Application Security,
Next-Generation Technologies & Secure Development
Insights from eSync Alliance Chair Shrikant Acharya on the Impact of Standardization in Preventing Cyber Breaches
In an era where over-the-air (OTA) updates are becoming integral to the landscape of software-defined vehicles, Shrikant Acharya, Chair of the eSync Alliance and Co-founder of Excelfore Corporation, emphasizes the importance of robust standardization to enhance cybersecurity. While OTA updates provide manufacturers a streamlined method for maintenance and upgrades, they also open avenues for potential vulnerabilities, including data theft, malicious software infiltration, vehicle theft, and user safety risks.
Acharya points out a notable trend among automobile manufacturers: reliance on legacy systems, particularly the controller area network (CAN bus). This technology, which predates contemporary security measures, is still prevalent within many vehicles, contributing to new risks as they increasingly connect to cloud services. He argues that the automotive sector must embrace standardized protocols regarding OTA updates to mitigate these vulnerabilities.
“There is a lack of consensus in developing OTA systems,” Acharya states. “This absence of standards stifles innovation and necessitates an industry-wide commitment to compliance.” The eSync Alliance is pioneering efforts to standardize OTA protocols while partnering with organizations such as the Scalable Open Architecture for Embedded Edge initiative to fortify security across the board.
In a recent interview with Information Security Media Group, Acharya elaborated on the critical nature of OTA standardization in safeguarding vehicles. He highlighted the potential threats facing vehicles reliant on software-defined architecture and how well-defined standards would serve to secure the OTA update pipeline against various cyber adversities.
Acharya’s role at Excelfore includes steering technological advancements and partnership strategies, alongside his leadership in standardizing OTA practices within the automotive industry through the eSync Alliance. His extensive background includes advocating for time-synchronized Ethernet AVB/TSN applications in automotive contexts, achieving first-time certifications for Avnu middleware and contribution to the development of imaging standards in prominent companies.
As cyber threats evolve, the automotive industry must adapt. MITRE ATT&CK’s framework outlines the pertinent adversary tactics that could be exploited during such OTA vulnerabilities. Techniques could encompass initial access via insecure systems, persistence through malware, and privilege escalation to gain unauthorized controls, further underlining the urgency of establishing robust security measures across the automotive landscape.
In summary, the call for industry-wide standardization in OTA updates echoes a critical need to address emerging cyber threats that could jeopardize safety and privacy. The collaborative efforts of entities like the eSync Alliance are crucial in creating a unified approach to safeguarding the future of connected vehicles.
