Finding ways to prevent cyber attacks on vehicles has the attention of the global automotive industry as well as a few high school and college students.
The 3rd Annual Battelle CyberAuto Challenge featured a series of hands-on cybersecurity vehicle activities for teams of high school and college students paired with professionals from the automotive industry, academia, and government. Public sector participants were technical specialists with the National Highway Traffic Safety Administration (NHTSA), the U.S. Army Tank Automotive Research, Development and Engineering Center (TARDEC), the U.S. Department of Defense, the U.S. Cyber Command, and the U.S. Department of Homeland Security.
“Just like other security challenges before this, it is only a matter of time before hackers figure out how to access our increasingly connected cars. Our job is to stay ahead of them. By working together collaboratively--across industry, government, and academia--to design security into our systems, we can assure our vehicles and the data necessary to operate them remain secure,” said Lisa McCauley, Vice President and General Manager of Battelle Cyber Innovations, a non-profit research and development organization.
The July 13-18 event was hosted by Delphi Automotive of Troy, MI.
Battelle CyberAuto Challenge organizers required all team participants to sign a legally binding nondisclosure agreement, and media members were not allowed to observe the various team challenges linked to the cyberhacking of actual production vehicles.
According to Karl Heimer, Senior Research Director with Battelle’s Cyber Innovation Unit, each team had four high school students; four college students; three industry representatives (OEMs and suppliers); one or two government representatives; a science, technology, engineering and math (STEM) educator; a Battelle facilitator; and one or two ethical ‘white hat’ hackers.
Mirroring the auto industry’s trends, each of the four team’s cybersecurity tasks centered on the evolving world of connected cars and autonomous vehicles.
“It’s about proactively and intelligently engineering better solutions for this vehicle space than has existed within the IT community,” said Heimer. “We’re early enough in the process that we can take the lessons we learned from the IT industry and apply them to the emerging technologies and emerging communications infrastructures in the world of connected cars and autonomous vehicles.”
The Battelle CyberAuto Challenge explores “some of the hard problems that will face future engineers so that, as industry and government develop the sorts of jobs that require these types of engineers to be present, there will be the talent to design a secure transportation future,” Heimer said.
Incoming University of Michigan freshman Tyler Dence noted his participation in the challenge underscored “the immediate need for trained cyber auto engineers.” Dence plans to pursue a double major in computer science and mathematics, “so applying my passion to a practical application—cars—is an ideal career path because it also provides the opportunity to change the world for the better.”
Dr. Andrew Brown, Jr., Delphi’s Vice President & Chief Technologist in the Innovation & Technology Office, said having professionals interact with students in the various cyber-related challenges is highly beneficial.
“This challenge brings together young people who are building their knowledge in this area, which gives us an awareness of what they’re thinking. It’s important to understand how they think, how they approach (tasks) because not all of them are PhDs. So if it doesn’t take a PhD to crack into the vehicle system, we need to understand how they figured it out. It’s those kinds of learnings that we’ll benefit from,” Brown said in an Automotive Engineering interview.
As a supplier of driver interface, infotainment, safety electronics, and other components and systems, Delphi has a vested interest in cybersecurity.
“We’ve created what we call a cybersecurity center of expertise where we take the technologists who work in the area related to embedded technology, related to safety-critical systems, and they meet periodically to consider potential cybersecurity threats and look at alternative designs.
“We’re actively talking with other companies who believe they have safe and secure designs and asking, ‘Does it work in Delphi products? Does it make sense?’ We’re starting down that path because we realize others may have solutions that are applicable and will help us move faster in this arena,” Brown said. “We realize that we have to stay out ahead of those who want to do harm.”