26–27 September 2017
Safe and Secure: Comprehensive Software Configuration and Supply Chain Trust Management with OTA
Hank Cohen, Data Security Consultant, INTEGRITY Security Services
Over-the-Air (OTA) software update is an urgent requirement for auto OEMs. With over 100 Million lines of code in the connected car software, bugs and vulnerabilities are a serious problem for the OEM. Traditional service bulletin notifications and service center updates are unable to meet the need and costly recalls are increasing. OTA holds the promise of cheap, fast, and recall-free update campaigns.
Safety and security are of paramount importance in the auto industry. Without stringent safety controls a software update might create a safety hazard and without stringent security controls a hacker could use the OTA system to install malware. OTA systems must ensure that the software updates do not create safety hazards and that security is never compromised.
Ultimate responsibility for the safety and security of the vehicle rests with the OEM not with the Tier 1 parts maker. Since OTA plays critical role in both safety and security the OEM must maintain management control over the release and acceptance of trusted software going to the vehicle. Supply Chain Trust Management is an often overlooked but critical component of the OTA service.
INTEGRITY Security Service’s DLM OTA system is designed to provide safe, secure and efficient updates, to manage software configuration on the vehicle and across the product line and to enforce Trust Management across the entire automotive supply chain.