Automotive Security Standardization activities and attacking trend

Similar documents
ISO-SAE Road vehicles Cybersecurity Engineering General Overview

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

NCSF Foundation Certification

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Securing the future of mobility

Secure Product Design Lifecycle for Connected Vehicles

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

FDA & Medical Device Cybersecurity

Cybersecurity Engineering and Assurance for Connected and Automated Vehicles

13W-AutoSPIN Automotive Cybersecurity

Dr. Stephanie Carter CISM, CISSP, CISA

ISA99 - Industrial Automation and Controls Systems Security

Governance Ideas Exchange

Innovation policy for Industry 4.0

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Protect Your Organization from Cyber Attacks

MASP Chapter on Safety and Security

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Addressing the elephant in the operating room: a look at medical device security programs

The NIS Directive and Cybersecurity in

NCSF Foundation Certification

SOLUTION BRIEF Virtual CISO

National Institute of Standards and Technology

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

European Union Agency for Network and Information Security

Security Challenges with ITS : A law enforcement view

Avanade s Approach to Client Data Protection

Vulnerability Assessments and Penetration Testing

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Cybersecurity, safety and resilience - Airline perspective

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Architecture concepts in Body Control Modules

Cybersecurity Auditing in an Unsecure World

Continuous protection to reduce risk and maintain production availability

Security Standardization and Regulation An Industry Perspective

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

IoT & SCADA Cyber Security Services

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Penetration testing.

Designing and Building a Cybersecurity Program

BHConsulting. Your trusted cybersecurity partner

Framework for Improving Critical Infrastructure Cybersecurity

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Internet of Things Toolkit for Small and Medium Businesses

External Supplier Control Obligations. Cyber Security

Business continuity management and cyber resiliency

Provläsningsexemplar / Preview TECHNICAL REPORT ISO/TR First edition

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

CCISO Blueprint v1. EC-Council

ISA99 - Industrial Automation and Controls Systems Security

The Perfect Storm Cyber RDT&E

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Effective Strategies for Managing Cybersecurity Risks

Car2Car Forum Operational Security

Information technology Security techniques Information security controls for the energy utility industry

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk

lnteroperability of Standards to Support Application Integration

Run the business. Not the risks.

Standard Development Timeline

Internet of Things (IoT) Securing the Connected Ecosystem

The NIST Cybersecurity Framework

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

GDPR: The Day After. Pierre-Luc REFALO

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

ISO/IEC TR TECHNICAL REPORT

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

K12 Cybersecurity Roadmap

Seagate Supply Chain Standards and Operational Systems

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

INFORMATION ASSURANCE DIRECTORATE

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Rethinking Information Security Risk Management CRM002

Information Technology Branch Organization of Cyber Security Technical Standard

Updates to the NIST Cybersecurity Framework

Medical Device Cybersecurity: FDA Perspective

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

Cybersecurity for Health Care Providers

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The University of Queensland

Cyber Risk and Networked Medical Devices

This document is a preview generated by EVS

Cloud Customer Architecture for Securing Workloads on Cloud Services

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Economic and Social Council

Voertuigconstructeurs en data economie

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

Industrial Security - Protecting productivity IEC INDA

Hardening Attack Vectors to cars by Fuzzing

Information and Communication Technology (ICT) Supply Chain Security Emerging Solutions

Countermeasures against Cyber-attacks

Risk-based design for automotive networks. Eric Evenchik, Linklayer labs & Motivum.io Stefano Zanero, Politecnico di Milano & Motivum.

Transcription:

Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017

Automotive Risk Overview Trends and risks for connected vehicles 2

Value and Components of a Car Autonomous driving and shared mobility will leverage a change of the value of the car with an increasing number of market players Today Tomorrow Entertainment Music and video streaming to in-car entertainment system Social media Direct connection to social media channels such as Facebook Software Hardware Points of interest POI displayed on in-car screens such as hotels, restaurants, free parking Navigation Maps displayed on in-car screens incl. route optimization Traffic Real-time traffic updates displayed on in-car screens Maintenance Automatic failure diagnostics and tracking of vehicle health Fuel tracking Fuel efficiency tracking and forecasting incl. up-to-date pricing Content Emergency Direct connection to emergency hotlines in case of accidents Theft protection Automatic notification of car owner and GPS tracking of car Majorly provided by OEM & suppliers Body Shell Powertrain Lightning Seats Components & Interfaces Provided by any company OEM, supplier, or tech firm with expertise on OS level / in-car-apps in order to control or enhance connected car functions Infotainment Driver interfaces Safety & functions Autonomous functions Driver assistance systems features like lane/distance assistant, drowsiness detection Autonomous driving Self-driving functions Parking Assistant Driverless parking including parking sensors and video systems Access Remotely lock and unlock vehicle via internet-connected device 3

Challenges of automated vehicles pose new tasks to address in the future Variety of technical platforms and complexity monitoring throughout the whole supply chain. Technologies like IDPS to be transferred from common practices in Enterprise IT into InVehicle communication. Hardware Control Mechanisms Fast changing threat landscape New commercial aftersales models including licensing, e.g. fixed service packages versus payas-you-use Threats Business Models Increasing interconnection of automotive components and functions Communication Standard Specification Missing standards and best practices for automotive cyber security functions and components Long vehicle lifetime with changing risk environment and updates in ongoing operations Support Integrated Vehicle Implementing security features in historically evolved mechanical vehicle architecture 4

Automotive Cyber Available and upcoming standards 5

Standards Overview Many of the established standards cross industrial boundaries and can be used for automotive security. A globally aligned standard for vehicle security is still missing. International Organization for Standardization / International Electrotechnical Commission (ISO/IEC) ISO/IEC 9797-1: techniques Message Authentication Codes ISO/IEC 11889: Trusted Platform Module ISO 12207: Systems and software engineering Software lifecycle processes ISO 15408: Evaluation criteria for IT security ISO 26262: Functional Safety for road vehicles ISO 27001: Information Management System ISO 27002: Code of Practice ISO 27010: Information security management for intersector and inter-organizational communications ISO 27018: Code of Practice Handling PII / SPI (Privacy) ISO 27034: Application ISO 27035: Information security incident management ISO 29101: Privacy architecture framework ISO 29119: Software testing standard IEC 62443: Industrial Network and System National Institute of Standards and Technology (NIST) NIST SP800-30: Guide for Conducting Risk Assessments NIST SP800-50: Building an Information Technology Awareness and Training Program NIST SP800-61: Computer Incident Handling Guide NIST SP800-64: Considerations in the System Development Lifecycle NIST SP800-121: Guide to Bluetooth NIST SP800-127: Guide to Securing WiMAX Wireless Communications NIST SP800-137: Information Continuous Monitoring for Federal Information Systems and Organizations NIST SP800-150: Guide to Cyber Threat Information Sharing Society of Automotive Engineers (SAE) SAE J2945: Dedicated Short Range Communication (DSRC) Minimum Performance Requirements SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems SAE J3101: Requirements for Hardware-Protected for Ground Vehicle Applications 6

Addressing Automotive throughout the whole vehicle lifecycle Standards are needed to support the implementation of a risk based approach in each phase of the lifecycle. 1. Collaboration with third parties ISO/ IEC 27010:2012 NIST SP 800-150 Supplier Service Provider OEMs Dealer Garages Tech Firms Scrap-Dealer Development Validation Production Sales & Marketing Maintenance Aftersales & Marketing Scrapping 2. & 3. Risk Management and Threat Detection ISO/ IEC 30111 NIST 800-30, NIST 800-137 4. Establish -by-design ISO 17799 SAE J3061 NIST SP 800-127, NIST SP 800-121, NIST 800-64 6. & 7. Organizational implementation ISO/ IEC 27001 NIST SP 800-50 5. Incident response ISO/ IEC 27035:2011 NIST SP 800-61 7

ISO/IEC WD 21434 The upcoming standard from ISO and SAE for cybersecurity engineering Goals Give uniform definition of notions relevant to automotive security Specify minimum requirements on security engineering process and activities Define criteria for assessment (wherever possible) Describe the state of the art of security engineering in automotive E/E development Provide a common and internationally agreed understanding of automotive cybersecurity engineering Can serve as reference for legislative institutions; ensure legal certainty in the Product Life Cycle Innovation Research for Industrial Leadership Quotation Work Packages Concept Refinement Concept and Architecture Prototype Planning & Specification LOOP Realization Development Industrialization Integration & Testing Product Validation Support Production Ramp-up After Series Incident Response Management Scope Requirements for cybersecurity risk management for road vehicles, their components and interfaces, throughout engineering (e.g. concept, design, development), production, operation, maintenance, and decommissioning Framework for a cybersecurity process and a common language for communicating and managing cybersecurity risk among stakeholders Is applicable to road vehicles that include electrical and electronic (E/E) systems, their interfaces and their communications Not prescribe specific technology or solutions related to cybersecurity. Project Groups PG 1: Risk Management SOP PG 3: Operation, Maintenance Validation Production Development Risk Management Operation/ Maintenance Concept Development Incident/Bugs PG 2: Product Development Decommissioning and Interdependencies PG 4: Process Overview 8

ISO/SAE 21434 Overall schedule from start on the 1st October 2016 until the publication on the 1st October 2019 Start JWG October 1st,2016 JWG drafting the document January 2017 January 2018 ISO WDballot for technical comments 2018-02-15 JWG drafting the document SAE Level 1 Technical committee ballot for technical comments ISO CDballot for technical comments 2018-09-15 JWG drafting the document SAE Level 1 Technical committee ballot for technical comments January 2019 ISO DISballot for technical comments 2019-03-15 SAE Level 1 Technical committee ballot for technical comments Joint publication of ISO/SAE- Standard October 1 st, 2019 JWG preparation of the document for publication WD: Working Draft; CD: Committee Draft; DIS: Draft International Standard First Achievements Level (CAL) Inspired by EAL (CC) Risk Profiles Production and Operation in Manufacturing Development of Software Updates Distributed Development Data-Exchange between customer and supplier in different engineering phases Clarifying Responsibilities Incident Management Field Monitoring Incident Mitigation Integration of Safety and Identification of touch points Harmonization between both processes Considered in Risk Management Privacy Considered in the Risk Management to be protected by Cybersecurity No legal prescriptions (not a regulation) 9

Automotive Risk Methodology General Risk Evaluation Approach 10

Deloitte Automotive Cyber (ACS) services to address the industry challenges based on our insights from different OEMs ACS Architecture Gap-Analysis to find strategy and roadmap for holistic security implementation. ACS Management System Risk based Approach for managing Automotive Cyber throughout the whole vehicle lifecycle. ACS Managed Services Supporting services that should be built OEM and Tier1 independent Protective Measures Detective Measures Advanced Threat Intelligence Fleet SIEM Secured communication InVehicle IDPS Incident Response ACS Services ACS Pentesting checks by penetration testing on different applications, systems and components to support the security improvement process, using most current hacking techniques. ACS Development Lifecycle Integration of security activities throughout the development lifecycle enables timely and risk-based identification, as well as remediation of security vulnerabilities. 11

Leading questions in automotive risk methodology As a basis for the vehicle risk evaluation approach, fundamental definitions and assumptions of risk management can be applied Cyber Attack 1 An attack, via cyberspace, targeting an enterprise s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment / infrastructure; or destroying the integrity of the data or stealing controlled information. Questions What kind of attack schemes are relevant in the context of vehicles? What are the critical infrastructure components and functions in vehicles? What is the intention of attackers / the purpose of an attack in the context of vehicles? Risk 2 The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the ease of exploitation of that threat occurring. Questions What is the impact of a successful attack in terms of the critical infrastructure components and functions in vehicles? What are relevant threats in the vehicle environment? What is the ease of exploitation of attacks in the context of vehicles, considering existing vulnerabilities? 1 Source: CNSSI-4009 / National Institute of Standards and Technology s (NIST) Glossary of Key Information Terms 2013 2nd Revision 2 Source: SP 800-60 / National Institute of Standards and Technology s (NIST) Glossary of Key Information Terms 2013 2nd Revision 12

Motivation Interest Skill Level Knowledge Resources Human Safety Compliance Operational Finance Technical Accessibility Required Skill Level Available Information Detection Capabilities low Impact medium high very high Overview on Automotive Risk Methodology The risk evaluation approach is based on the ease of exploitation and attack impact, both drilled down to meaningful criteria in the automotive environment The Deloitte approach for an efficient automotive risk assessment is based on the popular and established CVSS and TARA methodology. The combination of a generic and expandable approach (CVSS) with a established approach (TARA) within the automotive industry and our long-standing practical experience ensure an efficient and target-oriented risk methodology. Key Assumptions Attack Impact Risks Ease of Exploitation The overall risk matrix is a product of attack impact and ease of exploitation potential almost unlikely likely ly certain Ease of Exploitation Component Impact Component Vulnerability Component Threat The ease of exploitations a product of component vulnerabilities and threats Risk scores for components are a result of the risk scores for the functions related to them Function Impact Score Function Vulnerability Function Threat Score Attacker Threat Score Attacker Targets Attacker Profiles Function threat is resulting from the highest attacker threat score Several attackers might be interested in a function Different attackers might have deviating motivation to get control over a function Components Functions Vehicles consist of several components Components provide several functions Functions contains data interfaces that present possible attack vectors and needs special attention Risk Evaluation 13

Example testing steps for a component vulnerability (1/3) Circuit level assessment 01 Identifying electronic parts used by the component (e.g. MCU/CPU, flash/eeprom, memory, interface drivers, etc.) Example Physical entry points Ethernet Example wireless entry points Wireless hotspot 02 03 Identifying on-board target interfaces (e.g. JTAG, UART, I2C, etc.) Extracting firmware (e.g. by debugging, flash reading, firmware update, etc.) USB OBD2 Entry Points WiFi RF communication (keys) 04 Investigating the component design from security perspective CAN GSM data 05 features of sub components Secure / authenticated boot Debug interfaces Location and method of data/code storage 06 of signal routing 07 of MCU/CPU interfaces Source: https://www.parallax.com/product/32115 14

Example testing steps for a component vulnerability (2/3) Firmware level assessment Investigating and reverse engineering the firmware, time limited analysis 01 Booting authentication / encryption Example Physical entry points Ethernet Example wireless entry points Wireless hotspot 02 programming errors in boot flow Software update delivery and protection of update image USB OBD2 Entry Points WiFi RF communication (keys) checking authenticity / encryption CAN GSM data programing errors in checking / flashing flow 03 Main software / firmware communication handling authentication / encryption 01010111111 00011011010 00111010011 01100110110 01101 use of known vulnerable software components data storing / handling / user files and input 04 Preparing and executing Proof-of-Concept attacks against the revealed weaknesses IDA Pro for reverse engineering 15

Example testing steps for a component vulnerability (2/3) Interface level assessment 01 Identifying the communication channels of a component (e.g. CAN, OABR) Example Physical entry points Ethernet Example wireless entry points Wireless hotspot 02 Capturing and analyzing of communication started by or targeting the component during various operation modes USB WiFi standard operation (vehicle off, ACC on, engine running, in motion) flashing OBD2 Entry Points RF communication (keys) coding diagnostic CAN GSM data 03 Correlating data with specification information (received from OEM or downloaded from internet) Finding weaknesses message manipulation via MitM secure access and authentication spoofing / bypassing, triggering functions via replaying 16

Automotive Cyber integration in the V-Model modules are aligned with the development methodology to harmonize all activities and quality gates Threat Analysis and Risk Assessment (TARA) ACS Management System Threat intelligence (field analysis) Risk model Risk assessment methods Asset catalogue Basis security requirements System connectivity and certificate management Stakeholder and process map (RACI) Integration map and supplier governance Fleet SIEM and Incident Response Patch Management Data Privacy Management design pattern System level specs. Software level architect. test cases Supplier governance System requirements engineering System design specification Software requirements engineering Functional specification Design system test cases Software architecture Interface design Resource planning Design SW implement. Implementation model Simplified funct. Specs. Module test cases System test Vehicle test Integration test Module Test Software implementation Coding / Compiling / Binding Calibration of data processing Software documentation Production approval Software approval Data approval Vehicle integration System integration Software integration on ECU Software integration (OEM) Software subsystem integration (supplier) approval Automotive Cyber Penetration Testing (Risk based approach) Dynamic security testing Dynamic security testing Secure Coding convention Code review document. Test scope definition Structuring of the overall vehicle Entry point definition Attacker profiling Threat detection and impact analysis Interface, network and component penetration testing Vulnerability and Risk reporting ACS development activities System and software development activities Harmonized software & ACS quality gates 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback