BlackBerry sees four industry trends that are making vehicles vulnerable to cyber attacks and failures: vehicles access, software control, autonomous driving, and the changing state of software. In its whitepaper, BlackBerry recommended changes through a seven pillar approach:
Secure the supply chain:Ensure the supply chain and the software and hardware components it delivers are safe and secure.
Use trusted components: Create a security architecture that is deeply layered in a defense in depth architecture, with secure hardware, software, and applications.
Employ isolation and trusted messaging:Separate safety critical and non-safety critical systems and ensure trusted communication between these systems and to the outside world.
Conduct in-field health checks:Monitor car health by regularly scanning and reporting a defined set of parameters while the vehicle is in the field.
Create a rapid incident response network:Share common vulnerabilities and exposures (CVE) and advisories via a trusted network of subscribing enterprises.
Use a lifecycle management system: Like a smartphone, proactively re-flash a vehicle with secure OTA software updates as soon as an issue is detected.
Make safety and security a part of the culture: Ensure every organization involved in supplying auto electronics is trained in functional safety and security best practices to inculcate this culture within the organization.
BlackBerry also teased tools and services, saying it will demonstrate its vision for connected cars and autonomous vehicles at CES in early January.
"Protecting a car from cybersecurity threats requires a holistic approach," Sandeep Chennakeshu, President of BlackBerry Technology Solutions, said in a statement. "Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats. If followed, we believe vehicles will not only be secure but BlackBerry Secure."
BlackBerry's interest in securing automotive and IoT hasn't been a secret. In June, it debuted QNX Hypervisor 2.0 that creates containers to ensure that any breach in one auto application can be contained.