Real-time Situational Awareness for On-Board Systems
As cars become more connected so to do they become more vulnerable to attack. And unlike enterprise networks or your smartphone a connected car moves at high speeds under its own power. A compromised connected car could be a fatal one.
Prior to KSI the answer to connected car security would have been to treat the connected car as an enterprise network and use traditional security solutions such as firewalls, anti-virus software, IDS etc to try to prevent attackers from getting in. The problem however is that there is no guarantee that these solutions can work. They might work but then again they might not.
Specifically for connected car networks, KSI provides massive-scale, data-level instrumentation and real-time validation services for connected car ecosystems and can be used across a variety of applications including: service provider tiering, content delivery, monitoring, verification and infrastructure priority provisioning, Advanced Persistent Threat (APT) detection and real-time mitigation along with new forms of SLAs that guarantee the integrity of OEM and Dealer upgrades and maintenance actions via Over-The-Air delivery mechanisms.
In the United States, major regulatory changes have been proposed affecting connected vehicle governance and compliance. The Department of Homeland Security, Office of Highway Safety (OHS), National Transportation and Safety Board (NTSB), the Federal Communications Commission (FCC), and Department of Transportation (DOT) all have issued respective guidance affecting connected vehicle assets, safety, and security. Indeed, major safety issues have emerged in the autonomous vehicle space due to a lack of perceived integrity across interfaces and subsystems, and delivery mechanisms. Guardtime has been at the forefront of shaping the regulatory landscape in these areas and has been working with the aforementioned groups to understand safety and security concerns and gaps that can be addressed by Guardtime KSI technology.
One of the biggest challenges when it comes to connected vehicles (and ultimately autonomous vehicles) is to understand what happened in the event of an accident and pinpoint liability for insurance claims. In insurance terms this is known as “forensic proof of causation.” For connected cars responsibility could lie with the driver (or multiple drivers, eg reckless driving, texting while driving etc), faulty software or hardware operating inside the vehicle, badly configured (or hacked) network infrastructure or incorrect procedures carried out by the telco service provider. By integrating into the various logging systems KSI enables an investigator or auditor to pinpoint liability in the event independently from all the parties that could be potentially liable..
Long Term Subrogation and eDiscovery
Subrogation is the action taken by an insurance company to recover claims paid out from other sources that may have been liable for the claim. In the motor and shipping business this is the third party responsible for an accident with the recovery of salvage costs from the event. In cyber liability this will be the third party vendors involved in the cyber process. The targets for subrogation lawyers to recover are vehicle manufactures, telecommunication companies, software and network hardware companies. Introduction of KSI to subrogation follows a path of non-repudiation or the path of non-denial. There are multiple third parties in a claim and each has a different view of the claim. By utilizing KSI in these third parties it will make the claim easier to assess, shorten the claims expenses and lowering insurance costs for all involved.
Whether via subrogation or other legal processes there may be a requirement for electronic data to be presented in court. KSI plays an important role in presentation – here is the evidence presented to the court or other legal party. KSI provides a complete digital chain of custody from the identification of an electronic asset to the presentation to the court.
How to Get KSI for Connected Car Platforms?
Guardtime's products and solutions can be purchased for your environment following our Design, Build, Operate, and Transfer (DBOT) model.
We're always happy to discuss your concrete requirements, please register your interest.