Automotive cyber security is moving to the front of the line of industry concerns, and panelists at the recent 2015 Los Angeles Auto Show's Connected Car Expo outlined approaches that the industry should take. A pair of loud wake-up calls were cited by Andre Weimerskirch, a research scientist at the University of Michigan's Transportation Research Institute.
The most noteworthy auto cyber hack was a project by Chris Valasek and Charlie Miller, now researchers at Uber Advanced Technology Center, in which they remotely could apply or disable the brakes, even kill the engine and affect steering. Their work, applied to a 2014 Jeep Cherokee, through the UConnect infotainment system with Sprint cellular, led to a Fiat Chrysler Automobiles safety recall on a wide range of models. The control was exercised without physical access to the vehicle itself.
Still another security researcher, Corey Thuen of Digital Bond Labs, claimed he had reverse-engineered the Progressive Insurance dongle, and performed limited functions that indicated it was vulnerable. The dongle, supplied by Xirgo Technologies, monitors driving patterns, reports via cellular, and the information is used to adjust policy rates.
"Hack into everything"
Those were just examples, Weimerskirch said, adding, "we can hack into pretty much everything that's out there." A fearsome issue he cited: an attacker just needs a tiny bit of automotive background because, assuming familiarity with enterprise IT, he/she can hit the car.
Cadillac's announcement that it will introduce V2V (vehicle-to-vehicle) communication on the 2017 CTS gives a sense of urgency within the industry, as the rest of the industry is preparing to do the same. But, he pointed out, the car raises concerns beyond electronic communication via smartphones and computers. Weimserskirch noted three primary issues: "safety, a super complex supply chain with hundreds of suppliers, and a complex product—the car with thousands of components."
The auto industry, of course, is looking at what other industries are doing, Weimerskirch said, but there is no other application in which the auto industry could just adapt its cyber security solutions. Enterprise IT, which deals with the hardware and control software systems used by large operations, must be cyber-secure, but it doesn't involve the same level of safety or mobile use. SCADA (Supervisory Control and Data Acquisition) deals with industrial controls, so safety is involved, but not mobile use. Smartphones, he said, particularly the iPhone, has developed relevant solutions, but not in the area of safety. "However, [the] iPhone does a lot of stuff right," he added.
Some 15 years ago, Weimerskirch continued, researchers saw the value of more resilient electronic architectures with formally verified source code and interfaces, and today we're still not using them."So let's start," he urged.
Fusing to raise confidence level
The move to autonomous driving, he said, will bring in use of various types of radar sensors, cameras, and wireless. Each can be hacked, with wireless the easiest and cameras the hardest. Although cameras can be blinded, their images can't be forged. Lidar and radar sensors are somewhere in between, he told the forum.
So the approach, Weimerskirch continued, must be to take the security levels of wireless, sensors, and cameras, and fuse them into a system that raises the total confidence level to an acceptable perch. That is likely to mean that some features will have to be limited until the security level can be made high enough.
This work will require trained talent, observed Karl Heimer of AutoImmune, a cyber security consultant to the State of Michigan. There are no cybersecurity engineering degree graduates, because there is no degree program in the subject. A curriculum is needed, he said, including a good background in hardware/electrical engineering, education in computer science, and how automobiles work.
The degree program, he added, also should include internships at either an OE manufacturer or supplier and a hacking company. "You don't get to understand how break-ins occur by being with a maker or developer," he said. So the interns have to live with the people who actually do the hacking. The objective is for the OE to end up with cyber security people who can work in development or assessment/quality assurance.
He noted that each OE maker and supplier has different needs and therefore likely different approaches, but the Michigan Economic Development Corp., working in curriculum development, is trying to establish a common base that colleges can adopt.
New initiatives, legislation
Cyber security education opportunities are proliferating, the panelists agreed, pointing to the annual SAE Battelle Cyberauto Challenge, a five-day workshop to identify trends in the field (the next is July 25-29, 2016)
David Strickland, an attorney who once headed NHTSA, noted that legislators already are in the fray, with the SPY Car Act of 2015 requiring vehicles to be "reasonably" equipped to protect against hacking, including intrusion detection systems. Naturally, Congress doesn't know how to do this, so it assigns the job to NHTSA and the Federal Trade Commission.
He also pointed to Auto ISAC (Auto Information Sharing and Analysis Center), a consortium which has just gone live. Strickland described it as a foundational step to share information about cyber threats among industry members, who include carmakers and suppliers.
Forum attendees expressed concern about the possible effect of OE cyber security measures on the access of independent mechanics and their test equipment to the vehicle's CAN (Controller Area Network) buses, which also are entry points, via infotainment systems' wireless, for hackers.
Security effect on features
Weimerskirch said security, therefore, must be by design, not by obscurity (denying access to the information); "we know how to do that." The other panelists agreed. Heimer added that it should not be necessary to hide the contents of a packet needed for diagnosis, and secure design would prevent it from being changed or the command it contains not going through.
Cyber security is likely to affect the maximum performance of some features, the panelists agreed. Weimerskirch said, for example, that the distance maintained between a roadway line of cars might have to be increased because if the wireless were hacked, the system would have to fall back on readings from radar and camera with on-board adjustments. Heimer added that car owners might have to be limited in what they can download; "you can't burden an OE" with the threats of any download choice the driver makes.
To improve vehicle protection against cyber threats, "over-the-air" software updates are essential, the speakers conceded, pointing to Tesla's success in that area as a superior approach to sending out flash drives for owners to use. Other makes have indicated their future intentions to do the same.