Neusoft Security - A "practical" company in the field of in-vehicle information security

Since 2000, my country's automobile industry has started to develop on a large scale, and the automobile market has maintained rapid development since then. By the end of 2016, the number of motor vehicles in China reached 290 million. At the same time, with the continuous deepening of the new round of scientific and technological revolution and industrial transformation, the new model of "car + Internet" has gradually been recognized by everyone, and the development momentum of smart cars around the world is rapid. Smart cars have become a new direction for industrial development. In fact, in addition to the vehicle itself, the public has always been controversial because the security of the in-vehicle information system has not been guaranteed.

In order to promote the development of the in-vehicle information security industry, the standard launch meeting and seminar of the "Information Security Technology Automotive Electronic System Network Security Guidelines" initiated by the National Information Security Standardization Technical Committee was held in Beijing at the end of September. The meeting exchanged views on the standard framework and research progress of automotive electronic network security threats, standard promotion plans, etc. Neusoft Security was invited to attend the meeting as the main drafting unit of the national standard.

Chen Jingxiang, director of Neusoft's Secure Internet of Vehicles Center, pointed out in an interview with reporters recently that cars will become critical infrastructure in the future. Due to their high level of security risks, the information security threats they bring will also become a key issue affecting people's livelihood in the future.

Establishment of national standards

As the automotive industry gradually moves towards intelligence and networking and truly begins to generate benefits, related security issues gradually become prominent due to the high popularity of cars themselves and the continuous occurrence of in-vehicle information security incidents. The development of the intelligent automobile industry is becoming increasingly popular, but in-vehicle information security cannot be ignored either. It should be put under legal reins and laws and regulations should be used to clarify the standards in the field of in-vehicle information security.

"For my country's information security, the Cybersecurity Law of the People's Republic of China specifies the direction, and the Information Security Technology Automotive Electronic System Cybersecurity Guidelines, as a national standard, covers the automotive sector."

Chen Jingxiang said that the goal of establishing this guideline is to provide a cybersecurity process framework guide that is integrated into the entire life cycle of automotive electronic systems, covering stages from concept to development, production, operation, service and retirement, to help identify and assess cybersecurity threats; and to guide organizations to reduce cybersecurity threats to automotive electronic systems and improve cybersecurity defense levels from the management and process levels.

​​

[[210210]]

The draft national standard was mainly written by Neusoft Group. In 2016, Neusoft Group released the alliance standard "Technical Requirements for Vehicle Information Security". On April 8, 2017, the first working group "Meeting Week" of the National Information Security Standardization Technical Committee in 2017 was held in Wuhan. Neusoft Group and member units of the Vehicle Information Security Industry Alliance attended the meeting together. After several rounds of review by the working group, the draft national standard was officially approved and became the first national standard in the field of automotive information security in China.

Chen Jingxiang told reporters that the guidelines are currently defined as recommended standards. Generally speaking, the establishment of standards will start with recommended standards. If problems are found during the application of the standards, they will be revised. When the in-vehicle information safety industry matures, they may become adopted or mandatory standards.

The field of in-vehicle information security is full of dangers

"Today, the close integration of information technology and automobiles has made cars no longer just a simple means of transportation, and the demand for information security is bound to become more and more urgent." Chen Jingxiang believes that although car manufacturers themselves may not have the ability to build and implement information security, they can seek cooperation with relevant security vendors to jointly build an information security system for vehicles.

​​

[[210211]]

At present, the main security threats facing automotive electronic systems can be roughly divided into two categories: the first is remote intrusion. When the vehicle is connected to the Internet, the car can be controlled through a smart terminal, or data can be collected or instructions can be issued to the car through a server in the cloud; the second is a physical contact attack. The attacker can deliberately purchase a car and directly diagnose the vehicle's equipment through OBD, or directly disassemble the car, search for vulnerabilities in the bus, and then use them to attack.

"In the future, driverless cars will be a true IoT application scenario." Chen Jingxiang predicted that in the future, cars will exchange information with each other while driving at high speeds. How to ensure the safety of short-distance, high-speed information exchange without reducing its transmission performance and processing capabilities may also be a technical difficulty and innovation point in the future.

Neusoft Security, the "experienced driver" of in-vehicle information security

As a leading enterprise in industry solutions, Neusoft started the automotive electronics business at the beginning of its establishment, and has nearly 20 years of development in the traditional IT information security field. It can be said that Neusoft has accumulated a wealth of technology and practice in the fields of automotive electronics and information security.

Faced with the blue ocean of the in-vehicle information security market, Neusoft formally established the Internet of Vehicles Security Center in 2015 and released the Neusoft In-Vehicle Information Security Overall Solution in 2016. In 2017, it participated in the drafting, writing and discussion of national and international laws and regulations. Today, its customers basically cover some well-known car companies in Japan, Europe and China.

New fields bring new opportunities. Chen Jingxiang said that in the past two years, Neusoft Security has actively followed up with domestic and foreign car manufacturers to discuss the fundamental demands of automobile information security. After that, it closely followed international and domestic standards, discussed standards and technical regulations with experts, formulated relevant solutions according to the needs of car manufacturers, and continuously iterated with car manufacturers to achieve advanced development and demonstration, and find mass-producible technologies and practical balanced solutions.

The entire life cycle and production process of automobile production are complicated, and it is difficult to implement safety technology or safety solutions by force. Neusoft Security cooperates more with car manufacturers, takes implementation as the orientation, and introduces information security technology in steps through a certain degree of improvement and adaptation.

Neusoft's S-Car overall solution is the first domestic security product and service solution for the Internet of Vehicles that covers multiple angles, including communication security, equipment security, and software security. It includes gateway products that solve access problems, security products for vehicle terminals, and a background security management platform, forming a complete "cloud-pipe-end" integrated intelligent connected vehicle information security solution, while covering the entire vehicle life cycle.

STG supports the secure transmission protocol SATL to establish a secure connection, with specially customized minimum SDK resource consumption to ensure the security of car networking communications.

SGW provides vehicle network security isolation and management.

SMP provides a security workflow mechanism that connects security components, managers, security service teams, security events, etc. into an integrated platform.

SOTA manages application installation packages, application upgrade packages, and system upgrade packages to prevent malicious tampering and information leakage, and has accountability and revocation mechanisms to ensure the security of software packages in the OTA environment.

SCAR provides a complete set of security features to improve the overall security of the vehicle software system.

SAPP ensures the security of mobile phone applications in the Internet of Vehicles. Its defense mechanisms include anti-reversal, anti-tampering, anti-debugging, and anti-theft.

As the first network security provider in China to obtain both the international and Chinese national standards for automotive information security, Neusoft Security will provide "model-based" security services to corporate customers, relying on Neusoft's platform and deep industry experience. It will provide overall information security service solutions based on the industry needs of different users, and also include secure operation services. In the future, Neusoft Security's product line will extend from products to industry-specific security services.

Provide users with more comprehensive security services and security deployment; more perfect solutions and security measures.