How do we keep our cars safe from hackers?

Image of silver car on a road - Destination Certification

Securing our cars has become especially important now that they are more connected to the digital world. One of the major issues in automotive cybersecurity is that cars are immensely complex, which opens up many gaps for attackers to attempt to slip through. Another big problem is the potential consequences. A car screaming at 100 miles an hour is a weapon of immense power, and cybersecurity failures in this domain can lead to devastating amounts of damage.

In last week’s newsletter, we took a look at an example of how a car can be remotely attacked, with potentially devastating consequences. This week, we’ll dive into how we keep cars safe. The good news is that a lot of smart people have been thinking about the problem, and the field has matured substantially in recent years.

As one major development, the United Nations Economic Commission for Europe (UNECE) introduced Regulation No.155, which established rules for automotive cybersecurity systems. While the regulation technically only applies to cars sold within the 56 UNECE member countries, together these countries make up a substantial market. This makes it likely that many global automakers will design their cars to comply with the standard, otherwise they would have to either forego the market completely, or come up with specific designs just for these 56 countries.

What impact will the regulations have?

In essence, new cars and other vehicles have to comply with the stipulations set out in the regulations. One of the primary focuses of Regulation No. 155 is the requirement for manufacturers to have a Cyber Security Management System (CSMS) in place. The CSMS applies to:

  • The development phase.
  • The production phase.
  • The post-production phase.

This means that automotive manufacturers will need to demonstrate appropriate security processes throughout the entire lifecycle of the vehicles, from the planning stage through to their end of life. This includes risk assessment, categorization, and the adoption of mitigations. Ultimately, the process aims to reduce the likelihood of incidents that can lead to:

  • Unsafe operation of the vehicle.
  • Modification of software that alters performance.
  • Breaches of integrity or confidentiality.
  • Loss of availability.

Some of the major threats include:

  • Insider threats extracting vehicle data through backend servers.
  • Services from the backend server becoming disrupted, impacting the operation of the vehicle.
  • Loss of vehicle data from backend servers.
  • Sybil attacks that spoof other (nonexistent) vehicles on the road.
  • Unauthorized manipulation of vehicle code via communication channels.
  • Replay attacks, including those that can downgrade the firmware on an electronic control unit (ECU).
  • Eavesdropping on vehicle communications.
  • Denial of service attacks that prevent the vehicle’s services from operating normally.
  • Black hole attacks that block communications between vehicles on the road.

The mitigations listed in the regulations are relatively agnostic, giving manufacturers some leeway to address the threats in ways that are most appropriate for a given situation. As an example, to address insider threats to the backend server, it simply says, “Security Controls are applied to back-end systems to minimize the risk of insider attack”. This leeway doesn’t mean that manufacturers can essentially ignore the controls, just that they have some freedom to make their own choices about the best way to secure the systems.

The entire risk assessment process must be documented, with processes tested and updated as necessary. It also extends to managing the risks from suppliers. On top of this, the regulation stresses that threats and vulnerabilities “…shall be mitigated within a reasonable timeframe.”

So, how do we keep our cars safe?

The somewhat dull answer is that securing our cars is really all about processes, much the same as securing our enterprise systems. Yes, there are some unique concerns that stem from tons of metal traveling at high speeds, but it all starts with a detailed risk assessment. We need a thorough understanding of the worst possible outcomes and their likelihoods, and then we address them in a systematic manner. This helps us deploy the appropriate secure controls in a cost-effective manner.

Image of the author

Cybersecurity and privacy writer.

Would you like to receive the DestCert Weekly via email?

Your information will remain 100% private. Unsubscribe with 1 click.

Page [tcb_pagination_current_page] of [tcb_pagination_total_pages]

>