Government and local authorities are concerned by threats to transportation systems, on roads and elsewhere.
Darren Handley, from the British Department for Transport (DoT), told participants that the automotive industry faced three main sets of challenges:
The DoT’s approach is to ensure that “the UK transport sector remains safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world”. The DoT wants to ensure an appropriate level of protection for vehicles, and the road side infrastructure they talk to, from unauthorized access, control or interference
The DOT’s aims in support of this, Handley said, are to:
Actions under way in this area include:
Dirk Schlesinger, Chief Technology Officer of TÜV SÜD, an international testing, inspection, auditing and certification service provider, highlighted the challenges faced by the industry saying that “the car of tomorrow was a PC on wheels, but much more challenging”. Schlesinger mentioned Windows 10, which has 27-50 million lines of executable code, and a total of 100 million lines of code when motherboard, graphics card and applications such as Office are included. However, he noted Windows 10 doesn’t have any sensor and everything is in one place. By comparison, he said, a Ford GT supercar has 50 different sensors in 15 sensor sets, 28 microprocessors, six communication area networks (CANs), 3 000 different signals delivering the equivalent of 100 GB/hour of data.
The challenge is to get all the signals to talk to each other while making sure “when one sensor shuts down it doesn’t crash the whole system”, he said. The car has 10 million lines of “mission critical” software code, that is three million more than a Boeing 787 and eight million more than an F-22 fighter aircraft, and “rebooting while driving is not an option”, he added.
“Always assume you are in a hostile network with a multitude of attack vectors”, Schlesinger said. He named today’s vectors as onboard audio systems, smartphone apps, communication intercepts, such as keyless entry, tyre pressure sensors, and direct network access, via rearview camera or breaking off a mirror. Tomorrow’s vectors will be IT-infrastructure of dealer/repair shop, original equipment manufacturers/service providers (OEM/SP) data centres, and other elements of the digital delivery chain.
Software protection and quality control become increasingly important, but existing standards are not sufficient, Schlesinger stressed recommending that the quality of commonly used software libraries/open source software is ensured without stifling innovation.
He warned that relying on just gateway(s) and anti-virus wouldn’t help, and said that a holistic view of cyber security was needed with a convergence of IT and Operational Technology (OT), similar to that found in manufacturing automation. Referring to SAE J3061, he said that this standard was auto-specific, but he raised issues such as OEM data centres, the qualification of system integrators, and security processes innovation.
Arnaud Taddei, Director of Security Solutions Architecture and CTO at Symantec, presented the company’s approach, which consists in building comprehensive security into cars. This approach is outlined in a White Paper.
For Symantec “technology exists to solve many of these security problems, the challenges of deploying such technology in cars loom far larger than similar challenges do in traditional IT systems. In traditional IT systems, most problems can be solved with a quick install, update, or configuration change,” or more radical measures to tackle very sophisticated threats. But “cars don’t work like that,” as they don’t get “the weekly, daily, and real-time security updates that IT teams enjoy.”
Symantec recommends “scalable approaches to building-in security”. These “require discipline and collaboration in applying the following basic security principles:
The automotive sector faces some significant challenges Symantec notes: it needs long certification lead times for safely introducing any new technology. But the situation is urgent, neglecting the issue could cause fatalities, as could phasing in technology too quickly.
Solving this “large and complex problem requires the insights and efforts of companies in both the automotive industry and IT and OT security. Designing cars that are secure from end to end will take time, and both industries must begin addressing these security issues at every tier of the automotive value chain,” according to Symantec.
Protecting cars against cyber threats requires discipline and collaboration in applying basic security principles at each level of the system.
Symantec lists “Four Cornerstones” for this:
“Long-term, comprehensive security will require building security into the car at each layer. Today’s cars have a great number of layers. (…). Protecting the whole “stack” from top to bottom with comprehensive security will take many years, given the complexity of spanning supplier relationships”, notes Symantec, which offers sets of technologies to address these challenges.
Yoram Berholtz, Business Development Director for automotive cyber security company Argus, which provides in-vehicle network-wide security by detecting attacks, suspicious activity and changes in standard in-vehicle network behaviour stated that, deployed centrally, Argus In-Vehicle Network Protection examines entire network communication and stops attacks advancing in the network.
By next year there will be 100 million cars on the roads, Berholtz said.
Possible attack scenarios include cyber ransom, car theft, targeted attacks to provoke accidents, data theft/privacy invasion, and mass events (accidents).
Nearly all major brands have been hacked, Berholtz noted, giving examples of these and of recalls of vehicles found to have vulnerabilities.
He outlined “Argus cyber security philosophy”, which relies on:
Prevention rests on:
Understanding depends on real-time monitoring of fleets to identify vulnerabilities, attacked component, block attacks and unauthorized access
Response is achieved by delivering security updates over the air.
Protecting road vehicles against cyber threat is a daunting task than cannot be achieved in the short term and which will need close and constant cooperation between a number of organizations, automotive and original equipment manufacturers (OEMs), software companies and security solution providers.
The IEC, working within ISO/IEC JTC 1, plays its part in this overall architecture, as shown in the UNECE document on System Security Principles for Intelligent Transport System and Connected and Automated Vehicles. This document lists no less than 11 ISO/IEC JTC 1 applicable standards and guidance documents, together with two SAE standards: SAE J3061, Cybersecurity guidebook for cyber-physical vehicle systems and SAE J3101, Requirements for hardware protected security for ground vehicle applications, and four NIST documents.