Simulation and HIL Testing for Rapid Development Hardware-in-the-loop (HIL) testing is a necessary tool for any automotive manufacturer or supplier...
What is Automotive Cybersecurity?
To best understand automotive cybersecurity, it is helpful to review the unique requirements of the automotive realm, and then compare them to the more typical cybersecurity considerations that tend to be common across most connected devices and systems.
For several years, the automotive industry has been in a state of technological evolution. New, complex inter-connectable technologies continue to emerge that manufacturers and OEMs are embracing at a blistering pace. These include infotainment systems, advanced driver-assistance systems (ADAS), and a variety of modern electric vehicle systems.
Common to all these systems is their reliance on digital technologies in one form or another. Sensors, microprocessors, actuators, and communication systems all perform their functions via digital means. Data is digitized, recorded, relayed, processed, analyzed, and shared among these systems to perform useful work.
Interwoven digital systems working together enable amazing capabilities that can greatly increase safety and reliability, but they also carry a security risk. This digital ecosystem is built on trust. If the data or code is altered or corrupted to even a slight degree, the ecosystem can perform erroneously or not at all. Some or all portions of the ecosystem could fail to provide the intended safety, or worse, could even be subverted to deliberately cause harm.
This entire digital ecosystem must be accurate, complete, and secure as defined by formal industry standards. It must be able to be thoroughly interrogated for trustworthiness via vetted processes, and we must be able to validate that the entire system is secure. These requirements define cybersecurity, the art and science of protecting data, devices, and networks from criminal use or unauthorized access.
Cybersecurity impacts virtually every type of digital application in any form. Cybersecurity, properly implemented, ensures the confidentiality, availability, and integrity of the information that is being protected.
Why is automotive cybersecurity important?
Within the automotive realm, the National Highway Traffic Safety Administration (NHTSA) defines automotive cybersecurity as follows:
“Cybersecurity, within the context of road vehicles, is the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation.”
Cybersecurity helps keep the system secure, so it can perform as intended. Properly functioning digital systems are inherently safer than their analog predecessors. In the case of the autonomous automotive environment, it leverages the power of digital processing to greatly increase the speed, accuracy, completeness, capacity, and effectiveness of digital communication among drivers, vehicles, and roadside elements. These elements enable simultaneous awareness of all the vehicle states and near-term intentions, enabling the group to work in concert as a cohesive whole. For all that capability to function properly, the entire digital system must be secure.
Digital systems are vulnerable regarding the trustworthiness of connected vehicles and the risk to safety-critical systems. If they are not secured properly, they increase the potential for harm. Hack just one autonomous car, and you can harm many. For bad actors, that can be a tempting target.
Modern and future vehicles must be trustworthy and secure. All these considerations make automotive cybersecurity one of the most important and complex problems to solve in the modern age. Without cybersecurity, a trustworthy vehicle does not exist. Without trustworthiness, autonomy cannot happen. Without autonomy, safety cannot be maximized.
What are the different types of cybersecurity attacks?
Cybersecurity is a broad and complex topic. There are many different types of attacks that cybersecurity guards against, and their likelihood and potential for harm can vary greatly with each unique instance. For the sake of this discussion, we are going to focus on those attacks that can be more common or have the potential to be more impactful to the automotive realm:
Attacks to critical infrastructure
Let’s start with the broader, “big picture” risks. Critical infrastructure is measured at a national level. It provides services that are so essential to a society, that their incapacitation or destruction would have a debilitating impact on a nation’s safety, physical or economic security, or it’s public health.
Imagine a theoretical future scenario where most of the cars traveling on every interstate in the country are autonomous. Picture the entire national road system. Then without warning, the system is compromised, and a bad actor makes every vehicle in the country simultaneously lock its doors and hard brake to a stop, all at once, everywhere, and holds them all for ransom. Immediate payment must be made, or the car is bricked with the occupants locked inside. Or envision a terrorist attacking all vehicles by locking the steering and jamming all the accelerators to maximum speed, on every interstate, every vehicle. These are just a few examples of potential attacks to critical infrastructure, on a national level, with a debilitating impact.
Attacks on applications, systems, and processes
Applications make data perform useful work. They are tools, logic factories, and works of art, all rolled into one. Without applications, you have a pile of useless data in one hand, and in the other, a processor that is so dumb that it doesn’t know what to do or how to do it. Applications are connected to, and work in concert with, systems such as the infotainment system, and processes running at the Electronic Control Unit (ECU) level. Apps mesh these elements into a cohesive whole while acting as a vital interface with the humans they serve.
Applications connect to and communicate with every element in a digital system. Thus, applications carry both a high potential for usefulness and simultaneously, a high potential for vulnerability through unauthorized access and modification. That makes them a high-value target for attackers.
To compound matters, applications are vulnerable at every step in the software development lifecycle. Cybersecurity is not just a pass/fail test that is applied solely at the end of an application’s development. Application security must be applied during all phases of the application’s creation, including design, development, and deployment.
It is not enough to secure the databases, processors, and applications. All these elements must communicate with each other, and they do so over networks such as the internal automotive Ethernet, Controller Area Network (CAN bus), Local Interconnect Network (LIN bus), and others. In many instances, these networks can be vulnerable if not properly protected. And, to help ensure the security of these elements, the network connecting the vehicle to the rest of the world must also be secure. For a moving object like a vehicle, this network connection must be wireless. This type of network technology also brings with it unique challenges.
In the case of web applications running on a web server, their clients run on web browsers. Historically, these applications accept connections from the clients over insecure networks, which are vulnerable to man-in-the-middle (MitM) attacks. The vulnerability is significant, and a lot of bad things can happen in transit as the data passes from origin to destination. Along the journey, data can be intercepted, stolen, modified, and re-injected into the system to insert corrupted data or malicious code.
As the Internet has evolved, technologies have been created to address these types of vulnerabilities. But while some of the problems have been addressed, many other types of vulnerabilities remain. Threats continuously evolve, seeking out weak points and vulnerabilities.
The battle to fight these issues is like a never-ending game of Whack-A-Mole. For each vulnerability that arises, a solution must be developed, tested, and updated to the network and other system elements. The battle is constant, the challenges are never-ending, and the good guys are almost always playing reactive catch-up defense.
Security vendors are constantly introducing and upgrading solutions specifically designed to secure networks. Listing them all here would be far beyond the scope of this article. But some of the more general considerations include protecting the data itself while it is passing through the network, ensuring high availability, controlling the traffic and being able to differentiate good traffic from bad, blocking bad traffic when it is identified, protecting the system elements at both ends of the connection, and automating these tasks as much as possible.
Attacks on the Cloud
The term “cloud” refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world and are an integral part of autonomous vehicle operations. Wireless networks connect the vehicles to these cloud data centers. They are a critical link between the vehicle and the cloud, as a significant portion of the data storage and computational tasks take place in the cloud data centers, rather than onboard the vehicle itself.
Cloud computing utilizes a technology called virtualization, which creates a simulated, digital-only “virtual” computer that behaves on the system as if it were a stand-alone physical computer with its own hardware. With proper implementation, the virtual machines running on the same physical host machine are sandboxed from each other, so the virtual machines do not see each other or the data and applications of the other virtual machines. (In other words, a virtual machine has no idea it is virtual.) Because virtual machines are created as needed, and the cloud servers are interconnected, there is a great deal of flexibility, redundancy, and safeguarding via isolation. These characteristics greatly aid security and reliability.
Advanced Driver Assistance Systems (ADAS) take road images and send them back up to the cloud for others to use, and they also pull down data if the vehicle hasn't been to a specific area and needs to build an accurate map. Off-loading the bulk of the data and computational workload from the vehicle to the cloud greatly reduces the computation burden onboard the vehicle, reducing the weight, cost, and power consumption of the vehicle onboard computer systems. This in turn reduces the overall weight of the vehicle and thus the power required to move and operate the vehicle, resulting in smaller, lighter, and less expensive battery systems.
Without the practical aspects of cloud computing, an autonomous vehicle would require so many processors and storage disks to handle the onboard computing tasks, that the additional batteries needed to supply power to these devices and provide power to the cooling systems needed to keep these components healthy, would make the vehicle too heavy to move under its own power.
The flexibility of the cloud also enables users to access the same files and applications from almost any device, anywhere, anytime. As an autonomous vehicle is moving from one location to the next, it is utilizing that data, not physically storing it all onboard. The data relevant to that journey is constantly updated regardless of the physical location of the vehicle. The computational tasks are smooth and seamless and constantly up to date, a critical requirement when those computations are helping to control a vehicle traveling at highway speeds with people inside.
Keeping the cloud secure is a paramount concern. The automotive industry is presently defining what the optimal solutions should be and working towards consensus. The final answer will be some combination of secured purpose-driven networks and public systems, developed and maintained via a cooperative effort between vehicle manufacturers, cloud service providers, and the regulatory agencies of government, all detailed in vetted industry standards.
Attacks on the Internet of Things (IoT)
The Internet of Things (IoT) encompasses physical objects with sensors, processing ability, software, and other technologies, that connect and exchange data with other devices and systems over communications networks such as the Internet. Virtual personal assistants such as Alexa, Siri, Google Now, and others, can listen to voice commands and respond with contextual responses and the performance of pre-programmed tasks. Originally designed for home and office use, the capabilities of these devices are now being built into modern vehicles. Vulnerabilities in these devices (especially early 1st generation) have been well-documented in the press. While the industry has improved IoT security, many legacy devices remain connected to the system, and each one of these weaker, less secure devices is a tempting potential attack vector.
Generally speaking, the automotive systems that will be employed while the vehicle is underway are likely to be somewhat isolated and secured from the IoT realm as a whole. However, vehicles will still need to interact with IoT systems for select purposes, such as automatically opening and closing garage doors, pre-heating or cooling vehicles before a trip, alarm activation, maintenance management, and other tasks common in the owner-vehicle-home relationship. Each one of these features could also be a vulnerability if exploited.
However, these vulnerabilities can begin to arise before the vehicle is even completed. Industrial Internet of Things (IIoT) technologies, a manufacturing-oriented subset of IoT, are employed in the manufacturing facilities where parts are fabricated, and vehicles are assembled. These systems are typically more secure and more closely monitored. But if malicious code is inserted into the manufacturing process by, say, a disgruntled employee, and it is not detected, the quality of the manufactured components or their assembly could be compromised, and the future safety of the assembled vehicle could be negatively impacted.
Overall, the industry does not yet have a good standard to secure IoT; there are several ideas out there, but no mandatory compliance to an IoT standard has been defined.
What is ISO 21434?
Standards drive the industry and bring organization to chaos by defining the path for action. Effective deterrence must include broad and strict compliance with ISO/SAE 21434, a standard co-developed by the International Standard of Organization (ISO) and the Society of Automotive Engineers (SAE). ISO SAE 21434 “Road vehicles — Cybersecurity engineering” focuses on cybersecurity risks in the design and development of car electronics and embedded connectivity. The standard covers every aspect of cybersecurity from initial design to end-of-life decommissioning of a vehicle, including cybersecurity governance and structure, the application of secure engineering practices throughout the life cycle of the vehicle, and post-production security processes. The supply chain is also addressed in this standard, thereby encompassing each step in automotive production and support.
How do you achieve compliance?
Cybersecurity can be enhanced through the standardization of software architecture for automotive electronic control units. Adherence to ISO/SAE 21434 defines the standards to achieve and provides the roadmap to follow. Cyber Security Management Systems (CSMS) protect digital identity, maintain the proper management of access, and enhance overall digital safety. And for the European markets, United Nations Economic Commission for Europe (UNECE) Vehicle Regulation UN R155 deals with the general requirements for vehicle cybersecurity, while UN R156 deals with the specific requirements for heavy vehicles.
Perhaps the most important and effective means of achieving complete automotive cybersecurity will be found in industry leadership. It will be the leaders that will have to comprehend and embrace the importance of automotive cybersecurity, dedicate themselves to providing the time and resources to train their people and support them in their work, and instill the discipline to drive automotive security excellence from initial conceptualization through design, development, manufacture, and post-sale support.
Automotive cybersecurity is a broad, deep, and complex topic, but the importance of a secure system justifies the challenges and investment. This can only be achieved through complete commitment and excellence at every level. Teamwork and diligence will help ensure success across this most important realm.
Interested in learning more about Automotive Cybersecurity for your organization? Contact our team today!