TMCnet News
NRI Secure Begins Providing Automotive Penetration Test ServiceNRI SecureTechnologies, Ltd. (President: Jun Odashima, hereinafter NRI Secure) has established a new team focused on information security diagnostics and assessments of automobiles and their onboard devices, and will now be providing a "Automotive Penetration Test" service (hereinafter the Service). This Smart News Release features multimedia. View the full release here: http://www.businesswire.com/news/home/20170703005017/en/ (Graphic: Business Wire) - Cyber-attacks on Automobiles a Growing Threat Recently, the quest to improve fuel efficiency and make automatic driving a reality has made it increasingly common for automobiles to be equipped with information communication equipment that connects with external networks, smartphones, USB memory sticks, and other devices. With these items attracting attention as potential targets for cyber-attacks, any unauthorized remote access could lead to serious problems and may potentially jeopardize human lives. In the U.S., the National Highway Traffic Safety Administration (NHTSA) released guidelines*1 last year requiring the automotive industry members to conduct penetration tests to simulate intrusions attempts by attackers. In response to this, many Japanese automobile manufacturers and auto-parts manufacturers that deal mainly in the North American market are currently looking into conducting such tests. - Security Service for Automobiles Provided by a Dedicated Team NRI Secure has provided numerous security assessments for automobile and related systems in the past and has created a detailed assessment criteria based on extensive experience with vehicle systems. Using this assessment criteria and past experience NRI Secure has now developed a new "Automotive Penetration Test" service that clients can use to help adhere to NHTSA guidelines and reduce overall risk. TheService involves conducting penetration tests based on various guidelines for incorporated devices and on the expertise that NRI Secure has cultivated thus far through "Device Security Diagnostics*2" for IoT (the Internet of Things) equipment. NRI Secure is launching a dedicated team comprised mainly of members with extensive backgrounds and achievements in vehicle system penetration testing, who will identify risk scenarios and intrusion pathways through offline threat analysis and then run security assessments and diagnostics on the actual vehicles and their onboard devices. In addition, the dedicated team can support automobile manufactures or other clients who prefer to perform the diagnostic in-house. For more information on the "Automotive Penetration Test" service, please contact: [email protected]. NRI Secure will continue to innovate and provide products and services to support companies and organizations in their information security goals, and contribute to the creation of a safer information system environment and society on a global scale.
*1 Guidelines: Cybersecurity Best Practices for Modern
Vehicles About NRI Secure NRI SecureTechnologies is a subsidiary of Nomura Research Institute (NRI) specializing in Cybersecurity, and a leading global provider of next-generation managed security services and security consulting. Established in 2000, NRI SecureTechnologies is focused on delivering high-value security outcomes for our clients with the precision and efficiency that define Japanese quality. For more details, visit us at http://www.nri-secure.com Reference Visualizing the "Automotive Penetration Test" Service The equipment installed in automobiles (ECU*3) and its systems can be classified broadly into three categories: "information systems" which connect to external networks or devices, "control systems" which control the vehicle body, and "gateway (GW)" technology which separates these two systems. If an information system is attacked by an external network or device, there is a risk of intrusion into the control system via the GW, which could ultimately allow an attacker to manipulate the vehicle.
With the Service, assessments are done in the following two phases in
order to verify how robust the security is against such threats. *3 ECU: Electronic Control Unit. This refers to the computing devices installed in automobiles, which control the engine and transmission, as well as the anti-lock braking system (ABS (News - Alert)) and electronic brakeforce distribution (EBD) system.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170703005017/en/ |