Intel Announces Creation Of Automotive Security Review Board (ASRB)

"By 2020 there will be no deaths from accidents in any of their cars," because of connectedness and smart automotive subsystems, or so claims a car manufacturer. Yet not a week goes by since BlackHat and DefCon in August without new revelations of previous car vulnerabilities, a new car hack, or new modifications to the previous big three hacks (Ownstar, Jeep, Tesla). Can we protect the squeamish public -- and avoid the perception of danger -- from rogue car hacks?

"If public car hacks continue, this life-saving technology won't be adopted," said Raj Samani, Intel's EMEA CTO, speaking of Intel's newly created Automotive Security Review Board (ASRB). Intel's ASRB has three founding members, all security research firms: IOActive, Open Garages, and I Am the Cavalry. More members, including manufacturers, are expected to be announced within the week.

The goal of the ASRB is to codify and design a framework, recommendations and best practices around automotive security. Chris Young, SVP, and general manager for Intel Security, summarized the reasons for creating the ASRB: "[Intel can]...encourage that cybersecurity is an essential ingredient in the design of every connected car. Few things are more personal than our safety while on the road..."

No longer sufficient to “lock the car,” Intel’s white paper shows 15 cyber attack surfaces in a typical connected car

Intel will provide the ASRB with its advanced development platform to facilitate research and plans to publish results as part of an ongoing process. Some security recommendations and general risks to this next generation of connected car are in the Intel-authored white paper

General security building blocks applicable to building defense in depth for cars

In the paper, Intel presented a strong risk analysis of myriad ways to hack a car, considering such topics as supply chain risk management, secure boot, virtualization, and enforcement of approved and appropriate behavior, as well as a range of subtopics under network security and cloud security. The authors consider data privacy and discuss information security frameworks, industry examples such as fighter jet construction, and development life cycles. Interestingly, data privacy is considered as important as security, and both are considered as enablers. 

Much of the paper is general in terms of cyber risk discussion, mentioning the applicable car subsystem, but not providing actual vulnerabilities. There is even a discussion of what motivates certain hacker groups, which would indicate that the group is expecting a general audience for the paper.

Given the car hacking news onslaught since late summer, it appears that manufacturers didn't heed good security practices and need(ed) a wake up call. Intel's goal appears to be to provide that kick, influence vehicle safety, and serve as a clearing house. 

Intel will award the ASRB member who makes the best cybersecurity contribution to Intel's automotive platform a new car:

Follow us @tomshardware, on Facebook and on Google+.

  • Epsilon_0EVP
    Will this rate cars using Intel hardware to be more secure? Or was that just for their compiler?
  • de5_Roy
    "from the guys who brought you vPRO and Intel Secure Backdoor(TM) technologies"!!
  • capt_taco
    Seeing as how most car manufacturers don't even have the sense to do things like ... NOT have an always-connected onboard entertainment system that isn't firewalled from the car operation controls like steering and throttle ... yeah, I don't see this getting anywhere fast.
  • Marco Ullasci
    isn't firewalled from the car operation controls
    It should be simply on a completely different network.
    The same should be for the navigation systems that do interface with the smartphones to redirect on a large screen.
    And all the information exchanges should be with strong encription.
    But what is most important is that there should be a way to manually override the electronics if needed; like in trains.