BlackBerry提出保障互联及自动驾驶汽车安全建议框架（附：建议框架白皮书）

安大略省，滑铁卢——2017年12月7日

随着新兴技术在汽车上得到越来越广泛的使用，汽车的互联化也极大地改善了驾驶体验。然而，这也给汽车制造商带来更为繁复的网络安全挑战。有鉴于此， BlackBerry公司今日发布了汽车安全建议框架，旨在加强互联及自动驾驶汽车抵御网络攻击的能力。

BlackBerry技术解决方案总裁Sandeep Chennakeshu表示：“保护汽车免遭网络安全威胁需要一套完整的解决方案。BlackBerry作为网络安全和嵌入式汽车软件领域的领导者，利用我们的专长，构建了保护汽车免受网络安全威胁的建议框架。如果符合框架内的标准，我们相信汽车不仅安全，而且得到的是BlackBerry Secure级别的保障”

经过多年的发展黑莓公司已经汽车行业取得瞩目的成就，基于Blackberry QNX技术的汽车系统已遍布全球

利用该框架，汽车制造商及其供应链可以通过不同技术来提供差异化的服务。BlackBerry安全建议框架利用公司在安全方面公认专长，顺应汽车行业趋势，致力于保障互联和自动驾驶汽车安全。在题为《汽车网络安全——BlackBerry的七大关键标准建议》的白皮书中，概括了如下要点：

1.保障供应链安全：通过确保汽车中的每一个芯片和电子控制单元(ECU)能够正确地进行身份验证并装载受信任的软件，而不受到供应商或制造商的影响，从而建立信任的根源。扫描部署的所有软件以符合标准和所需的安全状况。从漏洞和渗透测试的角度对供应链进行定期评估，以确保他们得到认证并批准交付。

2.使用值得信赖的组件：使用安全的硬件、软件和应用程序，在深度体系结构中深度分层，创建一个安全体系结构。

3.采用隔离手法与受信通信：使用电子系统架构来隔离安全关键和非安全关键的ECU，并且在检测到异常时也可以保障安全运行。另外，这种方法也可以确保汽车中的电子设备和外部世界之间的通信都是安全可靠的。更为重要的是，ECU之间相互的通信需要值得信赖和安全。

4.现场安全检查：  确保所有ECU都集成了分析和诊断软件，可以记录所发生的事件，并将结果发送至云端以进一步分析并启动预防性操作。此外，汽车制造商应该确认一系列指标定期自动扫描检测，当汽车在事件发生现场时，也能够通过安全的无线网络(OTA)软件更新来解决问题。

5.构建事件快速响应网络:  在参与的企业网络中共享常见的漏洞和风险，这样专家团队就可以相互学习，并在较短的时间内提供建议和修复方法。

6.使用生命周期管理系统： 一旦发现问题，自动利用安全的OTA更新软件。积极采取证书管理来管理安全凭证，并部署统一的端点策略管理来管理在汽车生命周期内下载的应用程序。

7.组织内建立安全文化：确保汽车电子供应链中的每一个企业都接受功能安全以及安全保障最佳案例的培训，并在企业中形成安全文化。

黑莓公司目前正走在汽车无人驾驶技术的前列，期待有一天黑莓无人驾驶技术能够像当初的黑莓手机一样，改变人们的生活方式

黑莓汽车网络互联与自动驾驶建议框架白皮书（.pdf）下载：度盘

黑莓公司官方新闻稿（EN）：

BlackBerry Outlines Framework to Secure Connected and Autonomous Vehicles

WATERLOO, ONTARIO–(Dec. 6, 2017) – While the integration of technology and connectivity in automobiles greatly improves the driving experience, it also creates complex cybersecurity challenges for automakers. To address these new concerns, BlackBerry Limited (NYSE:BB)(TSX:BB) today laid out a recommended framework to harden connected and autonomous vehicles against cyberattacks.

“Protecting a car from cybersecurity threats requires a holistic approach,” said Sandeep Chennakeshu, President of BlackBerry Technology Solutions. “Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats. If followed, we believe vehicles will not only be secure but BlackBerry Secure.”

Within this framework, automakers and their supply chains can deploy their technology choices to differentiate.
BlackBerry’s recommendation leverages the company’s proven expertise in security and accounts for industry trends in connectivity and automated driving. The key points, outlined in the whitepaper titled “Cybersecurity for Automobiles: BlackBerry’s 7-Pillar Recommendation,” are summarized below. The full version of the whitepaper can be downloaded here.

1. Secure the supply chain: Establish a root of trust by ensuring every chip and electronic control unit (ECU) in the automobile can be properly authenticated and loaded with trusted software, irrespective of vendor or manufacturer. Scan all software deployed for compliance to standards and required security posture. Conduct regular evaluations of the supply chain from a vulnerability and penetration testing perspective to ensure they are certified and “approved for delivery.”

2. Use trusted components: Create a security architecture that is deeply layered in a defense in depth architecture, with secure hardware, software, and applications.

3. Employ isolation and trusted messaging: Use an electronic system architecture that isolates safety critical and non-safety critical ECUs and can also “run-safe” when anomalies are detected. Additionally, ensure all communication between the electronics in the automobile and the external world are trusted and secure. Further, ECU-to-ECU communication needs to be trusted and secure.

4. Conduct in-field health checks: Ensure all ECUs have integrated analytics and diagnostics software that can capture events, and are able to log and report the same to a cloud-based tool for further analysis and to initiate preventative actions. Moreover, automakers should confirm that a defined set of metrics can be scanned regularly when the car is in the field, as well as be able to take actions to address issues via secure over-the-air (OTA) software updates.

5. Create a rapid incident response network: Share common vulnerabilities and exposures among a network of subscribing enterprises so expert teams can learn from each other and provide advisories and fixes in shorter time frames.

6. Use a lifecycle management system: Proactively re-flash a vehicle with secure OTA software updates as soon as an issue is detected. Manage security credentials via active certificate management. Deploy unified endpoint policy management to manage applications downloaded over the lifetime of the car.

7. Make safety and security a part of the culture: Ensure every organization involved in supplying auto electronics is trained in functional safety and security best practices to inculcate this culture within the organization.

BlackBerry has developed and is developing innovative technologies, tools, and services for each of these 7-Pillars. The company will demonstrate its vision for connected cars and autonomous vehicles at the 2018 Consumer Electronics Show in Las Vegas on January 9-12 (Booth #7523, North Hall). For reporters interested in meeting with BlackBerry, please email mediarelations@blackberry.com.

About BlackBerry

BlackBerry is a cybersecurity software and services company dedicated to securing the Enterprise of Things. Based in Waterloo, Ontario, the company was founded in 1984 and operates in North America, Europe, Asia, Australia, Middle East, Latin America and Africa. The Company trades under the ticker symbol “BB” on the Toronto Stock Exchange and New York Stock Exchange. For more information, visit www.BlackBerry.com.

BlackBerry and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other marks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.

BlackBerry Media Relations:
(519) 597-7273
mediarelations@blackberry.com

BlackBerry Investor Relations:
(519) 888-7465
investorinfo@blackberry.com

• About
• Latest Posts

berrylink

网站编辑 at BerryLink

黑莓,为你而在....
热情,奉献,坚持——发自内心的喜爱.

Latest posts by berrylink (see all)

• IFC Films 发布电影《黑莓》预告片 预计5月份在加拿大和美国上映 - 2023年3月16日
• 解决黑莓10手机重置系统无法加载、更新激活手机的问题 WiFi 设置上（初始设置） - 2022年5月4日
• 有关莓友来信提问的回复 如黑莓官方商城、黑莓是否退出中国等问题 - 2022年4月27日