an overview of nhtsa s vehicle cybersecurity research
play

AN OVERVIEW OF NHTSAS VEHICLE CYBERSECURITY RESEARCH PROGRAM Cem - PowerPoint PPT Presentation

AN OVERVIEW OF NHTSAS VEHICLE CYBERSECURITY RESEARCH PROGRAM Cem Hatipoglu, Ph.D. Chief, Electronic Systems Safety Division National Highway Traffic Safety Administration NHTSAs Mission Save lives, prevent injuries and reduce


  1. AN OVERVIEW OF NHTSA’S VEHICLE CYBERSECURITY RESEARCH PROGRAM Cem Hatipoglu, Ph.D. Chief, Electronic Systems Safety Division National Highway Traffic Safety Administration

  2. NHTSA’s Mission “ Save lives, prevent injuries and reduce ” economic costs due to road traffic crashes, through education, research, safety standards and enforcement activity.” SAE INTERNATIONAL 2

  3. The Need for Continued Technological Innovations 32,675 people died due to motor vehicle accidents in 2014. • Modern crash avoidance and vehicle-to-vehicle (V2V) communications technologies that heavily rely on electronic systems hold the promise to address most crash challenges SAE INTERNATIONAL 3

  4. The Need for Cybersecurity Research However, these safety features introduce new cybersecurity challenges and vulnerabilities as demonstrated by our research and that of others. Failure to tackle the cybersecurity challenge would threaten the technology-driven safety transformation we all want to achieve. SAE INTERNATIONAL 4

  5. NHTSA and Vehicle Cybersecurity Organizational changes: Establishment of Electronic Systems Safety Research Division and Electronics Council Cybersecurity research program : Identified five actionable goals; layered approach Partnerships : Working with multiple public and private stakeholders http://www.nhtsa.gov/staticfiles/administration/pdf/presentations_speeches/2015/NHTSA-VehicleCybersecurity_07212015.pdf SAE INTERNATIONAL 5

  6. Electronic Systems Safety Program Areas Electronics Vehicle Automated Reliability Cybersecurity Vehicles Protection of vehicular electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation. SAE INTERNATIONAL 6

  7. Use of Electronics in Cars Not new… Dates back to 1970s (not including uses in radio) Today, a typical automobile features over 100 microprocessors, 50 electronic control units, five miles of wiring and 50-100 million lines of code . •Active Suspension •Event Data Recorder •Active Vibration Control •Hill Hold Control •Adaptive Cruise Control •Idle Stop-Start •Adaptive Front Lighting •Instrument Cluster Control •Airbag Deployment •Intelligent Turn Signals •Anti-lock Braking •Interior Lighting •Autonomous Emergency Braking •Lane Departure Warning •Battery Management •Lane Keeping Assist •Blind Spot Detection •Navigation •Cabin Environment Controls •On-Board Diagnostics •Communication Systems •Parental Controls •Cylinder Deactivation •Parking Systems •Driver Alertness Monitoring •Pre-crash Safety •Electronic Power Steering •Rear-view Camera •Electronic Seat Control •Regenerative Braking •Electronic Stability Control •Remote Keyless Entry •Electronic Throttle Control •Security Systems •Electronic Toll Collection •Tire Pressure Monitoring •Electronic Valve Timing •Traffic Sign Recognition •Engine Control •Transmission Control •Entertainment System •Windshield Wiper Control Sample electronic functions on a modern vehicle SAE INTERNATIONAL 7

  8. Threat Vectors into Vehicle Systems Physical Wireless Short Range Long Range DSRC Bring Your Own Device (BYOD) / Aftermarket Devices* E.g. Insurance dongles on OBD-II; cellphones via USB SAE INTERNATIONAL 8

  9. NHTSA’s Vehicle Cybersecurity Research Program and Goals 1 Share vehicle cybersecurity knowledgebase Facilitate implementation of voluntary industry 2 standards Foster development of new system solutions to 3 improve cybersecurity Investigating minimum performance based 4 vehicle safety requirements for cybersecurity Develop foundational materials to inform policy 5 decisions SAE INTERNATIONAL 9

  10. NHTSA’s Vehicle Cybersecurity Research Program and Goals Share vehicle cybersecurity knowledgebase 1 Expanding in-house cyber research capabilities Capabilities Future Capabilities Equipment • Vector CANalyzer • Femtocell/cellular • Communication bus monitoring base transceiver • Roller Dynamometer station • RF monitoring • USRP Software Defined • RF Disruption Radio • GPS Spoofing – LTE, DSRC, • GPS Satellite Simulator • GPS Simulation GPS, Radar • Spectrum Analyzer • Firmware Analysis • IDA Pro SAE INTERNATIONAL 10

  11. NHTSA’s Vehicle Cybersecurity Research Program and Goals Share vehicle cybersecurity knowledgebase 1 Researching cybersecurity best practices in relation to vehicle industry Attending, organizing and presenting at cybersecurity events; Engaging in detailed public and private discussions on cybersecurity • OEMs, Tier 1, Tier 2 Suppliers, SAE International; TRB; etc. • Other Government Agencies (NHTSA roundtable discussions). SAE INTERNATIONAL 11

  12. NHTSA’s Vehicle Cybersecurity Research Program and Goals Facilitate implementation of voluntary industry 2 standards Monitoring and participating in industry standard setting efforts Monitoring related global activities • HEAVENS, JASPAR, ISO, Trilateral Working Groups, World Economic Forum, etc. Encouraged vehicle industry to set up an Automotive information sharing and analysis center (ISAC) • Global Automakers and Alliance of Automotive Manufacturers have undertaken the initiative and their investigation led to the establishment of the Auto-ISAC, which started operation in 2015. • Encouraging the group to gradually include other key stakeholders, such as the suppliers. SAE INTERNATIONAL 12

  13. NHTSA’s Vehicle Cybersecurity Research Program and Goals Foster development of new system solutions to 3 improve cybersecurity Researching and monitoring activities on process solutions “Layers of Protection”: Investigating various forms of solutions Secure communications Protective/Preventive Methods Encryption, Gateways, firewalls; Separation of functions Anomaly-based intrusion detection Systems to monitor vehicle data buses Address and isolate intrusions Real-time response mechanisms before vehicle systems compromised Assess Treatment Solutions Feedback loop for continuous improvements (e.g. facilitated by an ISAC –Information Sharing and Analysis Center). SAE INTERNATIONAL 13

  14. NHTSA’s Vehicle Cybersecurity Research Program and Goals Investigating minimum performance based vehicle 4 safety requirements for cybersecurity Develop a systematic vehicle security assessment approach Study vehicle architectures and threat vectors and risks Test and evaluate vehicle cybersecurity environment • Need performance metrics to validate theories in applied settings • Objective test procedures: practical, repeatable, reproducible SAE INTERNATIONAL 14

  15. NHTSA’s Vehicle Cybersecurity Research Program and Goals Develop foundational materials to inform policy 5 decisions Research policy alternatives, certification and enforcement possibilities and associated challenges In October 2014, NHTSA published a federal register (FR) notice on “Automotive Electronic Control Systems Safety and Security” NHTSA has completed the Report to Congress on the need for safety standards with regard to electronic systems based on its examination to date and public comments received to this FR notice • MAP-21 requirement; Expected to be published in the coming weeks SAE INTERNATIONAL 15

  16. Current NHTSA Research on Vehicle Cybersecurity Investigating Protective/Preventive solutions • Message authentication for communications Interfaces ( V2V project initiating) • Gateways, firewalls (project underway) Researching Intrusion Detection Solutions • Vehicle bus monitoring for anomalous behavior; (project underway) Assessing Treatment Solutions • Feedback loop for continuous improvements (Monitoring progress in standing up and operationalizing an Automotive ISAC ). Crosscutting Research • Vulnerability Testing (projects underway at our applied labs) • Software / Firmware Updates – including over the air means (project underway) • Evaluate Heavy Vehicle Cybersecurity (project underway) • Collaboration/coordination with other Federal agencies (e.g. DHS, NIST, FAA) SAE INTERNATIONAL 16

  17. Cyber Roundtable Discussion on January 19, 2016 “Vehicle Cybersecurity Roundtable” event held on Tuesday, Jan 19, 2016 Discussion topics included:  Best approaches in this domain (regulations, guidelines, voluntary industry standards, best practices, etc.)  How best to capitalize efforts from other environments while applying to distinct aspects of auto industry  The roles of distinct stakeholder groups (government, industry, others)  Policies, plans, strategies appropriate to respond to the speed of change and challenges in cybersecurity  Potential roadblocks to closing gaps or adopting available guidance for the industry The intent of the event was to identify actionable steps for the stakeholder groups to take such that the vehicle manufacturing industry can address the vehicle cybersecurity challenges effectively and expeditiously. A follow on meeting with Federal stakeholders is scheduled for Friday, Jan 22, 2016. SAE INTERNATIONAL 17

Recommend


More recommend