The proliferation of IoT smart devices and sensors in the automotive industry promises to deliver safer vehicles, which will be less likely to be involved in “traditional” road accidents saving the lives of millions of passengers worldwide. However, these connected vehicles will become more prone to cyberattacks.
Researchers indicate that connected cars will be vulnerable to remote DDoS attacks, ransomware hijacks, or encryption attacks. In fact, in 2015, two security researchers hacked into the infotainment system of a 2014 Jeep Cherokee, and disabled its brakes, shut down the engine, and controlled the steering wheel from a remote location.
Connected and Autonomous Vehicles Cybersecurity Expert Ikjot Saini says that, “Such attacks elevate the risks associated with the smart car systems and indicate that there have to be diligent measures taken before rolling out these vehicles on the road.”
Failure to do so would have a direct impact on human lives.
The connected cars threat landscape
As more and more car manufacturers continue to introduce digital capabilities in modern automobiles, the more their threat landscape will expand. These new vulnerabilities create more opportunities for malicious actors to disrupt the cars’ driving and safety functions. The examples are numerous.
An article from Car and Driver outlines an increasing number of 2020 vehicles come with Wi-Fi hotspot as standard. Many economy vehicles come with enabled IP addresses as soon as they leave the factory.
The recent denial of service (DoS) attack in 2020 that targeted Tesla’s Model 3s via a web browser is another indication that attackers will leverage a car’s wireless connectivity and cloud environment to disrupt critical functions. The Tesla attack was able to disable vehicle navigation, cluster, turn signals, autopilot notification, and more.
Security gaps and vulnerabilities may also occur when modern, connected devices are layered on top of legacy automotive networks like the CAN bus. These connected devices can inadvertently expose sensitive systems to open networks and leave them vulnerable to malicious exploits. Finally, key fobs also present risks since adversaries can use a combination of signal repeaters and amplifiers to “trick” vehicles into providing access.
Security-by-design approach
A recent McKinsey report highlighted that:
Vehicle manufacturers must develop secure vehicles from step one of the production process by adopting state-of-the-art practices in hardware and software engineering, [ensuring] that vehicle types [and adjacent ecosystem components that might impact vehicle safety and security] are designed, built and tested for security issues and any cyber risks are mitigated properly.
“This is exactly what the automotive industry should aim for,” says Nathaniel Meron, Chief Product and Marketing Officer at C2A, “Ensuring that security is assessed and addressed in the first stage of the vehicle life cycle, and ensuring ongoing accountability.” According to Meron, a security-by-design approach is hugely beneficial, stating “trust, visibility and a considered approach to risk assessment produce a desirable automotive cybersecurity outcome.”
Government agencies and other automotive stakeholders should invest in initiatives that promote the security-by-design principle. For example, General Motors hired a chief product cybersecurity officer for the first time in its history to fortify its cars against future threats. This is a fine example for all automobile manufacturers to follow, considering the increased cyber risks.
On the government front, the UK government has issued a set of cybersecurity guidelines for smart cars as early as 2017, compelling automakers to prioritize cybersecurity in manufacturing cars. These regulations protect car owners against any misuse of their personal data, hold manufacturers accountable to manage the system software throughout a car’s lifespan, and put stringent rules to ensure that the car systems are secure in general.
In November 2019, the European Union Agency for Cybersecurity (ENISA) also released a report that outlines cybersecurity best practices categorized by the risks, opportunities, and attack scenarios. The report also provided European as well as international legislative, standardization, and policy initiatives to foster harmonization.
The United Nations (UN) recently drafted new rules holding national governments responsible to scrutinize newer cars for cybersecurity protections before allowing them to go on sale. The UN rules went into effect in June 2020 after an agreement between 53 countries such as Japan, South Korea, and the European Union.
Finally, in the United States, the National Highway Traffic Safety Administration (NHTSA) released the draft Cybersecurity Best Practices for the Safety of Modern Vehicles. The publication is intended to:
Serve as a resource for the industry and covers safety-related cybersecurity issues for all motor vehicles and motor vehicle equipment. It is applicable to all individuals and organizations involved in the design, manufacture, and assembly of motor vehicles and their electronic systems and software.
Risk and threat assessment as the foundation of secure connected cars
Cybersecurity considerations should encompass the vehicle’s entire lifecycle, which includes conception, design, manufacture, sale, use, maintenance, resale, and decommissioning. It is important not to focus solely on the car’s design phase and forget the other phases of the lifecycle once the vehicle is on the road. Monitoring and management of the vehicle’s cybersecurity posture should be an ongoing task.
The ENISA guidelines state that vehicle manufacturers should:
Perform a cybersecurity risk analysis from the very early stages of the design process, and which should be revised at least annually and upon any major change or in case of critical security vulnerability detection or critical security incident.
This is similar to the NHTSA guideline that:
The manufacturing process should include a cybersecurity risk assessment step that is appropriate and reflects mitigation of risk for the full lifecycle of the vehicle. Safety of vehicle occupants and other road users should be of primary consideration when assessing risks.
With the ongoing connectivity of IT and OT processes and infrastructure in the automotive industry, having the capacity to identify early enough hazardous conditions and their consequences to connected cars’ reliability is essential for passenger and citizen safety.
The digitalization of crucial vehicle components and the IT – OT convergence in the automotive industry introduces many new challenges besides benefits. Managing and having oversight of cyber risks is one of the critical challenges. The increased threat landscape raises the cybersecurity profile as a strategic risk. It is essential to understand that cyber-related risks in smart cars go beyond the vehicle itself and have a direct physical impact.
This significant risk must be mitigated, and vehicle cybersecurity should not be focused solely on traditional IT security controls. The extensive and complex supply chain involved in car manufacturing requires a disciplined approach to examining and addressing the cyber-physical risks.
A comprehensive cyber-to-cyber, cyber-to-physical, and physical-to-cyber risk-based approach to automotive cybersecurity will allow for the seamless management of all cybersecurity risks throughout the vehicle lifecycle. It will provide visibility and insight to select optimal mitigations.
The comprehensive risk management process will allow car manufacturers to:
- Know their major risks.
- Understand the size of their attack surface.
- Assess the criticality of their digital infrastructure based on the vehicle types.
- Inventory connected systems and then use this intelligence to add resilience in a targeted and prioritized manner.
How ORIGNIX can help
Boards need to continuously assess their effectiveness in addressing cybersecurity, both in terms of their fiduciary responsibility as well as their oversight of management’s activities. Our cyber Process Risk Analysis (cyberPRA) and cyber Operations Resilience Management (cyberORM) services work together and can be scaled to meet the custom needs of critical infrastructure clients.
ORIGNIX delivers bespoke cybersecurity engineering services for inherently safer design and operation of industrial processes. We utilize systematic cyber and operational risk assessment using well-established techniques and templates. Our cyberPRA methodology identifies potential gaps, hazards, vulnerabilities, and independent protection layers associated with engineered industrial processes at plant facilities. Our cyber Hazard and Operability (cyberHAZOP) study is a component within cyberPRA that helps clients systematically identify and qualify the risks on their cyber-physical systems (CPS) availability and reliability. Our cyberORM system framework can help you fast-track and achieve the desired functional and strategic risk tolerance level of your CPS. Our methods are based on recognized and generally accepted good engineering practices (RAGAGEP), including internationally recognized industry standards ISO 27001/2, ISA/IEC 62443, ISA/IEC 61511, and NIST 800-82.
For more information, click here.