Managing Potential Conflicts Between Vehicle Safety and - PowerPoint PPT Presentation

Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport Cybersecurity Practice Director

Agenda • What do we mean by “Safety - critical” and “Cybersecurity - critical”? • Potential conflict areas • Reducing the risks • Q&A

Some definitions Safety and Cybersecurity

Vehicle safety (from SAE J3061) • System safety (beyond regulatory requirements) is the state of a system that does not cause harm to life, property, or the environment. • A safety-critical system is a system that may cause harm to life, property, or the environment if the system does not behave as intended or desired. • All safety-critical systems are Cybersecurity-critical since a cyber- attack either directly or indirectly on a safety-critical system could lead to potential safety losses

Vehicle Cybersecurity (from SAE J3061) • System Cybersecurity is the state of a system that does not allow exploitation of vulnerabilities to lead to losses, such as financial, operational, privacy, or safety losses. • A Cybersecurity-critical system is a system that may lead to financial, operational, privacy, or safety losses if the system is compromised through a vulnerability that may exist in the system. • Not all Cybersecurity-critical systems are safety-critical since cyber- attacks on Cybersecurity-critical systems can result in losses other than safety losses; namely, privacy, operational, or financial

Safety and Cybersecurity Potential conflicts

Confidentiality: Remote map updates vs PII/PCI data access Remote map updates are Malicious map updates can provide important for safety: unauthorised access to PII and potentially payment card data: Images: motoringexposure.com, mazdahandsfree.com, engadget.com

Integrity: Head Unit Integration vs System segregation Integrated dashboards can Infotainment is the most likely vehicle system to be attacked – if ADAS reduce driver distraction: features are integrated, attackers can directly control them: Images: youtube.com

Availability: Laser Fog Lights vs Camera Systems Lasers can render front-facing Laser fog lights can improve vehicle visibility in poor weather camera systems useless: conditions: Images: youtube.com, naimark.net

Increasingly complex safety systems = increased attack surface Image: deusm.com

Reducing the risks Striking the right balance between Safety and Cybersecurity

Reducing the risks: What can be done? • An awareness of the risks needs to be raised with the right stakeholders • Techniques such as threat modelling would likely identify many of these potential conflict areas • Vehicle manufacturers and their whole supply chain need to develop-in security from day one ( Secure Development Lifecycle ) – bolt-on solutions are never as effective and often very costly • Automotive technology must be independently security assessed to ensure that vulnerabilities haven’t been introduced during development or integration, or as a result of introducing well-intentioned safety features

Automotive Secure Development Lifecycle The ASDL should be considered a framework, rather than as a solution that replaces any existing standards Training

ASDL Standards mapping Auto Alliance Consumer Privacy ISO Protection 26262 Principles NIST FIPS SAE 140-2 (functional safety focused) (privacy focused) J3061 (Security requirements for cryptographic modules) (cyber-physical focused) ISO TVRA 27001 (information security management) (risk assessment – telecomms network focussed) CERT STRIDE C (security focused) (threat modelling) MISRA EVITA C (risk assessment – aligned with ISO 26262) (safety focused) HEAVENS ISO 12207 OCTAVE NIST (risk assessment - electrical systems focused) FIPS 199 (systems and software engineering) (risk assessment – designed (software architecture By US DoD for healthcare security) design threats)

Q&A

Contact us 0161 209 5200 Europe North America • Madrid • Manchester - Head Office • AutomotiveSecurity@nccgroup.trust Atlanta • Malmö • • Amsterdam Austin www.nccgroup.trust • • • Milton Keynes Chicago Basingstoke • Munich • New York • Cambridge • • Vilnius San Francisco • Cheltenham • • Seattle Wetherby • Copenhagen • • Sunnyvale • Zurich Edinburgh • Glasgow Canada Australia • Leatherhead • • Waterloo Sydney • Leeds • London • Luxembourg