As connectivity expands throughout the transportation industry, it’s transforming security from door locks to firewalls and antivirus programs. That’s creating a lot of concern as vehicle suppliers and even U.S. FBI (Federal Bureau of Investigation) agents consider the potential impact on the nation’s transportation infrastructure.
“What keeps me up at night is the possibility of people committing cyber attacks that destroy something in the real world, like vehicles or the power grid,” said David Martin, an FBI cyber specialist. “Individual people can do a lot of damage without setting foot in our country.”
He joined aircraft and vehicle representatives during the “Technical Expert Panel Discussion: With connectivity, comes risks - cybersecurity and safety” at the 2015 SAE World Congress. Vehicle manufacturers also expressed concern that their equipment could be hacked.
“Vehicles are in the field a long time,” said Caterpillar’s Paul Bierdeman. “It scares me that a hardware security module (HSM) with a private key on a vehicle that has to be maintained over that long period. The HSM won’t always be connected to the same controller it had at the beginning. There will be some service issues.”
OEMs and their suppliers have already begun implementing plans to alleviate these fears. Many are making cybersecurity a part of their strategic plans.
“The approach in the past was reactive, responding when someone broke in or was stealing information,” said Timothy J. Kilworth of Deere & Company. “Now companies are being more proactive, learning about how attacks take place and are closing the gaps.”
Technical design teams must take a long-term view of cybersecurity. Threats evolve as attackers find new vulnerabilities, so protective schemes must also change over time. Equipment must be flexible enough to thwart hackers, terrorists, and people with vendettas a decade or more after it leaves the production line. Developers can leverage the experience gained in other industries.
“We’re seeing similar issues in industrial control; systems that were deployed 20 years ago can’t be upgraded, so people have systems with known vulnerabilities,” Martin said. “You don’t want vehicles to get 10 years down the road and have systems that can’t be updated.”
Myriad issues make it quite challenging to protect connected vehicles. Strategists must balance the needs of many different groups.
“Privacy is a major concern,” said Andre Weimerskirch of the University of Michigan. “Companies need to protect the end user.”
Another aspect of privacy comes as heavy equipment is used in the field. Vehicles will hold critical data that’s valuable to competitors who may want to eavesdrop on wireless communications.
“A lot of mining fleets are used by companies that aren’t large who have competitors that are close by,” Bierdeman said. “If a neighboring mine can tap signals and determine what they’re doing, it would not be a good thing.”
Martin added that equipment makers can benefit from working with law enforcement. If hackers attack a vehicle fleet, police and others may be able to help prevent damage or find the attackers.
“We need to be able to get data when someone launches a major cyber attack,” Martin said. “We try to find a balance. We don’t want to over-collect, we don’t want to sift through tons of data to find a bad guy.”
Equipment makers are looking at many different techniques and technologies. Audience questions prompted a discussion of open-source software. It’s beneficial because several people have typically vetted the code, but dangerous because programs could hold a hidden vulnerability. At Boeing, that limits where it can be used.
“For non-essential programs, we can use open source,” said James Huffaker of Boeing Commercial Airplanes. “Even then, we have to demonstrate that it can’t be hacked.”
Though security is a complex issue, protective technologies shouldn’t be intrusive. Programs that encrypt data or perform other security tasks can’t curtail performance.
“Customers expect to turn the key and get a response,” Bierdeman said. “Security will cause delays. We hope to find the best of both worlds, to perform security tasks and provide response quickly. One question is whether 100 milliseconds is acceptable.”
Security tasks that involve humans must also be simple to use. For example, passwords can’t be so complex that people turn to workarounds.
“Security and convenience are major issues,” Martin said. “If the password needs to be 16 characters with a mix of capital letters and numbers that have to be changed fairly often, people will start subverting the system.”