trusting the connected car - nmi – connected communities · trusting the connected car identities...
TRANSCRIPT
![Page 1: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/1.jpg)
Trusting the Connected Car
Nick Cook, Chief Innovations Officer
![Page 2: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/2.jpg)
What is Digital Trust?
People, machines and organisations need to be able to digitally trust each other.
• Trust is built using layers of controls within an ecosystem• Secure hardware execution and trusted applications• Data flow and reaction security• Physical security
• Strong identity is a key component of trust• If you can’t determine someone or something is who or what they say
they are, you cannot trust it
• Trust isn’t one time; it needs ongoing, sustainable management
![Page 3: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/3.jpg)
What is Digital Trust in the ‘connected car’?
![Page 4: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/4.jpg)
Connected Cars
Cars are no longer simply a means of getting from A to B
Vehicles loaded with technology, autonomy and hyper-connectivity come with high risk of compromise:
• Individual risk• National Security risk• Insurance risk
![Page 5: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/5.jpg)
Need for Digital Trust in the Internet of Things
IoT is in its infancy. Global adoption requires digital trust to be baked into its fabric.
• Inherent vulnerability of IoT• Consumer demand outpacing cybersecurity technology and
expertise• Lack of standards-based approach to digital trust• Fragmented perspectives on definition of digital trust
• Password protection is inadequate• Mobile devices proliferate IoT• Headline-grabbing cyber-attacks are becoming commonplace
leading to consumer mistrust and enterprise risk• New approach to IoT cybersecurity urgently required
![Page 6: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/6.jpg)
Trusting the Connected Car
Identities need to be verified throughout
• Security must be embedded at manufacture – new or retro fit
• Only authentic components allowed to connect with trust that genuine communication between them is taking place
• Secure software upgrades are critical – only authentic software accepted by the system
• Only authorised people/computers should perform maintenance
• Only authorised people should enter and start the vehicle
![Page 7: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/7.jpg)
So how do we achieve digital trust?
![Page 8: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/8.jpg)
Trusting the Connected Car
Cybercriminals are super-sophisticated at exploiting vulnerability. Weakly protecting key material is unacceptable.
• Hardware backed crypto material• Smart chips• TPM• UICC• TEE
• Execute in protected environments• Managed apps and outlets
• Create and maintain digital identities
![Page 9: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/9.jpg)
Identity and Credentials Management
The key to achieving trust
• Establish the person or device is who or what it claims to be• Delivery of identities locally or over the air• Locking down credentials• Ongoing lifecycle management
• Transfer ownership securely – temporarily or permanently• Revoke permissions
• Secure processes and policy must be applied
![Page 10: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/10.jpg)
Digital Trust from Silicon to ServicesA complex ecosystem made simple
![Page 11: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/11.jpg)
Digital Trust from Silicon to ServicesA complex ecosystem made simple
![Page 12: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/12.jpg)
To conclude…
![Page 13: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –](https://reader030.vdocuments.site/reader030/viewer/2022040117/5f325cefed80b63bb470a5cb/html5/thumbnails/13.jpg)
Summary
If connected cars are to become trustworthy, a new ’normal’ needs to be established
• A three-tier approach must be applied as appropriate (trust the device, trust the person, trust the application)
• Robust, standards-based, security framework• Strong authentication that protects data communication• Consumer-grade ease of use• Enterprise-grade security• Lifecycle management is critical• Collaboration is required