Automotive Cybersecurity: The Growing Need and Challenges
In recent years, there has been a significant increase in consumers’ interest in vehicle safety. The connected car revolution will create new possibilities for consumers’ interest in data security. Along with safety, protecting consumers’ data is more important to maintain trust; a failure in safety or data security will destroy the consumers’ confidence in the manufacturer.
Just like how a weak ECU inside the car can compromise the entire vehicle security and safety, a less secured vehicle on the road can create a potential threat to other vehicles, pedestrians, and surrounding infrastructure. Now Vehicles are getting more equipped with artificial intelligence to reduce human operations. Connected and autonomous vehicles (CAVs) with 5G connectivity will take us to the next level of driving experience – advanced driver assistance, autonomous driving, and external connectivity like vehicles communicate with other vehicles, pedestrians and surrounding infrastructure are some of them. In modern cars, the external connectivity is mainly handled by the gateway module, telematics, Bluetooth/WiFi radios, and V2X module, more security measures are needed for these modules. The wireless and the advanced RF communication used in these modules will create more opportunities for hackers, cybercriminals to steal personal data, or manipulate vehicle functionality. On the other side, academic researchers and competitors can explore the vulnerabilities and challenge the manufacturer’s reputation. Also, we should consider the possibilities of terrorist activities with less secured cars.
Modern vehicles support Over The Air software updates and will get numerous connection requests from their surroundings. If the car doesn’t have proper cybersecurity, such connections can steal your private data (e.g., contact list, credit card details, your medical report, bank balance, your conversations) or it can intervene with the safety (e.g., changing/tuning car performance, disabling the breaks or locking the steering while driving). We might not be aware of the extent to which these threats can impact us. In addition to autonomous features, the vehicles will offer many advanced features to the user and also to the government officials. For example, the vehicle might have contactless bill payment, which means you don’t have to use credit cards in gas/electric stations, toll booths, and drive-thru stores; instead, you just have to save your card information in the car. Another example is, A police vehicle or a traffic signal that can read your car’s diagnostic data or access live driving records (e.g., driving behavior, overspeed, and other traffic violations) without stopping you. Any unauthorized connections can adversely impact the safety or steal personal data which can directly or indirectly affect you – like,
- Indirect Impact: Stealing driving behavior can increase your insurance premium.
- Indirect Impact: Cybercriminals can sell your stolen health report on the darknet/black market for cash, which contains many personal data (e.g., govt. IDs, date of birth, place of birth); these can be used to hack your bank/email account.
- Direct Impact: Spoofing the GPS signal can have an impact on safety, a cybercriminal can take control of your autonomous vehicle causing personal injury, property destruction, and severe traffic congestion.
The widespread use of smartphones and smart gadgets brings a basic awareness of data security to the public, but it doesn’t create any critical threats to your safety. Back to cars, both safety and data security are critical; a hacker can threaten your life by hacking the car or use stolen personal data to commit fraud.
The Current Challenges
Cybersecurity in the auto industry is not a new topic, but it was not a major consideration until the Jeep hack in 2015. Considering that the Connected and Autonomous vehicles will become a top target for cyberattacks, automotive manufacturers have started investing in security research and development to secure vehicles network from unauthorized access. However, the challenges are incredibly high with OEMs and the Tier-n suppliers. The lack of cybersecurity processes and standards was one of the major concerns for the last few years.
ISO/SAE 21434 ‘Road vehicles – Cybersecurity engineering’ is expected to be released by the mid of 2021, that will supersede SAE J3061 and help to fill the gap in cybersecurity process and culture. ISO/SAE 21434 will provide a structured process and requirements to ensure cybersecurity across the life cycle of the vehicle. It specifies requirements for cybersecurity risk management, security concept, development, production, operation and maintenance of road vehicles. It will also help with the cybersecurity process for post-development, the incident response and decommissioning. OEMs and Tier 1 will need to follow this new standard, just like ISO 26262.
The connectivity with the external world provides an excellent opportunity for hackers to challenge your safety and the data. Identifying the future threats is always the top challenge; the effectiveness of security depends on the experience and knowledge of the members who identify, analyze the risks, define security goals, and design security features to mitigate the risks. Considering the unknown threats that can happen in the future, multiple security layers are recommended.
“Cybercriminals’ can outpace the existing cybersecurity experts”. The current cybersecurity workforce shortage and the cybersecurity skill gap continues to widen; this is one of the major challenge. Many universities have already started cybersecurity in their academic programs and focus on a broad array of security-related research areas. The ability to prevent cyber-attacks depends on the availability of highly skilled cybersecurity workforce; therefore, it is essential to include cybersecurity in our education system to meet the emerging demands.
The OEMs, Tier n suppliers, need to follow the rules and processes to manage cybersecurity and maintain continuous improvement. Here, another challenge is with distributed activities. The items and components developed in a distributed activity, the security design concepts, requirements, and secrets might need to be shared between the suppliers; this requires proper Non-Disclosure Agreements (NDA) and Cybersecurity Interface Agreements (CIA) between the parties. Maintaining secrecy will become each party’s responsibility; suppliers will need to provide proper training and awareness to their employees.
Vulnerability analysis is the next challenge. Until the connectivity is enabled, hackers cannot exploit vulnerabilities without physical access. The connectivity fills the gap, and hackers around the world can exploit the vulnerabilities and access the cars remotely. Cars are complex machines, we are at the beginning of an evolution where modern cars contain around 80 ECUs, a few 100 million lines of codes. It is not easy to find out the bugs and vulnerabilities; in such cases, one of the best possible method is performing code/design reviews and vulnerability scans. Also, suppliers need to follow Secure coding practices (e.g., CERT C/C++, MISRA C:2012) to minimize the vulnerabilities and effectively reduce cyber-attacks’ surface. Carmakers put a lot of interest in this, any callbacks will cause considerable loss to them. There are vulnerability information-sharing systems in the cybersecurity field, like CVE (Common Vulnerabilities and Exposures), which is not of much use to the automotive industry; it is more for the IT sector. The CWE (Common Weakness Enumeration) is one step ahead and provides both software and hardware weakness to support building secure software. Another one is the NVD (National Vulnerability database) maintained by NIST. There are few databases focused on the automotive sector like Automotive-CVE and Auto-ISAC, where new vulnerabilities and threats are collected and exchanged.
All the current security measures will weaken as the technology improves; this becomes another challenge to the OEMs. The current security measures are good until someone hacks it. Most of the time, the OEM defines detailed basic security features like security access, secure programming, secure diagnostics, secure modes, secure communication, and relies more on symmetric, asymmetric, or hybrid cryptographic algorithms. Suppliers will have a great deal on other security features like secure boot, debug/unused port lockout, development services, input filtering, boundary checks, firewall, IDS/IPS, etc. Both OEMs and Suppliers are responsible for choosing robust cryptographic algorithms, passwords, nonce, etc. Using already/soon deprecated cryptographic algorithms and weak passwords increase vulnerability to break the security measures and compromise whatever data has been protected. If there is any kind of breach in the crypto algorithms used, it will end up as huge loss for OEMs.
Hardware Security Module: The Software-only solutions cannot effectively handle all cyberattacks. The hardware-based security systems are effective against new threats, it can safeguard and manage secret keys, secret data, and perform cryptographic operations. Hardware security modules are embedded in the microcontroller with dedicated CPU, hardware based symmetric/asymmetric cryptographic accelerators and TRNG. A wide range of hardware security systems are available in the market, following different standards and brand names (e.g., HIS-SHE/SHE+, Evita-Full/Medium-HSM/Light, TPM, CSE, ICU).
Cybersecurity testing is the next challenge. Apart from normal functional and interface testing, cybersecurity targeted vulnerability scanning, fuzz, and Penetration testing has to be performed on all ECUs. Cybersecurity testing should discover the overflows, segmentation, and heap errors that will have cybersecurity implications. Penetration testing will become a must for all Safety critical ECUs to find vulnerabilities present in the system, which leads to unauthorized control, gaining privileged access, exposing privileged data, or malfunctioning the system. It is also best to practice this for all ECUs which has security implemented in it, instead of just safety critical ECUs. Remember, any weak ECU inside the car can challenge another ECU or the entire system.
Enabling Cybersecurity can prevent the suppliers’ re-work capability, leading to an increase in scrapped EUCs during production. A need for proper rework process is required to reduce the scrap cost; Suppliers will not have access to their development services on production parts, as they are being deleted or locked through multi-factor authentication. The incident response process and lack of standards are other challenges. OEMs and suppliers need rules and processes for the incident response; there will be a significant rise in security-related incidents compared to other incidents that the automotive industry is facing today.
Besides vehicles, the supply chain will also need to consider Cybersecurity for their IT infrastructure where the secrets are handled. For example, hacking the passwords, root keys, crypto algorithms that are stored inside the web servers or the database can be used to hack the connected vehicles. The supply chain will need to prepare now for Cybersecurity to prevent future loss.
Author:
Midhun Roby has over 10 years of experience in the Automotive industry with 6 years of automotive cybersecurity expertise. He deals with Security Analysis, Concepts, Designs, Implementation and Process. Midhun did his bachelor’s and master’s in Electronics. He also has a Master of Technology degree in Digital Electronics.
Published in Telematics Wire