As it seeks to be a global leader in the deployment of autonomous vehicles, the South Korea government in November announced the opening of K-City, an artificial town designed to test self-driving cars under real road conditions. At 79-acre, that’s almost the size of Singapore Polytechnic in Singapore, and with the environment to present 35 different driving conditions, according to a report by Quartz.

Notably, Penta Security Systems will head and monitor security systems for K-City, including testing and certifying the safety of smart vehicles. We pose some questions to Jaeson Yoo, the chief security evangelist at Penta on the how and why of securing autonomous vehicles.

Jaeson Yoo, Chief Security Evangelist, Penta Security Systems

Jaeson Yoo, Chief Security Evangelist, Penta Security Systems

Q: How did Penta security get involved in K-City?

Our work in automotive security began more than a decade prior to this new K-City project. From working with law enforcement agencies, to help them monitor patrol vehicles without leaking GPS location information, to developing a V2X (Vehicle-to-Everything) solution for telematics systems in 2013 that was eventually designated as the standard for all C-intelligent transportation system (ITS) projects in South Korea – I would say Penta wasn’t a surprising choice for overseeing security at the K-City licensing facility.

To implement V2X security, we’ve developed a Security Credential Management System (SCMS), and installed Local Certificate Management modules to enable safe communications between onboard and road-side units. These and other IT infrastructure have been tested extensively with other smart highway projects in Korea since 2016, giving Penta Security a unique leverage to become a significant contributor when it comes to such projects like K-City.

Q: What does the launch of K-City mean for autonomous vehicle manufacturers in Korea?

Those aiming to manufacture autonomous vehicles will be paying more attention to this trend of increasing importance being placed on security. K-City is a testing and licensing facility for autonomous vehicles, demonstrating the Korean government’s dedication to not just safety but the security of autonomous cars, as well as securing their connections to public infrastructure. As such, car manufacturers here and abroad targeting the Korean market will need to consider how their cars will be connected and ensure the proper systems are in place to maintain security.

Q: What is your main takeaway from the years implementing of security systems in intelligent transportation system (ITS) projects?

One of our biggest takeaways from our ITS experiences is that security needs to be considered in the design phase to be truly effective. In fact, our key message, “Secure First, then Connect”, lays out what we believe to be a crucial strategy for IoT applications, especially in the automotive industry. Consequently, cooperation across numerous industrial domains becomes crucial to any successful ITS deployment.

To establish an overall architecture for a secure ITS, car manufacturers, network infrastructure providers, government agencies, and other stakeholders need to engage in knowledge-sharing and collaboration, involving key security players with extensive experience to provide the relevant assistance and expertise.

K-City, South Korea

Q: How has car security evolved, and what is the greatest challenge to making connected cars safe enough for the road?

When it comes to connected car security, the importance of securing external communications, such as between cars and RSUs or back-end infrastructure, is becoming increasingly recognized. With wider industry adoption of V2X security, the next frontier will be further technological advancements for in-vehicle security. With the limitations of the in-vehicle environment and resources, however, developing technology that can prevent security threats that may directly endanger the physical safety of drivers or passengers will likely be a major challenge in the coming years.

Q: What is Penta’s contribution to the vehicle security industry?

Besides bringing V2X security to ITS deployments with our SCMS, we’re looking ahead to address impending challenges to maintaining in-vehicle security, with an advanced firewall optimized for vehicular communication protocols. But the way I see it, our technology will have wider implications than just AV security. In the same way IoT has deeply transformed the way we live our lives through our smartphones, connected cars will be the next IoT mobile device to do the same. By setting the standard for security in connected cars, we’ve made a mark in the industry as the only company that provides a comprehensive solution including encryption at onboard and road-side units, and the testing of online PKI certificates.

Q: What are the challenges you expect to face with K-City and how can insights benefit developments in Singapore?

Korea is certainly one of the world’s leaders in terms of implementing connected car technology. But it’s equally important to recognize that the future isn’t here yet, and that we are still in the early stages of testing, licensing, etc. Right now, government entities are continuing to build infrastructure to make connected cars on the road possible, all with safety in mind. That said, I hope that the strong security requirements we have in place now won’t eventually become sidelined as “regulatory red-tape” in the name of fast-tracking autonomous technology developments.

Singapore certainly has strong government leadership. According to my understanding, Singapore is projecting a more generous period of between 10 to 15 years before autonomous driving becomes widely adopted. Giving time to mature regulatory frameworks and ensuring secure deployment of this amazing technology is a prudent approach. Combined with robust private sector participation and collaboration, I think the country is in a great position to become one of the world’s leaders in this area.

This post is supported by Penta Security.