Executive Insights: Talking Security and Threat Protection for Connected Cars

Connected vehicles are the next major technology innovation disrupting the automotive industry. With 3D mapping, smart device integration, cloud-based services, advanced LAN/CAN networks, and autonomous driving defining the connected car of the future, the cyber risks are enormous. And with IoT devices connecting to thec to access content and applications, the attack surface is even larger. Integrated security is paramount for the safety and consumer confidence in the connected car.

Renesas Electronics is a premier supplier of advanced semiconductor solutions, serving a broad range of industries from automotive, industrial, home electronics, and office automation to information communication technology. Renesas and Fortinet have collaborated to develop secure network solutions that meet the unique requirements of the evolving automotive operating environment.

Fortinet recently talked with Craig Johnson, Director, Automotive Advanced Systems Innovation Department, Renesas Electronics America Inc. to discuss the innovation behind its connected car efforts and why automated security with real-time threat intelligence and strategic segmentation is imperative to protect customers’ information and vehicle.

Michael Xie: How long has Renesas been developing embedded semiconductor solutions for the automotive industry?  

Renesas Electronics has been an active member of the automotive semiconductor industry for several decades through the company’s rich history with its NEC Semiconductor, Mitsubishi, and Hitachi automotive activities, providing high-reliability, high-performance solutions for automotive systems ranging from body control to autonomous to electric vehicles.

How do you define the connected car and what are some of the unique technology and security challenges it presents?

At its essence, a connected car is a car equipped with Internet access and a wireless local area network, allowing drivers to share Internet connectivity with other devices both inside and outside the vehicle. As the amount of vehicle connectivity increases, it opens more opportunities to make the driving experience both safer and more enjoyable. It also expands the surface for potential automotive cyberattacks

With connected cars, security systems need to span across communications standards, devices, and networks. This also involves extending visibility, interaction and control beyond a single vehicle to include the larger transportation ecosystem, including road and traffic control systems.

The challenge of having a car connecting to outside networks is the inbound information. We cannot control what information is coming into the vehicle, so we have to be able to authenticate the information coming into the car to ensure that doesn’t compromise safety. To provide the cyber protection levels needed to secure connected cars, car manufacturers need to design and deploy technology with a security-first mindset. As new features and capabilities come online in vehicles, safety should remain a top priority. 

I imagine that you’ve seen quite an evolution on the technology requirements for the automotive industry. What are the technology priorities for the Renesas autonomy fleet?

Renesas has three defined priorities for our ADAS and autonomous vehicles: High compute that supports the advanced perception and cognitive computing capabilities needed for connected vehicles and actuation, low power consumption and functional safety. Every chip should be automotive qualified.

Can you explain the collaboration between Fortinet and Renesas in developing a joint solution that addresses the major cybersecurity risks in today’s connected car network architecture?

With the opportunities and security challenges that the Internet of Things is opening up for connected cars, an integrated security strategy is essential to protecting today and tomorrow’s connected cars. Working with Fortinet, we have collaborated on a prototype security solution that addresses the major cybersecurity risks in today’s connected car network architecture.

In this cybersecurity prototype, Renesas uses a micro variant of Fortinet’s security operating system, µFortiOS, protecting our connectivity systems from our gateways that control the vehicle. µFortiOS authenticates communications from external networks. The Renesas solution provides a gateway that protects the internal vehicle network for controls and actuation, designed to protect the vehicle system from external attacks.

Which Fortinet Security Fabric solutions does the joint solution use?

With this joint solution, the companies leverage the latest capabilities of the Fortinet FortiOS 6.0 security operating system in the micro OS form factor, µFortiOS, which is integrated with the Renesas R-Car H3 system on chip to secure vehicle network domains, cloud-based services and applications. With support from the on-chip security functions of the R-Car H3, the Fortinet technology secures communications between the domains and sets policies to limit access between certain domains to mitigate and control potential cyber threats.

Why did you choose to partner with Fortinet for the security policy management and automated protection of the powertrain and communication domains in your R-Car H3?

Security is part of the technology foundation for connected vehicles, providing a safe and enjoyable driving experience, and maintaining consumer confidence. Fortinet is a leader in network security, with deep insights into the unique demands and infrastructure requirements of network security systems, and a strong track record of protecting networks, delivering exploit block rates (eliminating false message threats) of 97% or better. Both companies are passionate about protecting networks, and we were excited to share our respective insights into automotive security to develop a prototype solution to address current and future security needs within the unique requirements of the connected vehicle environment.

How do cybersecurity challenges and priorities change in environments where more and more cars are running at 70mph+?

As more data streams in and out of vehicles, communicating with the cloud, with infrastructure, and with other vehicles at different contact points, more of the vehicle network is exposed. High speeds make security more complex because vulnerabilities need to be detected faster to keep the vehicle safe. Automotive cybersecurity must be both continuous and highly responsive to protect against malicious attacks as well as non-malicious incidents.

How do you see autonomous vehicles changing the game even further for cybersecurity in the automotive industry?

With autonomous driving systems, the potential attack surface is bigger and the risk potential is higher depending on which systems are involved. As with connected cars today, deploying an integrated automotive security strategy is essential to creating and maintaining a safe driving environment.

This byline originally appeared in CSO.

Our paper on "Covering the Gaps in IoT Security” provides more details on the security risks of IoT and what organizations can do to address them with Fortinet's Security Fabric.