New Risks on the Road: Robert Bielby on Automotive Security
In 2015, the now famous Jeep Cherokee cyberattack made the automotive community and car owners alike suddenly aware of the significant liabilities that could be posed by attacks on vehicles’ electronic control systems. In this breach, security researchers remotely accessed the Jeep and were able to gain control over the vehicle functions including steering and braking. They gained access to the vehicle through its entertainment system via the cellular connection responsible for internet services. And while a software patch was provided to address this vulnerability, this attack raised a heightened awareness of the vulnerabilities of the connected car. There have since been other attacks demonstrated with differing levels of severity from manufacturers including BMW, Corvette, Nissan, and Tesla.
With over 500 million connected vehicles on the road today and lines of software in the vehicle exploding from 150 million up to 1 billion by the end of this decade – increasing possible cyber attack points – cybersecurity is increasingly getting a greater industry focus. This is for good reason; just by surveying the different networks in the car and their impact on the control over the vehicle, it’s clear that there is a need to ensure a critical focus is placed on cybersecurity.
Automotive networks - LIN, CAN, FLEX-RAY, and Ethernet provide different forms of connectivity within the car. The different types of networks address the unique performance requirements of the different Electronic Control Units (ECUs). They also provide opportunities for cyber attacks. The ECUs themselves have direct control over various aspects of the vehicle, which includes:
● Engine Control
● Transmission Control
● Steering Control
● AirBag Control
● Braking Control
● Navigation Systems
As one can see, the motivations are very high to ensure robust defense against cyber security attacks.
And again, with the growth in lines of software in conjunction with the move to the Software-Defined Vehicle (SDV), Over-the-Air Updates (OTA) will be commonplace with every update holding a real risk for containing malware and for that malware to go undetected. Exposing a car to the Internet makes it vulnerable to cyber-attacks if software isn’t written properly, which could render the car unstable or dangerous.
In August 2021, the ISO 21434: 2021 international standard was introduced. This standard specifies the engineering requirements for vehicle cybersecurity with the intent to reduce the risk of cyberattacks by embedding cybersecurity best practices in the automotive industry. The focus is on the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation.
It’s key to note, the standard does not specify how to implement cybersecurity solutions per se, it specifies best practices to be used in designing a system in a manner similar to Systematic fault coverage associated with the ISO 26262 functional safety standard. Systematic fault coverage doesn’t identify how to implement functional safety, but provides a methodology to ensure industry best practices for safety are used in the design, test, and verification of a device / system and software. Interestingly, the ISO 21434 specification is not a mandate but a recommendation. Per ISO 21434 specification; “automotive suppliers and OEMs should strongly consider integrating ISO 21434 into their current process.”
Functional Safety and Cybersecurity are interdependent. A vehicle cannot be safe if its behavior can’t be predicted or controlled in the desired manner. One of the first tasks in designing to address cybersecurity is to perform a Threat Agent Risk Assessment (TARA) which looks to prioritize specific areas that are critical and have high vulnerabilities to attack. Many of the modeling techniques employed in the defense industry are being employed in TARA. Suffice to say that the area of cybersecurity is very complex and could fill many pages without even scratching the surface on this topic.
Interestingly, as part of the modeling, there is a detailed review of the threat agents – which identifies the different parties that would have motivation to try and hack the connected vehicle. The list is quite long and ranges from car thieves whose motivations are quite clear, to radical activists who are looking for fame and glory and also includes the poorly trained employee who unintentionally designs in a threat. This modeling is then used to develop a cybersecurity strategy and plan.
In conjunction with TARA, there is a common exposure library (CEL) that is used to identify all the possible areas of exposures and vulnerabilities associated with the connected car. These include:
● WiFi
● Cellular Connection
● Bluetooth
● TPMS (Tire Pressure Monitoring System)
● OBD II (On-Board Diagnostics Port)
● USB
● EV Charging Port
● V2x (Wireless vehicle to vehicle and infrastructure connectivity.
Vehicle to “x” V2x, which is seeing different levels of adoption by geography, allows for vehicles to speak to one another and a smart city infrastructure through wireless connectivity that is loosely based on WiFi. Because vehicles can talk to one another, events like multi-car pile ups that typically happen in situations where there is poor roadway visibility can be avoided simply by communicating to cars approaching that the car in front is stopped. V2x is typically connected directly to the ADAS system, assuming control over the vehicle, specifically to address these types of situations. One can easily envision how dangerous it could be if this communications network got spoofed, again, underscoring the need for robust cybersecurity.
But it’s not just about gaining control over the vehicle's operation that presents a cyber security risk. There is a considerable amount of personal, confidential data that is now contained in the car – ranging from personal credit card payment information for EV charging, to biometrics data which are being collected as a means to use AI to tune the cabin to the driver’s and occupants’ desires. A recent podcast with Lin Sun Fa, CEO at Emobi – a supplier of digital infrastructure for a secure and seamless EV charging experience – shined a light on some of the different security challenges that exist in EV charging and the level of personal information that can potentially be accessed.
While I have barely scratched the surface on this complex topic and technology, it’s clear that the importance of cybersecurity cannot be overstated, and the importance only continues to grow as Software-Defined, connected vehicles with OTA and a massively growing code base become more common.
In 2015, the now famous Jeep Cherokee cyberattack made the automotive community and car owners alike suddenly aware of the significant liabilities that could be posed by attacks on vehicles’ electronic control systems. In this breach, security researchers remotely accessed the Jeep and were able to gain control over the vehicle functions including steering and braking. They gained access to the vehicle through its entertainment system via the cellular connection responsible for internet services. And while a software patch was provided to address this vulnerability, this attack raised a heightened awareness of the vulnerabilities of the connected car. There have since been other attacks demonstrated with differing levels of severity from manufacturers including BMW, Corvette, Nissan, and Tesla.
With over 500 million connected vehicles on the road today and lines of software in the vehicle exploding from 150 million up to 1 billion by the end of this decade – increasing possible cyber attack points – cybersecurity is increasingly getting a greater industry focus. This is for good reason; just by surveying the different networks in the car and their impact on the control over the vehicle, it’s clear that there is a need to ensure a critical focus is placed on cybersecurity.
Automotive networks - LIN, CAN, FLEX-RAY, and Ethernet provide different forms of connectivity within the car. The different types of networks address the unique performance requirements of the different Electronic Control Units (ECUs). They also provide opportunities for cyber attacks. The ECUs themselves have direct control over various aspects of the vehicle, which includes:
● Engine Control
● Transmission Control
● Steering Control
● AirBag Control
● Braking Control
● Navigation Systems
As one can see, the motivations are very high to ensure robust defense against cyber security attacks.
And again, with the growth in lines of software in conjunction with the move to the Software-Defined Vehicle (SDV), Over-the-Air Updates (OTA) will be commonplace with every update holding a real risk for containing malware and for that malware to go undetected. Exposing a car to the Internet makes it vulnerable to cyber-attacks if software isn’t written properly, which could render the car unstable or dangerous.
In August 2021, the ISO 21434: 2021 international standard was introduced. This standard specifies the engineering requirements for vehicle cybersecurity with the intent to reduce the risk of cyberattacks by embedding cybersecurity best practices in the automotive industry. The focus is on the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation.
It’s key to note, the standard does not specify how to implement cybersecurity solutions per se, it specifies best practices to be used in designing a system in a manner similar to Systematic fault coverage associated with the ISO 26262 functional safety standard. Systematic fault coverage doesn’t identify how to implement functional safety, but provides a methodology to ensure industry best practices for safety are used in the design, test, and verification of a device / system and software. Interestingly, the ISO 21434 specification is not a mandate but a recommendation. Per ISO 21434 specification; “automotive suppliers and OEMs should strongly consider integrating ISO 21434 into their current process.”
Functional Safety and Cybersecurity are interdependent. A vehicle cannot be safe if its behavior can’t be predicted or controlled in the desired manner. One of the first tasks in designing to address cybersecurity is to perform a Threat Agent Risk Assessment (TARA) which looks to prioritize specific areas that are critical and have high vulnerabilities to attack. Many of the modeling techniques employed in the defense industry are being employed in TARA. Suffice to say that the area of cybersecurity is very complex and could fill many pages without even scratching the surface on this topic.
Interestingly, as part of the modeling, there is a detailed review of the threat agents – which identifies the different parties that would have motivation to try and hack the connected vehicle. The list is quite long and ranges from car thieves whose motivations are quite clear, to radical activists who are looking for fame and glory and also includes the poorly trained employee who unintentionally designs in a threat. This modeling is then used to develop a cybersecurity strategy and plan.
In conjunction with TARA, there is a common exposure library (CEL) that is used to identify all the possible areas of exposures and vulnerabilities associated with the connected car. These include:
● WiFi
● Cellular Connection
● Bluetooth
● TPMS (Tire Pressure Monitoring System)
● OBD II (On-Board Diagnostics Port)
● USB
● EV Charging Port
● V2x (Wireless vehicle to vehicle and infrastructure connectivity.
Vehicle to “x” V2x, which is seeing different levels of adoption by geography, allows for vehicles to speak to one another and a smart city infrastructure through wireless connectivity that is loosely based on WiFi. Because vehicles can talk to one another, events like multi-car pile ups that typically happen in situations where there is poor roadway visibility can be avoided simply by communicating to cars approaching that the car in front is stopped. V2x is typically connected directly to the ADAS system, assuming control over the vehicle, specifically to address these types of situations. One can easily envision how dangerous it could be if this communications network got spoofed, again, underscoring the need for robust cybersecurity.
But it’s not just about gaining control over the vehicle's operation that presents a cyber security risk. There is a considerable amount of personal, confidential data that is now contained in the car – ranging from personal credit card payment information for EV charging, to biometrics data which are being collected as a means to use AI to tune the cabin to the driver’s and occupants’ desires. A recent podcast with Lin Sun Fa, CEO at Emobi – a supplier of digital infrastructure for a secure and seamless EV charging experience – shined a light on some of the different security challenges that exist in EV charging and the level of personal information that can potentially be accessed.
While I have barely scratched the surface on this complex topic and technology, it’s clear that the importance of cybersecurity cannot be overstated, and the importance only continues to grow as Software-Defined, connected vehicles with OTA and a massively growing code base become more common.
