Tesla Motors 4-Point Plan to Build Secure Connected Cars

Diarmuid O’Connell, VP of Corporate and Business Development at Tesla Motors was invited to speak* to Congress on Capitol Hill yesterday (with the Subcommittee on Information Technology and Subcommittee on Transportation and Public Assets) in order to to discuss “The Internet of Cars” along with executives from General Motors, Toyota, and others. The purpose? To highlight how the automotive industry is tackling important issues around cybersecurity, spectrum, and privacy as the age of the connected vehicle rapidly approaches.


Image: Tech News Today

And, in order to champion rapid advances in the connected car realm, O’Connell remarked, "Tesla believes that in order to maintain the pace of reducing injury and fatality rates, vehicles will need to increasingly use computerized vehicle systems to avoid crashes, with particular opportunity afforded in the fully connected vehicle space."

Nevertheless, with concerns that connected cars may be vulnerable, he acknowledged the need to take precautions, "The current safety upsides of connected vehicle technology are already measurable and real. Of course, there are some legitimate concerns of which prudent manufacturers should be aware. There are also sensible precautions that prudent manufacturers will take against these concerns."


Image: Automotive News ; Above: Diarmuid O’Connell, VP at Tesla Motors

So what precautions did Tesla Motors highlight when discussing vehicle security in the age of the connected car? O’Connell lays out a four-point plan in his presentation on behalf of Tesla Motors.

  • 1. The first precaution is to ensure that any software updates to the vehicle are authorized by the manufacturer. This can be achieved by using industry standard cryptography technology called “signing”. Tesla employs this technology. This technology ensures that only Tesla authorized software is applied to the vehicles, even if someone is trying to tamper with the software inappropriately as the software signal transits the network.
  • 2. The second precaution is to ensure that vehicles cannot be directly connected to across the internet. Recently, there was a widely publicized cyber hack demonstrated against a Jeep. This hack would have been rendered largely ineffective if this simple precaution had been followed. Tesla follows this precaution with industry standards such as filtering, firewalling and a design that does not require direct incoming connections.
  • 3. The third precaution is to strongly isolate networked systems from the mechanical systems of the vehicle. If a processor on the vehicle has network connectivity, that processor should not also have direct connections to the vehicle’s mechanical systems (i.e., steering, accelerator, brakes, gear selection). Some manufacturers implement this isolation with technology called a “gateway”. Tesla vehicles employ a physically separate gateway processor in order to provide safety in a connected vehicle environment, thereby isolating critical vehicle functional controls from other parts of the vehicle (e.g., the infotainment center).
  • 4. The fourth precaution is to use industry standard encrypted communications protocols for connections from the vehicle. This ensures the privacy and integrity of data as it is transferred to and from the vehicle. As with the other security precautions noted above, Tesla also employs these industry standards.

Tesla Motors has earned genuine respect in this area. To that end, O’Connell notes the helpful approach and open policy that Tesla employs with regard to external assistance, "Additionally, Tesla is seeing increased vehicle security interest and scrutiny from academic and industry security researchers. Tesla encourages and applauds this assistance -- to the extent of even providing financial rewards for the best research. Tesla encourages other manufacturers to do the same, because we are all safer when we work together on vehicle safety and security."

Regarding Tesla Motors’ position on government regulation, O’Connell requests that Congress doesn't rush into detrimental regulation, "One possible impediment to advanced technologies, and the safety benefits of connected vehicles, is of course overly restrictive regulation. Regulation at a time of rapid innovation runs the risk of limiting the realization of the full extent of safety advances."

For more of what happened yesterday, check out the video below. Diarmuid O’Connell speaks on behalf of Tesla Motors at approx. 46.22 - 50.23...

===

*Source: Committee on Oversight and Government Reform