The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Similar documents
The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Automotive Cyber Security

Building cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security

Securing the future of mobility

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Connected Car Solutions Based on IoT

SGS CYBER SECURITY GROWTH OPPORTUNITIES

13W-AutoSPIN Automotive Cybersecurity

M&A Cyber Security Due Diligence

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Cybersecurity Engineering and Assurance for Connected and Automated Vehicles

Internet of Things Toolkit for Small and Medium Businesses

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

Innovation policy for Industry 4.0

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Airport Security & Safety Thales, Your Trusted Hub Partner

INSPIRING IOT INNOVATION: MARKET EVOLUTION TO REMOVE BARRIERS. Mark Chen Taiwan Country Manager, Senior Director, Sales of Broadcom

Addressing the elephant in the operating room: a look at medical device security programs

euicc for: Connected cars

RESEARCH INSIGHTS. Sector Focus: Automotive. Author: David Clare

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

External Supplier Control Obligations. Cyber Security

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

European Union Agency for Network and Information Security

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Choosing the Right Security Assessment

Unit 3 Cyber security

Secure Product Design Lifecycle for Connected Vehicles

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Security Challenges with ITS : A law enforcement view

Examining future priorities for cyber security management

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

IoT & SCADA Cyber Security Services

CYBER SECURITY AIR TRANSPORT IT SUMMIT

WeVe: When Smart Wearables Meet Intelligent Vehicles

Cyber Security: Threat and Prevention

Introduction to Cyber Security Issues for Transportation

Voertuigconstructeurs en data economie

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Automotive Gateway: A Key Component to Securing the Connected Car

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

An ICS Whitepaper Choosing the Right Security Assessment

Autorama, Connecting Your Car to

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Automotive Security Standardization activities and attacking trend

Spectrum for Intelligent Transport Systems

CYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation

Cyber Security in Smart Commercial Buildings 2017 to 2021

How AlienVault ICS SIEM Supports Compliance with CFATS

Tackling Crime, Protecting Citizens and Assisting First Responders. IN COLLABORATION WITH A Frost & Sullivan Executive Brief

Incident Response Services

Network, Policy & Privacy Considerations for Connected Autonomous Vehicle Initiatives

White Paper. Connected Car Brings Intelligence to Transportation

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Information Security Controls Policy

To realize Connected Vehicle Society. Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan

Cybersecurity in Government

Real estate predictions 2017 What changes lie ahead?

IoT and Smart Infrastructure efforts in ENISA

FOR FINANCIAL SERVICES ORGANIZATIONS

CYBER RESILIENCE & INCIDENT RESPONSE

Gujarat Forensic Sciences University

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Sage Data Security Services Directory

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

The international CETECOM Group. ETSI ITS Workshop 2013 Session 4 Testing and Certification CETECOM ITS Service Partner Ulrich Keuling, CETECOM

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

New Guidance on Privacy Controls for the Federal Government

Development of Intrusion Detection System for vehicle CAN bus cyber security

Wireless Attacks and Countermeasures

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Connected Cars as the next great consumer electronics device

The NIST Cybersecurity Framework

Strong Security Elements for IoT Manufacturing

Mobility, Security Concerns, and Avoidance

Connected Car. Dr. Sania Irwin. Head of Systems & Applications May 27, Nokia Solutions and Networks 2014 For internal use

Hybrid Communication in Cooperative ITS

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Express Monitoring 2019

Achieving End-to-End Security in the Internet of Things (IoT)

Unit 2 Essentials of cyber security

Transcription:

Automotive

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased connectivity broadens the attack surface of the car New vulnerabilities are constantly being uncovered Cyber criminals are targeting these weaknesses with a number of different attacks The cyber landscape The original concept of security in the automotive industry was around making a car hard to steal. Being physically secure was the focus. But now, having secure technology has become of critical importance. This is all down to increased connectivity within the car. From consumer devices interfacing with infotainment systems, to tyre pressure monitoring systems, the connections to and from the car are where the vulnerabilities lie. On top of this, service providers are in constant contact with modern cars, providing another route in for hackers. With the looming introduction of vehicle ad-hoc networks, where vehicles communicate wirelessly with each other and the roadside, the technologies that malicious hackers can exploit are set to grow exponentially. 2 Automotive Sector Automotive Sector 3

The cyber threat landscape V2x Vehicle to Everything communications Intelligent transport of the future will rely heavily on the ability of vehicles to communicate with each other, with roadside technology, with real-time traffic data and to provide safety alerts to pedestrians or cyclists. As the transmissions are all sent via wireless technologies, the potential for disruption as a result of denial of service, data tampering or data injection attacks could have serious implications for the safety of road users and pedestrians. There are also data privacy concerns around the ability to track vehicles using V2x data. INTELLIGENT TRANSPORT INFRASTRUCTURE NAVIGATION DAB & FM RADIO RADIO FREQUENCY INTERNET DEVICES APP CONTENT PROVIDER INSURANCE COMPANY BREAKDOWN SERVICE Telematics data Connected cars generate and consume vast amounts of data. This could be emergency and breakdown services, virtual concierge, driving ability data for insurance providers, streaming audio and just-in-time parts ordering, to name but a few. Some of this data is highly sensitive and some of it is personal in nature. Therefore, its protection using appropriate encryption, both in transit and at rest, is vital. Data protection legislation such as General Data Protection Regulation (GDPR) is therefore of key importance. SUPPLY CHAIN/MANUFACTURING SENSORS USB EMERGENCY SERVICES Diagnostics connectivity In order to provide the capability to diagnose faults within the electrical system, a diagnostics port is provided in all modern vehicles. However, the functionality required by garage mechanics, e.g. updating firmware, provisioning keys or configuring components, can also be abused by an attacker who has access to the vehicle s network. VEHICLE MOBILE NETWORK TELEMATICS SERVICE PROVIDER Electric Vehicle (EV) charging With the rise of Plug-in Hybrid Electric Vehicles (PHEV) and Electric Vehicles (EVs) comes the requirement for smart charging infrastructure that transmits not only power but also communications data. This transmission of data is between the electric vehicle supply equipment (EVSE), which is more commonly known as a charging station, and the vehicle. The exchange of data (and subsequent data processing) within the vehicle at power distribution network operators means that both could potentially be attacked via a rogue EV or a rogue EVSE which sends malicious data alongside power. POWER DISTRIBUTION OEMs & Tier 1s DEALERSHIP Autonomous sensors Each sensor used to provide an autonomous vehicle with an awareness of its surrounding environment increases the attack surface, as the wireless technologies can be tampered with. The information collected by these sensors is often combined in a sensor fusion device where various weightings are applied to the importance of data from different sources and then decisions are made by the vehicle. Therefore, if these decisions can be manipulated by attackers targeting the sensors with malicious data, this can negatively impact the safety of the vehicle, its occupants and other road users. USB USB ports are now expected by consumers in vehicles, not only for charging mobile devices but also to transfer media to and from infotainment systems. However, default support for other USB devices is often left enabled in production vehicles, which means that the vehicle is capable of communicating with many other USB products such as printers, network cards and cameras. All constitute a significantly increased attack surface. Vulnerabilities in the software drivers for these devices can often provide unauthorised access to the infotainment system or even to the vehicle s network. Wireless technologies Common wireless technologies, such as Wi-Fi and Bluetooth, along with less common protocols such as Tyre Pressure Monitoring Systems (TPMS), are found within modern connected cars. If these are misconfigured or have been developed using vulnerable software components, these can potentially be abused by attackers to provide remote connectivity to vehicle systems. Manufacturing and supply chain The automotive supply chain can be complex and assumptions are often made about who is responsible for the cyber security of a vehicle system or component. It is often the interfaces between components (connected during their integration into a vehicle) that security vulnerabilities can be introduced as a result. Therefore, integration security assessments in the vehicle manufacturing process are critical in order to identify these as early as possible. 4 Automotive Sector Automotive Sector 5

Automotive Assurance for the connected vehicle ecosystem The concept of the Secure Development Lifecycle (SDL) forms the core of our services within the Transport Assurance Practice, providing security assurance at each stage of the development lifecycle for systems and components. The approach ensures that system-level attack points are recognised and departments within an organisation can agree upon who implements each countermeasure. The Transport Assurance Practice at NCC Group was created as a direct result of performing ground breaking researchdriven security testing and consultancy for a number of leading companies in the automotive sector. This involved the development of new tools and techniques that can be applied across the industry. Our team leverage the services offered by other areas of our business including cyber defence operations, software testing and software escrow to provide a comprehensive suite of assurance solutions. System Design Architecture Incident Response Planning Asset Protection Definition Training Security Assessment Threat Modelling Best Practice Guidance Define Counter Measures www.nccgroup.trust/automotive 6 Automotive Sector

About NCC Group NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape. With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face. We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security. For more information from NCC Group, please contact: +44 (0) 161 209 5111 automotivesecurity@nccgroup.trust www.nccgroup.trust/automotive NCCGAUTOMOTIVEV010617

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback