In our digital age, cyber security is part of the cost of doing business. We understand that we have to protect our digital lives, ever mindful that cyber wolves are constantly at the virtual door.
Now that vigilance that once applied only to our computer systems has spilled into the truck cab, where many truckers conduct both professional and personal business in cyberspace.
As more and more IT systems are deployed to better manage the operation of motor vehicles large and small (airbag sensors, emission control systems, etc.) OEMs are focusing on how to better protect them against cyber-attacks as well.
“Security is not just about technology,” said Dominique Bonte, VP and automotive practice director for consulting firm ABI Research. “It’s now about adopting end-to-end, balanced, and cost-effective risk management practices. That includes security-based design procedures, frequency/severity analysis, audit and monitoring policies, and detection and assessment of vulnerabilities through self-induced cyber-attacks to prevent malicious intrusions.”
Bonte said “connected vehicle security” so far has been mainly based on hardware protection and separation with infotainment and vehicle-centric safety systems shielded from each other. However, there’s now a shift towards software-based security systems with the expectation that 20 million connected cars are forecasted to ship with software-based security by 2020.
The Alliance of Automobile Manufacturers (AAM) trade group issued a report last year, noting that automotive engineers are now incorporating security solutions into vehicles from the first stages of design and production on through their use over time.
Security solutions developed for the automotive industry will soon find their way to trucks.
“As cars and other forms of transportation increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cyber-security is among the industry’s top priorities,” the group noted, with automotive engineers using “threat modeling” and simulated attacks test their security systems and to help design controls to enhance data integrity.
Other developments in “vehicle cyber security” reported in AAM’s report include the following:
- The International Society of Automotive Engineers, or SAE, has established the Vehicle Electrical System Security Committee to evaluate challenges and technical solutions and draft standards and best practices to help ensure the safety of vehicle electronic control systems and safeguards against cyber-security threats in current and future motor vehicles.
- The U.S. Council for Automotive Research (USCAR) formed a Cyber-Physical Systems Task Force in 2007 and participates in National Science Foundation workshops.
- Automakers are bench-marking cyber-security initiatives in other industries, including airlines, railways, and medical. The prevention strategies used in these industries include advanced security architecture, patch management, intrusion detection and prevention and cloud security measures, which are in varying stages of adaptation to the private vehicle environment, according to the Auto Alliance group.
- The Defense Advanced Research Projects Agency or DARPA is often associated with a competition to develop self-driving cars, but DARPA also funds projects to test auto security. In a 2013 project, researchers needed physical access to a vehicle in order to redirect some electronic functions.
For its CyberAuto Challenge, Battelle invited top-notched high school and college students to the U.S. Army’s Aberdeen Proving Grounds outside Washington, D.C., to work for a week alongside two dozen automotive engineers, IT researchers and government and Department of Defense officials to conduct an auto “hackathon.” The second CyberAuto Challenge took place last July.
Vehicle manufacturers participate in DEFCON conferences, like the 2013 event in Las Vegas, to contribute knowledge and expertise regarding cyber-security research involving motor vehicles.
“Research has shown that we can hack into your car and do most anything we want to your car,” said Andre Weimerskirch, an associate research scientist at the University of Michigan Transportation Research Institute.
A hacker could control a vehicle’s steering, brakes and lights, he said. Weimerskirch predicted automotive hacking would follow the same progression as Internet hacking — from pranksters to serious criminal activity, like the theft of credit card information from retail stores.
“If transportation cyber security follows the path of the Internet, we will see real-world cyber-attacks within five years,” he said.
Vulnerable points in a vehicle include systems such as adaptive cruise control, parking assist and pre-crash braking, as well as telematics. As Weimerskirch put it, “Pretty much every interface the car has can be used to manipulate the car.”
Weimerskirch said automakers, governments and industry groups such as the Society of Automotive Engineers take the threat seriously and are developing security systems.