National security concern
Government and local authorities are concerned by threats to transportation systems, on roads and elsewhere.
Darren Handley, from the British Department for Transport (DoT), told participants that the automotive industry faced three main sets of challenges:
- Cultural: cyber security is new to the industry, and it needs to get the right structures and organization in place to make cyber security business as usual.
- Technical: added complexity resulting from the long development time and life cycle of vehicles; management of risks in the supply chain and interactions with third parties (such as after market telematics devices)
- Governmental: there is no regulatory framework for what manufacturers should do. However, Handley said, standardization bodies like the International Organization for Standardization (ISO), ITU, the Society of Automotive Engineers (SAE), and IEC and ISO in their Joint Technical Committee ISO/IEC JTC 1: Information technology, are producing initial guidance in this area.
The DoT’s approach is to ensure that “the UK transport sector remains safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world”. The DoT wants to ensure an appropriate level of protection for vehicles, and the road side infrastructure they talk to, from unauthorized access, control or interference
The DOT’s aims in support of this, Handley said, are to:
- Understand the cyber threat and the vulnerabilities for the transport sector
- Mitigate cyber risks and take appropriate action to protect key assets
- Respond to cyber incidents effectively and ensure that lessons are learnt
- Promote cultural change, raise awareness and build cyber capability
Actions under way in this area include:
- Promotion – by initiatives like the automotive information exchange hosted by UK’s National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) in February 2017; promotion of cyber security principles for connected autonomous vehicles (CAV) in April 2017.
- Mitigation – through collaboration on cyber security for connected corridors with EU partners; chairing a task force on cyber security within the UNECE World Forum for the Harmonization of Vehicle Regulations (draft paper 2018)
- Response – Provide incident response and reporting mechanisms through NCSC/CPNI Cyber Incident Response (CIR) scheme (2017)
Testing and certification body perspective
Dirk Schlesinger, Chief Technology Officer of TÜV SÜD, an international testing, inspection, auditing and certification service provider, highlighted the challenges faced by the industry saying that “the car of tomorrow was a PC on wheels, but much more challenging”. Schlesinger mentioned Windows 10, which has 27-50 million lines of executable code, and a total of 100 million lines of code when motherboard, graphics card and applications such as Office are included. However, he noted Windows 10 doesn’t have any sensor and everything is in one place. By comparison, he said, a Ford GT supercar has 50 different sensors in 15 sensor sets, 28 microprocessors, six communication area networks (CANs), 3 000 different signals delivering the equivalent of 100 GB/hour of data.
The challenge is to get all the signals to talk to each other while making sure “when one sensor shuts down it doesn’t crash the whole system”, he said. The car has 10 million lines of “mission critical” software code, that is three million more than a Boeing 787 and eight million more than an F-22 fighter aircraft, and “rebooting while driving is not an option”, he added.
“Always assume you are in a hostile network with a multitude of attack vectors”, Schlesinger said. He named today’s vectors as onboard audio systems, smartphone apps, communication intercepts, such as keyless entry, tyre pressure sensors, and direct network access, via rearview camera or breaking off a mirror. Tomorrow’s vectors will be IT-infrastructure of dealer/repair shop, original equipment manufacturers/service providers (OEM/SP) data centres, and other elements of the digital delivery chain.
Software protection and quality control become increasingly important, but existing standards are not sufficient, Schlesinger stressed recommending that the quality of commonly used software libraries/open source software is ensured without stifling innovation.
He warned that relying on just gateway(s) and anti-virus wouldn’t help, and said that a holistic view of cyber security was needed with a convergence of IT and Operational Technology (OT), similar to that found in manufacturing automation. Referring to SAE J3061, he said that this standard was auto-specific, but he raised issues such as OEM data centres, the qualification of system integrators, and security processes innovation.
Looking for software solutions
Arnaud Taddei, Director of Security Solutions Architecture and CTO at Symantec, presented the company’s approach, which consists in building comprehensive security into cars. This approach is outlined in a White Paper.
For Symantec “technology exists to solve many of these security problems, the challenges of deploying such technology in cars loom far larger than similar challenges do in traditional IT systems. In traditional IT systems, most problems can be solved with a quick install, update, or configuration change,” or more radical measures to tackle very sophisticated threats. But “cars don’t work like that,” as they don’t get “the weekly, daily, and real-time security updates that IT teams enjoy.”
Symantec recommends “scalable approaches to building-in security”. These “require discipline and collaboration in applying the following basic security principles:
- Protecting all communications
- Protecting each sensor, actuator, microcontroller (MCU), and microprocessor
- Safely and effectively managing the entire vehicle over the air (OTA)
- Mitigating advanced threats.”
The automotive sector faces some significant challenges Symantec notes: it needs long certification lead times for safely introducing any new technology. But the situation is urgent, neglecting the issue could cause fatalities, as could phasing in technology too quickly.
Solving this “large and complex problem requires the insights and efforts of companies in both the automotive industry and IT and OT security. Designing cars that are secure from end to end will take time, and both industries must begin addressing these security issues at every tier of the automotive value chain,” according to Symantec.
Protecting cars against cyber threats requires discipline and collaboration in applying basic security principles at each level of the system.
Symantec lists “Four Cornerstones” for this:
- Protecting communications: particularly any modems for in-vehicle infotainment (IVI) or in on-board diagnostics (OBD)
- Protecting each module: sensors, actuators, and anything with an MCU
- OTA management: from the cloud to each car
- Mitigating advanced threats: analytics in the car and in the Cloud
“Long-term, comprehensive security will require building security into the car at each layer. Today’s cars have a great number of layers. (…). Protecting the whole “stack” from top to bottom with comprehensive security will take many years, given the complexity of spanning supplier relationships”, notes Symantec, which offers sets of technologies to address these challenges.
Enabling secure connected vehicles
Yoram Berholtz, Business Development Director for automotive cyber security company Argus, which provides in-vehicle network-wide security by detecting attacks, suspicious activity and changes in standard in-vehicle network behaviour stated that, deployed centrally, Argus In-Vehicle Network Protection examines entire network communication and stops attacks advancing in the network.
By next year there will be 100 million cars on the roads, Berholtz said.
Possible attack scenarios include cyber ransom, car theft, targeted attacks to provoke accidents, data theft/privacy invasion, and mass events (accidents).
Nearly all major brands have been hacked, Berholtz noted, giving examples of these and of recalls of vehicles found to have vulnerabilities.
He outlined “Argus cyber security philosophy”, which relies on:
- Prevention: making it as hard as possible to attack
- Understanding: knowing you are being hacked and how in real time
- Response: Mitigating the damage and immunizing the fleet in hours
Prevention rests on:
- In-vehicle protection: via electronic engine control unit (ECU) protection, in-vehicle network protection and connectivity protection
- Out-of-vehicle lifespan protection and aftermarket protection
Understanding depends on real-time monitoring of fleets to identify vulnerabilities, attacked component, block attacks and unauthorized access
Response is achieved by delivering security updates over the air.
Long-time task that requires close cooperation between organizations
Protecting road vehicles against cyber threat is a daunting task than cannot be achieved in the short term and which will need close and constant cooperation between a number of organizations, automotive and original equipment manufacturers (OEMs), software companies and security solution providers.
The IEC, working within ISO/IEC JTC 1, plays its part in this overall architecture, as shown in the UNECE document on System Security Principles for Intelligent Transport System and Connected and Automated Vehicles. This document lists no less than 11 ISO/IEC JTC 1 applicable standards and guidance documents, together with two SAE standards: SAE J3061, Cybersecurity guidebook for cyber-physical vehicle systems and SAE J3101, Requirements for hardware protected security for ground vehicle applications, and four NIST documents.