Cyber Security – a Holistic View
All-in-one Future Design based on Functional Safety, Cyber Security and Data Privacy
What is Cyber Security?
Connectivity influences more and more all aspects of life. In times where our wallets are connected with our smartphones, our smartphones are connected with our cars and our homes, and these are again connected with the outside world, securing these connections becomes one of the key challenges of modern times. Due to the ubiquitous connectivity in everyday life, cyber attacks have become one of the major threats in both private and business life. Therefore, Cyber Security can be classified as one of the crucial success factors especially for organizations, regardless of the industry they operate in. Cyber Security can be described as security measures, that are targeted on protection of networks, computer systems and cyber physical systems against theft or damage of hardware or software, as well as compromising of the data, these systems are generating and processing. By implementing strong Cyber Security measures, organizations can ensure that their daily processes, but also products, services and their respective functionalities are operating reliably while users and customers can enjoy maximum user experience.
In order to remain able to handle the challenge that is the increased cyber threat landscape, it becomes crucial for organizations to equip themselves with an holistic Cyber Security concept that provides maximum protection against current and future risks, both within the organization and their products or services. The market for Cyber Security solutions is growing rapidly and subsequently offers large business opportunities for new players to emerge and for existing companies to diversify. As part of this transformation, DEKRA offers suitable solutions to the market for organizations and individuals to stay secure now and in the future.
Cyber Security and the Development of Cyber Physical Systems – from IT to Vehicles to the Internet of Things (IoT)
The IoT has become an integral part of everyday life throughout society, as we connect all sorts of things to one another, while expecting a considerable increase of comfort. Nowadays a myriad of billions of sensors are installed on consumer goods, smart home objects, vehicles and other devices from all industries and collect a gigantic amount of data – all day, every day. The data that is gathered can then be processed by subsequent algorithms in order to shed light on consumer behavior, traffic congestion, crime statistics and basically any tendency that is suitable or desirable. This trend has opened up new business models for organizations around the globe, enabled new companies and branches to emerge and has, in summary, changed the way we live, work and behave as a society. However, while we live and experience the IoT on an user-based level everyday, it is important to dive deeper into the mechanisms of IoT and the challenges that are implicated.
The IoT as a whole can be seen as a so called cyber-physical system, which describes a combination of information and software with mechanical and electronic parts, which communicate using a data infrastructure such as the internet. Since IoT devices are supposed to communicate constantly while also being able to be connected to countless other devices, the IoT poses one of the biggest challenge regarding security and data privacy in modern times. And while many security aspects related to IoT are not necessarily new and can be transferred from classic IT security, the characteristics of some IoT implementations present new security challenges, threats, and risks that are highly diverse and evolving rapidly. With the continued rapid evolution of IoT technologies and the potential to virtually connect anything with a sensor, it is very difficult to grasp the impact of the advancement of IoT on digital cloud-based services in the future. Therefore, an holistic approach to Cyber Security as a system function is one of the key success factors for organizations on their way to a complete and sustainable business model.
However, security measures from the IT environment cannot be simply copied to IoT systems. The problem is that these measures have to be adapted to wireless communication of several control units, sensors and actuators. To make Cyber Security work sustainably within IoT devices, and especially in vehicles, manufacturer as well as users must have the right amount of awareness of the specific risks that can potentially occur in the IoT environment. At the same time they need to be aware of the available security solutions. One of the main problem of IoT devices is that they often do not include security protections because of their basic conditions: little bandwidth, little computing power and a low power consumption.
In summary, the IoT opens up great potentials for business opportunities, user experience, improvement of everyday life and for social change. However, while ubiquitous connectivity might increase overall convenience and ease of living, the IoT is one of the biggest targets for cyber attacks of any nature. With an entire array of sensors, actuators, devices, networks, platforms, and applications that require sustainable security at every system level, the entry points that have to be secured are almost innumerable. Furthermore, IoT systems are becoming more and more complex and must, among other characteristics, also be suitable for security analyses and measures along the entire product life cycle as well as the software (SW) and hardware (HW) value chain in order to secure the used data. Safeguarding IoT applications also depends on protecting all the systems involved, such as the IoT devices themselves, the cloud backend and services, applications, maintenance and diagnostics tools, and more. Nowadays, the majority of IoT users are not yet fully aware of the potential threats and protection approaches when navigating through the connected but complex world expecting fully safe and secure products and services. Handling this dichotomy will be one of the tougher challenges of manufacturers and society alike.
Infotainment and Telematics shape the Evolution of the Connected Car
The first connected vehicle technology concepts have been around since the mid 1990s. Ever since then, these features have changed user experience, safety and entertainment in a drastic manner. Voice assistants, safety features, parking cameras and many other functionalities that we do not want to miss, have become standard equipment in modern vehicles, leading to more a more convenient driving experience, fewer road accidents and improved overall safety and wellbeing. Furthermore, the connected features of modern vehicles can help reduce traffic congestion and greenhouse emission – apart from switching to electric mobility – through services such as intelligent routing, which is enabled by gathering loads of data from several vehicles on the road and mapping them against current traffic flow. In addition, these advancements not only improve many aspects of passenger travel but can also greatly enhance the way freight traffic is handled in the future regarding safety, environmental issues and delivery quality.
As previously mentioned, user experience is one of the main focus points of current connected vehicle generations. In the center we find the so called infotainment system. A mix between information and entertainment, it enables the driver and all passengers to listen to music or play games while always being updated with real-time data regarding traffic, weather or other useful information. The information itself is provided through the internet, radio, television, and other interfaces via the in-vehicle-infotainment system (IVI).
However, connected cars cannot only deliver top level infotainment, but offer a variety of safety features, enabled through telematics. These telematic functionalities are the basis for advanced safety features such as:
- ADAS – Advanced Driver Assistance Systems help to improve safe driving and execute smoother driving with features such as blind spot detection, lane assist, adaptive cruise control or emergency braking
- HFCPI – Hands-free cell phone interfaces allow drivers to do phone calls via a bluetooth connection while being able to concentrate on the road ahead
- EWS – Emergency warning systems protect vehicles from upcoming dangers. They are mainly developed to find an international standard of communication between vehicle-to-vehicle (V2V) and vehicle-to-x (V2x) communication, which have mainly roadside characteristics
- Satellite navigation – Telematic concepts using GPS to locate a position, route planning and trip navigation
- V2V – Vehicle-to-vehicle communication is the direct information exchange between vehicles to act as a warning system of road incidents, e.g. accidents ahead or other factors caused by weather conditions
The evolution of the connected car is one of the key achievements of the automotive industry in the last years and will continue to grow and evolve, with new potential features being developed on a steady basis. Connectivity is also one of the key drivers behind innovations such as autonomous driving of the future and will therefore most likely lead to constantly increasing budgets of organizations for Cyber Security purposes. However, even though these features are increasing safety and driver experience by a big margin, the fact that the vehicle itself becomes a part of the IoT opens the door for various cyber threats and makes the current mobility environment one of the most interesting target points for criminal attackers.
Raising Awareness for Cyber Security in Automotive IoT
Over the last few years, only a few cyber attacks have made it into the international press. The majority of all attacks stay under disclosure and are not reported to any official body, as most of the affected companies are reluctant to talk about cyber attacks in order to not lose their customers’ trust. Still, the number of actual cyber attacks on several organizations and their products and services around the globe and across all industries is considerably higher than reported in our newspapers and online media.
Image: Cyber Security covers a wide range of terminologies (Source: DEKRA Digital GmbH)
Today, sophisticated cyber attacks can be executed with powerful tools that do not necessarily require in-depth Cyber Security knowledge. Even though the complexity of malware is steadily increasing, the knowledge required to merely execute an attack is decreasing rapidly due to the development of tools and automation mechanisms that make it easy for attackers to launch a cyber attack.
Another facilitating factor is the knowledge sharing within the hacking scene. The recent cyber hacking conferences Black Hat and DEFCON in the United States displayed special formats called hacking villages, where there is space for discussions and knowledge transfer about current hacking trends, new methods and the latest gadgets. This year the focus was mainly on hacking ships, aircrafts and medical equipment, which, among other developments, shows the increasing necessity for profound Cyber Security across all industries and devices within the IoT. Smart buildings and infrastructure in smart cities as well as connected machines or manufacturing facilities in industry 4.0 settings are predicted to be the next victims of cyber attacks.
Image: Main threats in connected devices (Source: Epoche & Espri)
In the past a car could be classified as a finite ecosystem of its own. The boundaries were set at the physical endpoints of the vehicle, which were the body and the wheels and the vehicle was usually opened and started using a mechanical key. The main external resource required to run the vehicle was gas, which was obtained from a gas station. However, over the years this situation has changed due to the rise of the integration of infotainment systems and connectivity into vehicles. A keyless door opener was one of the first devices, followed by an interface for diagnostics in the garage. Nowadays it is common for a passenger to connect their smartphone to the radio system and heat up the interior via an app from a distance.
Around the same time the car started to be equipped with sensors, which analyzed the surface on the roads and surrounding activities of the vehicle as well as its location as a basis for location based services and tailor-made advertisement. This was the beginning of the transformation of the car from being just a mobility tool to a mobile data collector. Followed by the connected vehicle, the entire mobility landscape started to be connected and more and more devices were slowly entering the biosphere of the IoT. Parking spaces were equipped with sensors to share the next open parking slot with other users, payment systems paved their way into smartphones and smart home solutions are also starting to be integrated into the vehicle system. The result of this constant connectivity is a vast amount of data, which is then made available through a smartphone as the final user interface closing the circle on the new ecosystem. The car, once at the center, has almost been degraded to merely one point of data collection among others within the mobility and user environment. In the meantime many more parties are involved in shaping the connected world of tomorrow, such as:
- Drivers and/or vehicle owners
- Vehicle manufacturers, suppliers and service stations
- Public authorities for traffic, mobility management systems and scenario catalogs for safe and secure autonomous driving
- IT service providers for additional services
- Banks and providers of payment services
- Many other players who might not yet be emerging or visible
Image: The connected car ecosystem (Source: magility GmbH)
Due to the amount of new players in the ecosystem of the connected car, the entire range of offers from the automotive industry and other relevant stakeholders pushing into the market will be changing in the near future, making connectivity one of the key drivers and enablers for sustainable business models in the upcoming new generation of data.
Image: Connectivity as a key enabler for new business models within the scope of vehicles (Source: DEKRA Digital GmbH)
As vehicles are being equipped with hundreds of sensors to monitor all kinds of operations, modern cars are on their way to become more and more autonomous. Current vehicles available on the market are already able to travel certain distances absolutely on their own – such as the Tesla Model S – while many others are at least able to accelerate and decelerate on their own, while keeping a constant distance to the car ahead and staying in their designated lane. These features can all be classified into five levels of autonomous driving, as published by the Society of Automotive Engineers (SAE):
- Level 1: An automated system that sometimes assists the human driver in conducting some parts of the driving, such as distance warning in stop and go traffic
- Level 2: An automated system that can conduct some parts of the driving task while the human monitors the driving environment and executes other driving tasks. For example, drivers are able to leave their feet off throttle or brake because a distance detection via radar, lidar, video or other sensor techniques takes over the task
- Level 3: Automated systems that can conduct some parts of the driving task as well as monitor the driving environment in some circumstances. However the human driver needs to be ready to take back control of the vehicle when the systems demands it. For example, an autonomous driving function that demands the control for steering after a certain time.
- Level 4: Automated system that can conduct the driving task and the driving environment but does not need a human to take back the control of the vehicle. The system can operate under certain conditions, such as a specific lane for autonomous vehicles that is separated from regular traffic.
- Level 5: Automated system that can perform all driving tasks and monitor the driving environment under all conditions. Many concept studies have even eliminated the driver seat for a human driver. This is the fully automated version of an autonomous vehicle, highly connected and equipped with highly advanced technology.
While many new vehicles are already able to perform at a level somewhere between 2 and 3, in order to achieve a fully comprehensive fleet of level 5 vehicles, there are still many barriers and issues that need to be resolved. One of the key aspects is a definition of rules and regulations for fully autonomous vehicles, regarding potential problems that can arise due to technological problems or cyber security liabilities. Furthermore, fully autonomous vehicles do not seem to have full acceptance and trust amongst the majority of drivers, as the technology itself does not seem to be mature enough yet to convince potential passengers of the enhanced convenience and safety that it brings with it.
Image: A self driving people mover currently driving on test lanes at Level 4 autonomous driving (Source: DEKRA Digital GmbH, photo shot at CES 2019)
Shared and Services
Over the last years the automotive industry has experienced a drastic change in the way customers perceive and live mobility. While cars are still as popular as ever, customers have shifted their demands more and more to on-demand mobility instead of processing their own vehicle. Companies like Uber, Lyft, Gett and many others have disrupted the market by offering fast on-demand mobility, enabling people to always be mobile and flexible, whenever, wherever. Other companies, such as Daimler and BMW with their ridesharing services Car2Go and DriveNow, which are now merged, have identified this demand and are offering vehicles to be used by anyone, at any time. This trend has lead to so called multi-modal end-to-end mobility solutions, which are essentially the service offering for customers to get from point A to B at any time, using any kind of mobility service. As a consequence, the mobility market has experienced the rise of new business models, with a new role for the car itself which no longer forms the center but rather a building blog on the way to a comprehensive network of mobility solutions.
These new business models pose many advantages for the suppliers, which are often the large vehicle manufacturers, as stated previously. On the one hand, providing new services increases the opportunity of car manufacturers to make money. On the other hand it also helps to familiarize customers with new powertrain technologies, such as electric drive, which in return drives the overall acceptance of newly introduced electric vehicles.
Looking ahead, the combination of smart services with the proceeding development of autonomous vehicle technology could chance the business and mobility landscape drastically. Mobility on demand paired with fully autonomous vehicles waiting to be reserved could decrease urban traffic and carbon emission immensely, while at the same time maximizing value and minimizing total cost of ownership.
Electric Mobility and its challenges and risks
Current debates about global warming and climate change have caused automotive manufacturers to rethink their corporate social responsibility. Therefore the automotive industry has seen a shift towards big investments into electric vehicles that are gradually pushing into the market. Furthermore, this push has caused plenty of new players to enter into the automotive market, either as an OEM or as a supplier. However, next to entirely new development cycles and technology aspects, electric mobility brings plenty of new challenges and risks regarding Cyber Security.
To recharge electric vehicles batteries is still not a matter of just a few minutes but lasts considerably longer. The charging stations are most often connected to a grid, while featuring technologies such as payment services or other connected services. Furthermore, these charging stations are rarely operated by car manufacturers themselves, but rather by energy providers or other third parties. Hence the vehicle is vulnerable to potential cyber attacks that can easily be carried out by compromising a charging station and its connected services to get access to the vehicle and its data or to manipulate the battery.
Image: The complex cyber attack surface of an electric vehicle (Source: magility GmbH)
Manipulating a car battery and its subsequent powertrain can have grave consequences. By compromising the battery management system, the battery can be caused to overheat, leading to heavy damages or even explosions that can be highly dangerous or even fatal for the passengers. The battery can also be manipulated, as to causing the vehicle to stop or deplete the battery of its charge, leading to severe traffic disruption or accidents. Multiply these scenarios to a connected fleet of electric vehicles and the consequences could be enormous, both monetary and from a public safety standpoint.
The nature of an electric powertrain is much more complex than the one of a non-electric vehicle. Therefore potential exploits are at a considerably higher number and Cyber Security protections are even more difficult to implement due to the increased attack surface an electric vehicle presents, which, at the same time, makes the implementation that much more costly.
Growing Complexity requires Knowledge Networks
As new vehicle generations are being developed and new technologies are being implemented, new players are heavily pushing and disrupting the market. While vehicle manufacturers and suppliers have known most of their competitors from a more traditional experience, new competitors from formerly underestimated or unknown fields have taken their knowledge from alternative sources and are currently applying it intensely to highly demanded areas, such as sensors and computing units. This higher competitive pressure along with the rapid change in technology, increases the overall complexity of the automotive environment, calling for all players to establish strong cooperation networks with competitors and research institutes, in order to stay up-to-date. Over the last years it has shown, that co-operations with specialized knowledge partners, such as Cyber Security startups mainly from Israel, have proven positive.
Additionally it becomes more and more important to increase knowledge transfer and strategic marketing by being present on leading Cyber Security fairs such as DEFCON or Blackhat conference, where the latest Cyber Security knowledge is shared and exchanged. Simultaneously, it is of high importance to be part in the most important Cyber Security regulation bodies, such as UNECE or ENISA. Companies that are taking part and actively shaping the future regulations and standardizations of Cyber Security will be one step ahead for upcoming threats and challenges.
Big Challenges for the TIC Industry
With more and more connected and increasingly electric vehicles on the streets, the fundamentals of testing and inspection services will change. Due to the growing connectivity in road traffic, it will no longer be sufficient to check vehicles only for their Functional Safety. The data connections that go in and out of the vehicle also present further entry gates for cyber attacks, thus there will also be procedures for testing and inspections for Cyber Security functions in the vehicle along with new laws and technical standards that must be observed and approved by an external company.
While the Periodical Technical Inspection (PTI) of the past has mostly been associated with combustion engines and powertrains, more and more vehicles have an electric powertrain, which not only requires the usual PTI processes, but also includes periodical testing of the reliability of battery functions. Therefore, TIC companies must acquire knowledge in battery technology in order to test, inspect and certify Electric Vehicles (EV) components, such as the battery management systems and high voltage inverters, as well as electromagnetic compatibility.
Furthermore, since electric vehicles are only one singular part of an entire electric mobility ecosystem, it would be beneficiary, if TIC companies were able to understand the holistic end-to-end system, including charging stations in order to gain a comprehensive picture and comprise a full service catalog.
Another key challenge in modern vehicle systems is the immense amount of sensors that are integrated to serve several functionalities. Testing and inspection companies must acquire a broad knowledge of all kinds of sensor technologies, as all types of automotive sensors need to be calibrated and evaluated regarding Functional Safety and Cyber Security. If these sensors are not holistically checked and monitored they can be subject to hacking or manipulation, leading to potentially harmful or even fatal results for the driver, passengers or other traffic participants. Not only sensor technology is a key area of knowledge that must be addressed, but moreover the entire electric and electronic vehicular architecture, including data buses, gateways and other communication units and systems. Cyber Security and Functional Safety go hand in hand, which is why TIC organizations need to be able to test and check these communication systems to be cyber secure in order to function the way they are supposed to.
Furthermore, the current automotive landscape is currently facing the integration of autonomous vehicles and autonomous vehicle functions as explained earlier. The requirements regarding reliable redundant energy supply, sensor technology, ECUs and actuators are enormous, which lead to TIC companies having to be able to understand and evaluate problems and challenges in these fields. This includes Functional Safety for distributed hardware and software, understanding of adaptive software stacks and constant evaluations and adaptations of the cyber resilience level. Due to the convergence towards holistic end-to-end systems, TIC companies need to be able to assess and check these systems constantly regarding Cyber Security, Functional Safety and Privacy, as well as the definitions of backend responsibilities and roles.
Moreover, the topic of remote diagnostics and big data handling will become one of the key aspects to test, inspect and certify in the future. Diagnostic data that is constantly generated by a vehicle is being sent to a backend, to which a third party needs to get access to, in order to constantly monitor vehicles or entire fleets and react to anomalies or problematic data. This is part of the new extended end-to-end architecture, where constant software updates and signals are being transferred either over the air or within the car, using backbones, gateways and high performance computers (HPC). This shows that the knowledge required about complex automotive electric and electronic architectures, including vehicular communication technologies, is one of the crucial competences a TIC company must have.
In summary, the shift in technology and the way mobility is defined will have giant impacts on the PTI business in the future, as the process will not only include older “offline” vehicles, but more and more constantly connected and updated vehicles, including new powertrain technologies with an entire new ecosystem. TIC companies must acquire vast knowledge and understanding of end-to-end systems, vehicle architecture and sensor technology, as well as powertrain technologies to gain competitive advantage and to ensure sizeable market share.
Interview with Dr. Christoph Maier – Chief Technology Officer at DEKRA Digital
When looking at it from a very pragmatic point of view, modern vehicles are basically computer networks on wheels, which are connected to the internet and mobile networks. While this may be highly innovative and convenient, it also opens the door to potential cyber attacks. Dr. Christoph Maier is Chief Technology Officer at DEKRA Digital GmbH and talks about Cyber Security in the current vehicular landscape.
Data theft on a large scale at IT companies, cyber attacks on large companies, blocked private computers. It seems that there are plenty of security gaps everywhere. Can these scenarios also be transferred to modern vehicles?
Of course, because the more networked vehicles are on the road, the more interesting the field becomes for cyber criminals. When the first networked cars pushed into the market, technical feasibility was still the focus of the hacker attacks. In the future, the technical exploitation will be the driving force. And since there is no such thing as 100 percent security, it is crucial how the security gaps are being dealt with.
Do modern vehicles have to be digitally connected at all?
Equipping vehicles with connectivity will certainly not always be necessary and above all not always technically possible. Today, for example, our mobile network coverage is still not enough for cars to be able to drive fully and permanently connected. Autonomous vehicles will have many different sensors, such as cameras, radars, ultrasound and LIDAR systems, which together provide a very precise picture of the environment – and they are doing all this without any connectivity. Using this data, the car will be able to drive autonomously in most situations. When it comes to up-to-date maps or real-time traffic situations, the vehicle will download the necessary data and store it temporarily – this requires a network connection. It will therefore be a mix of offline and online functions in a vehicle.
Which methods and technologies can be used to prevent the unauthorized deduction of vehicle and usage data?
It is difficult to monitor whether vehicle and user data are collected without authorization. The fact is that there will always be possibilities to channel data from the vehicle. With such complex systems, the collection of data is sometimes necessary, for example to improve systems or to clarify the cause of an accident.
What about liability in the event of an IT attack on a vehicle? Is the manufacturer responsible?
In my opinion, there is currently no clear answer to this question. Manufacturers and owners will definitely play a certain role in liability cases. In the event of a hack, the manufacturer’s task is to program and roll out appropriate countermeasures such as patches and updates in order to close the attack path. On the other hand, the vehicle owner – or the driver – must install available updates. A clear answer to this question, however, will only be given once the relevant incidents have actually occurred and the courts, experts and manufacturers have dealt extensively with this question.
What can we do to protect ourselves from hacking attacks in the car?
We ourselves can do little to avoid becoming the target of an attack. It does not always have to be the internet connection of a car. Other interfaces such as bluetooth hands-free kits, WLAN hotspots in the vehicle, tire pressure sensors that send their data to the vehicle by radio or simply a USB stick are enough to become a victim of a cyber attack. It is therefore becoming increasingly important that we regularly update our vehicle with the latest software – just like our computer or smartphone.
Should we reconsider the dream of autonomous driving due to its risks?
I personally like to drive and steer a car and still look forward to autonomous driving functions. We just cannot expect autonomous driving to be available overnight. This is a product that has to make decisions in the most complex situations and can consequently be a danger to life and limb. We do not have to reconsider or even give up the dream, we only have to be patient in order to achieve reliability and safety for all road users.
Automotive Cyber Security and its aspects
A Hacker’s Intentions: Attack Value Chain
Attack Surfaces and Attack Vectors
As discussed in earlier chapters, modern connected vehicles boast plenty of entry gates into the vehicular architecture, from where a hacker can do all sorts of damage or gain access to the most private data. Access is usually obtained via a software exploit, a logical bug or a human user error, just to name a few. Once the attacker has succeeded in getting access to a component inside the vehicle, there is access to the entire in-vehicle network that may also be used to control safety critical systems, such as braking, steering or acceleration.
In order to understand an attackers entry gates, manufacturers must be aware of all direct and indirect components that pose a potential risk. These components are often referred to as attack vectors.
Image: Direct and indirect attack vectors of modern connected vehicles (Source: DEKRA Digital GmbH)
An attacker has a wide array of using different penetration methods to get access to the vehicle network, such as via:
- Remote attack vectors
- Compromised network node
- Compromised accessories
- Physical network access
- Social engineering
Automotive E/E architectures are network oriented and so are cyber attacks on vehicles. Most of the attacks executed will need to unfurl on the in-vehicle network from where malicious messages or signals can spread to take over entire vehicles or fleets, or to gain access to private and personal data.
Unfortunately for the end user, every sensor in a connected vehicle can potentially be an entry point to the in-vehicle network. The infotainment system has several entry points, such as an USB port, bluetooth connection or wireless connections (WiFi). Additionally telematics and cellular devices are other penetration vectors as they are connected to the deeper layers of a vehicle. For diagnostics in the garage or during PTI process, a so-called OBD-II port is used to extract data and enable software updates. This port can also be easily compromised with malicious software and/or hardware.
In summary, connected cars offer plenty of attack vectors for hackers and cyber attacks, as the nature of connectivity and communication makes them vulnerable. It is crucial for organizations of all kinds to understand these attack vectors and how to secure them so the safety, security and privacy of all affected parties can be guaranteed.
Image: The new connected automotive environment (Source: magility GmbH)
The Philosophy of a Hacker: Different Intentions of White and Black Hat Hackers
There are certain types of hacks, called either white or black hat hackers and they are distinguished by the motivation they have for carrying out a cyber attack. Attacks that are executed by white hat hackers are actually useful for the industry. These hackers are trying to find and attack security gaps in vehicles or connected devices within the IoT in order to inform the manufacturers about the security leaks. White hat hackers mostly have good intentions and want to contribute to the overall safety and security of a product or can be purposefully tasked with the attack by an organization itself. Within the class of white hat hackers there are two types. The first type are those that are specifically engaged by the producer of a connected product to execute security tests or perform penetration tests in defined framework conditions. The second type are those who are not specifically engaged to perform a certain security gap test but still do it based on their own motivation. It has often happened in the last years that a group of specialized hackers successfully hacked a car and informed the manufacturer in a non-disclosure agreement about their findings. The producer then had a certain time frame to close the uncovered security gaps while the vehicle was on the market until the security gap was made public. While beneficiary for the respective company, this can still cause image loss and loss of trust for a brand or vehicle as the vehicle has already been sold and is driving on the road with occasionally dangerous security gaps. Car manufacturers should make sure to engage qualified white hat hackers to minimize the amount of software gaps that could be exploited for Cyber Security attacks.
However, since hacking cars become a lucrative business, the amount of so called black hat hackers has increased steadily. Black hat hackers have criminal intentions when attacking vehicles or even entire vehicle fleets. They usually spend a huge amount of energy on data interfaces in order to create as much damage as possible, which amongst other potential scenarios can lead to theft of a single car by unlocking doors or bypassing immobilisers. Hackers can also gain access to sensitive or personal data by wiretapping or tracking GPS location. Minor cyber crimes could also be executed by just confusing the driver with blinking in-vehicle lights, manipulation of the dashboard such as false readings of fuel or speed.
But cyber attacks do not only have ramifications for single car users and owners, but also for entire organizations, once a hacker gains access to a vehicle fleet and manipulates a huge amount of vehicles simultaneously. In the past there have already been broad scale cyber recalls due to software vulnerabilities, which has cost the respective companies millions and millions of dollars, not mentioning the loss of trust and the damage to the image, that had been built for decades.
The rise of black hat hackers within the IoT industry and especially in the automotive industry can today be classified as the new way of silent warfare. Even though the industry has yet to experience a cyber attack with consequences as grave as described, the potential for such a scenario to happen is rather high and likely. Vehicle manufacturers, suppliers as well as any producer of connected IoT devices have to take into account the needed measures in order to prevent attack scenarios that could lead to an infrastructure paralysis and damages to both their companies and their customers.
Cyber Security Developments and current Applications in the Automotive Industry
Functional Safety, Cyber Security, and Data Privacy are inseparably connected to each other
One of the key findings in securing a vehicle and a system entirely, is that one must understand the trinity of topics that is at the center of safeguarding. This trinity consists of Cyber Security, Functional Safety and Data Privacy. These topics have become inseparable concepts when dealing with connected devices, such as the connected car. It is crucial to understand that none of these concepts can be handled on a singular basis as they are strongly connected and interdependent to each other.
Functional Safety describes the absence of risks due to hazards caused by malfunctioning behavior of electronic systems and considers random hardware failures, common cause, cascading and systematic failures along the life cycle of those systems. Parallel to the Functional Safety of a device, it is required to be cyber secure.
Cyber Security is concerned with the protection of connected systems, including hardware, software and data, from potential silent attacks using one or more of the described entry gates or vulnerability points. The lifecycle frameworks of security development defines the control points that ensure that all operations, development, testing, manufacturing and delivery, are properly combined to mitigate threats. This is complemented by Data Privacy, which governs how data is collected, shared and used – that means consent, notice, and regulatory obligations. The new GDPR shows that this topic in particular is of utmost importance due to the modern data economy, where companies find enormous value in collecting, sharing and using individual data.
One of the key messages for the industry and all of its players is that a product that is declared functionally safe is not necessarily cyber secure or shows the required data privacy, while a cyber secure product does not necessarily have to be functionally safe and show the same data privacy features that the requirement obliges it to have. In the future, products and services who cannot show that they comply with this trinity, will be banned from entering the market, so it is highly important for organizations to always make sure that these three factors have arrived in the minds of all participants.
In-Vehicle Communication, Backend Communication and Security Operation Centers
As discussed above, vehicles of today must show complex defense mechanisms to cope with the even more complex architectures and attack scenarios they have opened via their connectivity features. For this reasons, automakers have started to equip their vehicles with a defence in-depth approach, which uses a layered architecture where protection mechanisms operate on different levels making it difficult for attackers to spread the attack and penetrate several layers, if they should have gotten access to the vehicle in the first place. In-vehicle protection systems such as IDPS (intrusion detection and prevention systems) provide additional protection by responding to unusual communication patterns and informing administrators or independently taking defensive action themselves in order to eliminate or at least mitigate potential damage.
On the basic level, a single control unit needs to be secured, which can be achieved by installing hardware security modules, crypto stacks, secure boot and secure flashs. On the second level, the internal network and the authentication of messages, the integrity and freshness of messages and confidentiality are the most important features that require protection. The third level addresses external interfaces that can be secured with vehicle key management, firewalls and intrusion detection and prevention systems. On the fourth level, the end-to-end security has to be secured with secure communication outside of the vehicle such as to backend providers, telecommunication providers or content and service providers, which often furnish their services in the cloud.
Another way of protecting and monitoring single vehicles and entire fleets is through the usage of so called Automotive Security Operation Centers (SOC/ASOC). These centers are an hub of 24/7 operations and monitoring of vehicle fleets, regarding Cyber Security. By monitoring and analyzing code and communication within the vehicle, potential intrusions can be detected immediately and mitigated or eliminated within a short period of time. Furthermore, ASOCs act as a platform that include software data of all sold vehicles and organize necessary software updates. On this basis, companies can send out software patches that close upcoming vulnerabilities real quick or update any type of infotainment, firmware or other functionality.
Other Types of Vulnerabilities in Vehicles
Despite the different ways to protect vehicles and fleets it has to be said that with Cyber Security, unfortunately there is never a 100 percent guarantee for security or safety. However, there are still ways and measures, such as multi-layered protection, that minimize the probability to experience a cyber attack drastically.
Due to the immense complexity of software code, high performance computers and several in-vehicle networks it is becoming harder and harder to be in total control of holistic security. However, it should always be the goal to close the respective security gaps that pose the greatest risk. The most dangerous vulnerabilities are those that do not yet have a software patch to close it, which makes them prone to a so called zero-day exploit.
Zero-day-vulnerabilities are critical spots, which are not yet known by the manufacturer. Therefore there is no solution for fixing them, making them a blind spot for manufacturers. A zero-day exploit occurs because the person or organization who found the vulnerability has not reported it to the vendor but develops a code that exploits the vulnerability. In some cases, the discoverers of the vulnerability sell their findings and leave the development of a malicious code to the buyers. Zero-day exploits can be used to spread viruses, trojans, worms, rootkits and other types of malware, which is why they present the largest attack potentials. The earliest, a zero-day exploit can be detected is after an initial attack on a system, even though these attacks often take place unnoticed for a dangerously long time.
Although it is hard to prevent systems from zero-day-exploits, it is essential to implement preventive precautions to successfully protect systems in vehicles and IoT devices in order to mitigate potential damages.
Cyber Security for the holistic Automotive End-to-End System – Value Chain and Lifecycle Management
As the vehicle finds itself in the midst of a constantly developing and newly shaped environment, the system expands to previously unexpected dimensions. Nowadays it is insufficient to simply protect the physical shell that is a vehicle. It is necessary to take care of the protection of the entire, so called, end-to-end systems. These systems consist of the connected vehicle, including backends and cloud services, but also the supply chain and the lifecycle of a vehicle.
Image: Holistic end-to-end cyber security must be considered at every stage along the value chain, lifecycle and product (Source: magility GmbH)
The image above helps to get a holistic understanding of Automotive Cyber Security. If an hacker gains access to a vehicle and can suddenly reach corporate backends, the situation escalates to a dimension, where all parties involved in the supply chain are potentially vulnerable to cybercrime, manipulation or economic damage – be it through direct manipulation, such as shutting down servers or conveyor belts, cyber ransom or by simply shutting down entire fleets, which would cost thousands of dollars every second.
Image: Cyber security as a holistic end-to-end solution (Source: magility GmbH)
Furthermore, it is crucial to always keep in mind, that Cyber Security is not an one time commodity, but has to be taken into account during every step along the product life cycle. Cyber Security has to start during the research and development phase of a vehicle, where those measures and features are built into the deepest levels of the vehicular architecture. These measures have to be able to be identified until the recycling phase of the vehicle, where it has to be clear, what happens to the enormous amount of data, the vehicle has gathered over its lifetime.
Only if vehicle manufacturers consider and actively concern themselves with all aspects, they can ensure comprehensive security for themselves, their customers and their entire economic environment.
Safety and Security in the Automotive Development Process
Corporate Management with an integrated Cyber Security Management System (CSMS)
Cyber Security protection in products such as vehicles needs a comprehensive management system applied to the whole organization as well as to its suppliers and many other factors that play a role in the direct environment. As Cyber Security protection begins with the awareness of Cyber Security risks, it has to be considered at the earliest stage of design and included until the deconstruction at the end of its life cycle. Cyber Security is becoming a new interdisciplinary organization-wide function that companies today have to deal with. However, companies are forced to take action as the risks are drastically increasing due to cyber threats. This changing environment poses many challenges to companies in the automotive industry as well as in the IoT. Companies usually face the following challenges:
- Uncertainty regarding priorities and importance of Cyber Security measures
- No particular plans as to what tasks should be done and its responsibilities
- Difficulties to determine where the company currently stands regarding Cyber Security efforts
- Unclear starting point and timeline for execution of tasks
- Cyber Security has no visible advantages, it is no functional feature and is expected to be included into every product from a customer’s view
This means manufacturers need to address a broad range of areas within the company across several divisions which requires the implementation of a Cyber Security Management System into the organization. Furthermore, it is highly important to live a Cyber Security culture throughout the entire organization and involve all employees across all business areas of the company. It requires attentive employees along the entire value chain, who do not only possess security awareness, but can also enforce the necessary security procedures in case of an emergency and thus contribute to claims settlement. A well-informed, trained and attentive management level that is prepared to actively steer and promote Cyber Security as part of the corporate culture within the company is absolutely required. DEKRA offers training programs for the relevant people of a company. These trainings are providing the necessary skills to master Cyber Security in all its aspects.
For that measure, organizations can implement a Cyber Security Management System. While there are many different approaches, the BSIMM (Building Security in Maturity Model) offers the most comprehensive and detailed approach. The BSIMM clusters the framework into four domains, with three practices each, meaning there are 12 practices in summary. These domains and practices align themselves along a logical process from the implementation of a Cyber Security culture within the organization, via tools and practices to the final implementation of the developed measures.
Image: the four domains of security within the BSIMM approach (Source: BSIMM)
Image: The 12 practices for the BSIMM domains (Source: BSIMM)
Organizations should think about acquiring and using such a Cyber Security Management System, in order to obtain a holistic and comprehensive Cyber Security culture within their company and its environment and to ensure the best possible protection for all parties affected.
Risk Management: Evaluation of most threatening Key Risks or Coverage of all Risks
When developing a new vehicle or service or a new version of it, a broad range of topics must be considered to minimize identified threats and risks and therefore reduce potential risks. The ‘Security by Design’ principle is used to minimize the impact of an attack on the vehicle. Companies should take the relevant risk management steps into account when addressing Cyber Security.
What companies need to consider:
- Minimize the risk of an insider attack and unauthorized access in back-end systems
- Minimize the risks associated with cloud computing and back-end systems to prevent data breaches
- Apply on internal and external interfaces
Access Control and System Design
- Protect system data and code, also those with remote access
- Prevent unauthorized personnel from having access to personal or system critical data
- Prevent and detect unauthorized access
- User roles and access permissions based on the principle of least access permissions
- Authenticity and integrity of messages received
- Security controls to store cryptographic keys
- Protect confidential data to or from the vehicle
- Secure software update procedures (OTA)
- Define and control maintenance measures
Detection and Recovery
- Recovery measures in the event of a system failure
- Denial of service attack
- Protect systems against embedded viruses or malwares
- Malicious internal messages or activities
Organization-wide and Processes
- Define and follow security procedures
- Apply best practices for cyber security in development of software and hardware
To identify specific risk avoidances, each threat example can be evaluated against “Advanced Confidentiality, Integrity, Availability (CIA) Protection Objectives”. This assessment should consider how an attack could be initiated and spread in terms of threat or vulnerability through a vehicle’s networks. The expanded CIA identifies seven objectives:
- Non-deniability of authorship
Apart from avoiding Cyber Security risks on an holistic level it is essential for manufacturers to implement a professional incident strategy in order to minimize potentially occurring damage.
Regulations and Standards
Cyber Security Regulations
Governments worldwide are taking action because of recent and increasing security breaches and are starting to make Cyber Security guidelines and norms a standard requirement in order to be able to assess and control threats. The governments and associations are setting guidelines and shaping legislation to establish a minimum level of Cyber Security. Two of the most important standards, that are currently being developed, are the ISO 21434, which is concerned with Cyber Security in Road Vehicles, and the ISO 21448, which deals with the Safety of the Intended Function. Both of these norms will shape the approaches, processes and measures for Automotive Cyber Security in the years to come and are expected to enter into force in 2020.
Also, industry partnerships are being formed to address concerns and advice regulators. One example would be the Auto-ISAC (Automotive Information Sharing and Analysis Center), which supports efforts to share, track and analyze knowledge of potential weaknesses and threats. In addition, there is an increase in discussions on the European level about regulating security and privacy, for example for product certification and homologation, where the UNECE is playing a key part as one of the governing regulation bodies.
Standardization as a Key Factor for Cyber Security Management – Certification of Solutions
A minimum of Cyber Security protection is the basis for a broad acceptance of connected vehicles and services by consumers and governing bodies alike. Trust can only be built into new technologies when there is Cyber Security included – that means a vehicle is safe and secure and cannot be attacked or its functions compromised. However, one of the big challenges in embedding Cyber Security protections lies in the complex supply chain of the automotive industry and in the fact that vehicles from a broad range of manufacturers will share the road and communicate to each other. Therefore automakers must standardize their security procedures in order to be able to assess and manage Cyber Security along any kind of value chain, including the standardization of security issues on all products and services from any supplier.
A solution would be the harmonization of the specific security aspect with an industry-wide Cyber Security standard. Otherwise the incompatibility would lead to huge problems within systems or a insufficient execution of services, which would also lead to generate a hostile attitude towards connected vehicles and newly introduced technology as a whole. This is why the standard ISO 21343 is developed to standardize the methods of developing, testing and optimizing security in vehicles. Simultaneous to the standardization of methods for Functional Safety (ISO 26262), ISO 21343 could become the main developing method for Cyber Security functions. With these implementations, there could be an increase in transparency regarding security measures that would also greatly help to quickly close open vulnerabilities. A solid applied execution of standards in methods would also send a warning message to potential attackers, that manufacturers are exchanging important information regarding secure vehicles and at the same time implementing the best possible standards. Hackers would have a difficult game to play. In the near future security measures should be certified and tested on their protection by a third party, in order to guarantee safety, security and privacy, credited by a neutral player.
Financial Feasibility for Cyber Security
Most of the IoT devices are developed with extreme time to market pressure and hard cost pressure so it is quite common not to secure all potential entry points into a connected device. Therefore many of the devices in the IoT are currently not cyber secure which drastically affects their safety. The device can be exploited and hacked unless manufacturers ensure a complete end-to-end security approach. A first step is the implementation of device security and data protection. Meanwhile manufacturers can gather threat intelligence information across the IoT landscape in a proactive manner. Equipped with this, organizations together with all involved stakeholders get one step closer towards end-to-end security.
What does the Future hold?
In order to always have a leg up on the current challenges regarding vehicle connectivity and IoT, every organization needs to establish a profound communication culture that contains a high dynamic knowledge exchange and transfer on all levels. The challenges that arise due to the increasing spread of connected devices in all aspects of life require a communication behavior and mindset that can be summed up by the term “connectivity” itself. Organizations need to provide the framework for a communication culture that make interconnected knowledge exchanges, central bundling of information, access to relevant information available for everyone. Furthermore, they have to find channels to let information flow through horizontal and vertical levels and hierarchies. The development of organizational structures is especially relevant companies with decentralized organizations that naturally do not have too many contact and communication points in their daily work.
Apart from specific Cyber Security measures to take and to be included in a companies’ strategic processes it is essential to establish a profound communication flow strategy to implement a connected mindset. Only then the hurdle of dealing with the risk of the human factor can be overcome which still plays a central role in many Cyber Security issues. This could require intensive qualification of employees – especially digital immigrants – to establish a connected mindset. The organization should continuously review and adapt communication nodes and chose appropriate channels according to the current requirements. The digital mindset has a huge impact on Cyber Security measures to be taken to protect devices in IoT before and during production as well as along its lifecycle and value chain. If an organization and, with it, all its connected products seek to be cyber secure on a high and profound level there is no way around establishing a transparent and open-minded interpersonal communication culture. The new connected ecosystems within the IoT and especially automotive industry have become incredibly complex. However, there are plenty of measures and approaches we can take to master them. It is up to us to step up to the plate and accept the challenge and use every resource that is already out there in order to enjoy the new convenient future in a safe and secure manner.
The variety and the complexity of Cyber Security makes it impossible for only one organization to find solutions for all challenges. The better way would be to establish a widespread network of companies with bundled competencies, also using expertise from High-Tech Startup specialists and external independent players like DEKRA CYBER SECURITY with the vision to shape a safe and secure future together.
Registergericht: Amtsgericht Stuttgart,
DEKRA DIGITAL GmbH
Dr. Christoph Maier