Brochures
Fortify Crucial Vehicle Systems Against Attack
In today’s motor vehicles, faster and better connectivity enables a host of new possibilities. Turning these ideas into reality depends on millions of lines of software content. But, unfortunately, wider use of wireless technologies and complex code also exposes new vehicles to a myriad of potential risks.
Proactive prevention starts with cyber-security penetration testing. When performed in development, on the production line, and during post-sales maintenance, PEN testing helps you find and fix potential weak spots before they can be exploited by hackers.
The Core Issue: It’s A Software Problem
The truth about software? It’s never “finished.” Every update or enhancement is likely to contain bugs that can introduce potential problems.
Keysight’s PEN test platform can help you improve vehicle safety through proactive testing supported by an evolving threat library. Through the integration of measurement and computing hardware, management and test software, and a threat library subscription service, our PEN test platform will help you address the scale and complexity of vehicle software. Ultimately, more testing done sooner will help improve time-to-market for advanced vehicle systems.
Understand Your Attack Surfaces
Attackers try to exploit two primary access points: your vehicles and your organization. Within the organization, access via phishing attacks, credential harvesting, open ports, or unsecured services may expose sensitive information about vehicle systems. Establishing security best practices is the province of IT experts.
In a vehicle, the weak link may be over-the-air (OTA) connections, a wireless device, an infotainment app, the CAN bus, or an electronic control unit (ECU). Pursuing detailed cyber-security testing of your vehicles is up to you, and it has to cover all of the critical links between the vehicle and the connected-car infrastructure (Figure 1).
Use Consistency to Ensure Better Security
Early on, OEMs and their suppliers defined unique cyber-security requirements and test protocols. To complicate matters, different groups were using different approaches.
Fortunately, organizations such as SAE, NIST and AUTO-ISAC began publishing best practices in hopes of guiding developers toward a more consistent approach. In the near future, SAE and ISO will jointly publish the ISO/SAE 21434 standard, Road Vehicles: Cybersecurity engineering. Many OEMs already require adherence to ensure compliance upon release of the standard.
Your automated cyber-security test platform needs to be ready for these requirements, and it needs to evolve as best practices change to keep pace with new attack vectors.
Fortify Your Vehicles Against Attack
Keysight's PEN test platform helps you and your teams ensure vehicle safety by addressing the scale and complexity of connectivity, software, and evolving threats. Our multi-layered solution integrates the hardware, software and services needed to enable consistent end-to-end security testing of subcomponents, systems, and fully developed vehicles:
• Hardware connects to the device-under-test (DUT) through multiple interfaces
o Covers Wi-Fi, cellular, Bluetooth, USB, CAN, and Automotive Ethernet
• Software runs simulated attacks against all supported interfaces
o Reports on vulnerabilities and their severity
o Offers recommended fixes
• Evolving threat library enables up-to-date testing of your systems
o Stays current with an update subscription
• DUT-specific regression testing simplifies and accelerates verification of fixes
o Saves identified vulnerabilities for use during follow-up testing
o Integrates with Keysight PathWave Lab Operations platform
• Enterprise-level management of testing includes seamless integration
o Ensures compatibility with enterprise platforms commonly used by OEMs and Tier 1s
o Connects to cloud and database services
o Incorporates in-house testing systems and procedures
What are you looking for?