Mobility Malware: Is the Cure Worse than No IDPS at All?

After spending the past year speaking with automakers and folks in the mobility industry, it has become readily apparent that there is a large elephant in the room when it comes to the topic of malware intrusions into connected vehicles. No one is readily adopting IDPS for one very specific reason:… SAFETY! Traditional Intrusion Detection and Prevention System (IDPS) solutions are an example of the cure being more risky than the potential illness.

Enterprise IDPS solutions depend on whitelists, a rules database used to assess whether or not a particular behavior or pattern on a digital network is anomalous, wherein there is very little risk associated with a false positive. In other words, if an event is flagged as malicious and it is in fact not malicious, that event may be reviewed offline, assessed, and then released back onto the bus. For vehicles, however, there may be dire consequences for triggering a false positive. One can imagine that an airbag should be absolutely failsafe, but we live in a world where all things are not black and white but shades of gray. There are a number of variables which have ranges that go into the calculus of triggering an airbag. A whitelist of rules, however, adds another layer of uncertainty since such rules are based on statistical analysis of activity that ‘might’ be malicious. These IDPS rules are probabilistic which means that they are not deterministic. This is a fancy way of saying that there is an insufferable amount of uncertainty with these whitelist-based IDPS technologies that is driving automotive engineers to simply say, “no, not yet”.

It is for this reason that Trillium is taking a leadership position in the application of message authentication-encryption for Intrusion Detection and Prevention at the foundation of the vehicle’s digital architecture, the In-Vehicle Network (IVN). IVN messages are authenticated and encrypted such that rogue messages and their payloads are easily identified and rejected with 100% certainty and predictability. Leveraging cryptography, Trillium is able to provide straightforward approach to the detection and prevention of IVN intrusions for all safety critical controls and sensors within the vehicle.

Of course, we are working on other IDPS technologies as well, but let us know what you think? We look forward to hearing from you and speaking with you further about how to best protect the most valuable assets in our lives!