November 11-13,2020 World Intelligent Networked Automobile Conference (WICV 2020) held in Beijing. As the nation's first national intelligent network car annual conference, this conference with offline conference combined with cloud live, cloud exhibition, invited domestic and foreign intelligent network car related industry chain experts, enterprise representatives around
At the conference, Lu Yiping, general manager of Tencent Industrial Security Operations Department, started from the current situation of the continuous expansion of the security attack on the car network, combined with the research practice of Tencent Security Cohen Laboratory, This paper shares Tencent's thinking and promotion ideas on the information security of Intelligent Network Federation, and puts forward the integration of security into the stage of R & D design and management. Through
(LV Yiping, general manager of Tencent industry security operation Department)
In recent years, with the popularization and application of 5g, v2x and other technologies and the increase of users' willingness to pay for value-added, as an important extension of Internet of things technology in its, the Internet of vehicles ushers in a new round of large-scale development inflection point. According to CCID consultant data, the growth rate of China's Internet of vehicles market will exceed 60% in 2020, and the scale will reach 115 billion yuan in 2021.
From vehicle intelligent terminal to automatic driving, the connection between intelligent car and Internet is more and more close. WIFI, charging pile, automatic driving system and a large number of interactive interface, so that the intelligent network association is facing greater attack surface in the vehicle terminal, cloud and mobile terminals. Security has obviously become a key factor in the evolution and upgrading of the intelligent network connected electronic and electrical equipment architecture.
Based on the three years of research on the safety system of teca, the main research results of teca are related to the safety system of automobile. One is the design level, the system kernel and browser version lag, known vulnerabilities are not fixed and other security features design is not complete, making the entire intelligent network connection system into the risk of remote control. The other is the engineering practice level. The configuration errors and code implementation logic defects from the system's own security protection and self-developed application services provide a breakthrough for attackers to crack the system. In addition, the application of cutting-edge algorithms brought by the introduction of new technologies such as automatic driving has led to new attacks such as wrong start of Tesla wiper and interference of road marking.
In the face of the cost and cost of safety repair continuously superimposed,How to solve the information security problem with lower cost and improve the native security ability has become the common concern of the current intelligent network connection industry chain. According to the research statistics of Tencent security Cohen laboratory,Due to the normalization of the absence of safety requirements of intelligent vehicle developers / suppliers, the proportion of security problems caused by design defects and known vulnerabilities has reached as high as 60%. For the intelligent connected vehicle, the safety consideration in the system design and development stage becomes more important.
In LV Yiping's opinion, in view of the development status of the Internet of vehicles, such as the obvious fragmentation of the supply chain system, the safety shift to the left in the design and development stage is an effective way to solve the security problems of the Internet of vehicles. Specific to the practice scenario, it involves three levels: people, technology and process
At the human level, realize the left shift of safety thinking. From the macro perspective of the enterprise, we should establish a highly collaborative and forward-looking overall information security thinking, set up a professional security team, and get through the whole link of planning, consulting, evaluation and testing management;
At the technical level, it adheres to the basic security principles of minimum authority, attack surface convergence, default security, defense in depth, etc., attaches importance to the integration of mature security technology and Internet of vehicles business scenarios, and selects appropriate automation tools to improve the security development efficiency;
In the design and development process, pay attention to the practice of safety first. Based on the trend of R & D mode changing to software definition iteration, we are committed to solve most of the safety risks in R & D and design level, and achieve the safety benefits of low cost and high return.
For most of the intelligent network connected industry chain enterprises, the application of mature automation tools is an important auxiliary to improve the efficiency of system design and development security construction. To this end, Tencent security Cohen laboratory has developed a penetration testing auxiliary platform tool sysauditor, which focuses on embedded system automatic security baseline audit, by combining its technical research and service capability production results in the field of Internet of vehicles security.
This embedded system security audit platform can detect 90% of the common security problems, and help enterprises to realize the automatic audit of R & D vulnerability detection, system security acceptance, potential risk avoidance and industry security management, so as to improve the security baseline and reduce the maintenance cost. The Ministry of information technology has been selected as the pilot project of Internet Security and network security of the Ministry of industry.
- THE END -
Reprint please indicate the source: fast technology