Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Similar documents
The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Automotive Cyber Security

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Security Challenges with ITS : A law enforcement view

Examining future priorities for cyber security management

Security for V2X Communications

Unit 2 Essentials of cyber security

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber resilience, information security and operational continuity

Cyber Security Technologies

Airport Security & Safety Thales, Your Trusted Hub Partner

A. SERVEL. EuCNC Special Sessions 5G connected car 01/07/2015

Business Continuity Management

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

SGS CYBER SECURITY GROWTH OPPORTUNITIES

GNU Radio Software Defined DSRC Radio

Building cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security

CYBER RESILIENCE & INCIDENT RESPONSE

Accelerating solutions for highway safety, renewal, reliability, and capacity. Connected Vehicles and the Future of Transportation

Hardening Attack Vectors to cars by Fuzzing

Introduction to Cyber Security Issues for Transportation

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM

Cybersecurity, safety and resilience - Airline perspective

Integrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice

Real estate predictions 2017 What changes lie ahead?

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Hacker Academy UK. Black Suits, White Hats!

Data Centers & Technology:

Achieving End-to-End Security in the Internet of Things (IoT)

Bradford J. Willke. 19 September 2007

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Michael Rühle, Head, Energy Security Section, NATO ENERGY SECURITY AND NATO: EMERGING CHALLENGES TO CRITICAL ENERGY INFRASTRUCTURE

Action Plan to enhance preparedness against CBRN security risks

How AlienVault ICS SIEM Supports Compliance with CFATS

716 West Ave Austin, TX USA

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Unit 3 Cyber security

Digital Health Cyber Security Centre

Security Aspects of Trust Services Providers

Understanding the Changing Cybersecurity Problem

Cybersecurity for Health Care Providers

Case Study. Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

VEHICLE FORENSICS. Infotainment & Telematics Systems. Berla Corporation Copyright 2015 by Berla. All Rights Reserved.

Automotive Gateway: A Key Component to Securing the Connected Car

TECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Chapter X Security Performance Metrics

CYBER SECURITY AND MITIGATING RISKS

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

A practical guide to IT security

To realize Connected Vehicle Society. Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Cyber Security of ETCS

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

5G Whitepaper: 5G Security Overview

Security Standardization and Regulation An Industry Perspective

13th Florence Rail Forum: Cyber Security in Railways Systems. Immacolata Lamberti Andrea Pepato

Christoph Schmittner, Zhendong Ma, Paul Smith

Chapter X Security Performance Metrics

Critical Information Infrastructure Protection Law

Cyber Security for Process Control Systems ABB's view

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Information Security Controls Policy

13W-AutoSPIN Automotive Cybersecurity

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Chapter X Security Performance Metrics

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Critical Infrastructure

Information Security Controls Policy

A Cross-Sector Perspective on Product Cyber Security

New Services in Mobility: C-ITS

Security Awareness Training Courses

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Penetration testing.

Industrial Control System Cyber Security

The case for a Vehicle Gateway.

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Accelerating solutions for highway safety, renewal, reliability, and capacity. Future of Transportation

Max Security Solutions

GSMA Embedded SIM 9 th December Accelerating growth and operational efficiency in the M2M world

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Cybersecurity and Commercial Aviation

Connected Car. Dr. Sania Irwin. Head of Systems & Applications May 27, Nokia Solutions and Networks 2014 For internal use

Cyber Security Strategy

Controlling traffic In a Connected world

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Singapore Autonomous Vehicle Initiative (SAVI)

Express Monitoring 2019

Cybersecurity and Hospitals: A Board Perspective

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Transcription:

Security Insert the Vulnerabilities title of your of the presentation Connected here Car Presented Presented by by Peter Name Vermaat Here Principal Job Title ITS - Date Consultant 24/06/2015

Agenda 1 2 3 4 5 About TRL What is the issue? Security Analysis Consequences of a Cyber attack Concluding remarks Page 2

TRL Transport Research Laboratory www.trl.co.uk Est. 1933 (RRL Harmondsworth) Independent Privatised company since 1996 320+ staff including many world recognised experts Head office in Crowethorne, UK - Offices in Manchester, Scotland, Wales and the Middle East, Nigeria TRL is an internationally recognised centre of excellence providing world-class research, consultancy, testing and certification for all aspects of transport. TRF, which owns TRL, is a non-profit-distributing foundation with >80 sector members and no shareholders.

Page 4 Early research

Risk Our Work Simulators Driver behaviour Safety Transportation Certification Blood alcohol Infrastructure Investigations and Risk Management Track Tests Vehicle Safety and Engineering International Development Software TRAFFIC STRESS IN 2016 Environment

Page 6

What is the issue? Complexity of vehicles has increased dramatically, particularly in the last few years, for example.. Page 7

MM Wiring Diagramme Page 8

MM Wiring Diagramme Page 9

Page 10 Ford Focus 2011

Complexity Vehicles becoming externally connected All have access via ODB port, - But this requires physical access Multiple radio channels - Short range (Key access, Bluetooth, TPMS) - Longer range (Cellular, Wi-Fi, ITS G5/WAVE, V2X) - Increasingly connected vehicles provide multiple access opportunities Diverse markets and technologies Increasing loss of control by manufacturers Timescale diversity Page 11

Connected vehicle applications Day 1 applications - Hazard Warnings (road works, incidents, weather etc) - ecall - ISA - ADAS, LDWS, ACC - Intelligent parking, logistics - Emergency braking systems Intersection warnings Vulnerable road users Green applications Automated driving - Platooning - Increasing roll-out over time Page 12

Security Analysis Communications security - Hackers attempt to Prevent, Intercept or Manipulate communications - Motivated by - Fame/Notoriety/Activism (black hat, anonymous) - Enrichment (cyber criminals, fraudsters) - Damage and destruction (cyber terrorists) Requirements of Secure Communications - Authentication - Confidentiality - Integrity - Availability Page 13

Security Analysis Risk analysis the following need to be assessed - Attractiveness of target - Technical weakness - Threat surface entry points to the system - Threat vector how the attack can take place - Cost of attack - Damage which can be inflicted by an attack Defence options - For each vector, consider where attacks can happen and how to mitigate and prevent - Defence options include physical protection, encryption, authentication Page 14

Security Analysis - Vulnerabilities Vulnerability Analysis in Literature - A small number of publications directly addressing connected vehicles - Successful hacks so far have largely required physical access - Though BMW remote vulnerability has been found - Researchers have successfully accessed vehicles via GSM - One study concluded connected car no more secure than internet connected computers Page 15

Security Analysis - Vulnerabilities Components - Back doors, OBD port Data - Who owns data collected by vehicles? - Personal information may not be collected - Individual and cooperating vehicles - Automated driving - Financial manipulation - Traffic disruption Vehicle peripheral devices - Remote locking, use of increasingly sophisticated attacks Infrastructure - Potential for misinformation - ecall DDOS Page 16

Consequences of Cyber-attack Individual Vehicles - Data - Misinformation - Control, particularly automated driving Plenty of evidence that this is already possible - Key fobs compromise - Attacks into systems Page 17

Consequences of Cyber-attack Cooperative vehicles - Data - potential for V2V extraction - Misinformation could be used to gain individual advantage, disrupt traffic flow - Control potential for serious incidents First significant cooperative systems close to reality Page 18

Consequences of Cyber-attack Infrastructure - Data - Misinformation, particularly probe vehicle data - Control, particularly as infrastructure becomes dynamically controlled Some scope for financial gain Page 19

Concluding remarks Feasibility of remote access has been demonstrated Future connected car solutions are evolving rapidly (Apple CarPlay, Google Auto..) Vehicle manufacturers losing control of the electronic subsystems within the vehicle Specific areas of concern: - Threats to platooning vehicles - Threats to infrastructure as a result of V2I - ecall vulnerabilities and variants - Uses of data collected from vehicles Page 20

Do You Have Any Questions? Page 21

Thank you Cooperative vehicles ETSI Security Week Presented by Peter Vermaat Principal ITS Consujtant Tel: +44 1344 770561 Email: pvermaat@trl.co.uk Page 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback