online, during operation and after the event. It is expected that the next three years will be a centralized release period for relevant domestic regulatory regulations.

In addition, Kong Xianzi believes that the improvement of the security level of the Internet of Vehicles requires manufacturers to strengthen the construction of information security teams and enhance the security and controllability of core basic technologies on the one hand; on the other hand, manufacturers need to have an open and inclusive attitude towards the vulnerabilities of the Internet of Vehicles and give play to the power of the majority of "white hats". Previously, some "white hat hackers" are afraid of getting into trouble, even if they find the vulnerabilities of the Internet of Vehicles, they often dare not report, and in the future, the traditional fields can be transplanted into the field of security monitoring and early warning and emergency response mechanisms that have been applied in practice, and combined with the characteristics of the Internet of Vehicles environment, more targeted security protection and monitoring.