Editor’s Note: On April 23rd, 2020, Gilad will be giving a full presentation of this topic in a free webinar hosted by the Automotive Security Research Group. You can register for the webinar on the ASRG website.
Subscribe to the Arilou mailing list for updates!
Can we predict future automotive cyber-security challenges?
To paraphrase the quote generally attributed to Neils Bohr – prediction is very difficult, especially about the future of automotive cyber-security.
This article is the first in a six-part series aimed at discovering whether it’s possible to overcome this difficulty. The series will look back at three (not so) different computing and networking environments and will study and analyze their histories. The aim is to predict what can be expected to come in an apparently unrelated field.
Over the course of the series, we will review the analogies between Information Technology (IT) networks, Operational Technology (OT) networks: Industrial Control Systems/Supervisory Control and Data Acquisition (ICS/SCADA), and automotive cyber-security protection solutions. We will do this by attempting to anticipate the future of automotive cyber-security based on similarities in IT and ICS/SCADA behaviour.
Insights from Other Industries
Specialists throughout the automotive industry are speculating about how manufacturers will progress. They’re also looking to predict and pre-empt possible attack scenarios. Our claim is that history will repeat itself. Can we investigate the ‘distant’ past of the IT world – and the more recent ICS/SCADA field – to assess the status of cyber-security in the automotive industry? Can we use this to make informed predictions about the future?
If the trends predicted here answer these questions, they may also be valid for other emerging fields in transportation cyber-security – including rail, maritime, and aviation. If this is the case, they would also be relevant to complementary technologies that are fundamental to the growth of the Internet-of-Things (IoT), the Industrial-Internet-of-Things (IIoT), smart cities, and building management systems.
A Short History of Secure Design
Modern computers emerged in the 1950s and ‘60s and since the 1970’s computer networks have seen immense growth. Increasingly, networks have become complex and hard to manage and protect.
This market emerged as electro-mechanical control devices (through serial communication) reached networked Programmable Logic Controllers (PLCs) which were interconnected via Ethernet and Internet Protocol (IP) networks. This heralded a new era of physical-cyber interaction, with computer networks now able to control physical devices.
An important distinction to make is that ICS/SCADA is not about data. It is about mechanical devices that directly influence our environment. Some examples include electricity grids, gas and oil pumps, water/wastewater systems, railways, air and seaports, and industrial manufacturing lines. The PLCs are connected to sensors or control devices such as engines, heaters, and gates. These devices were initially designed without cyber-security in mind.
The automotive industry started much like ICS/SCADA – evolving from the purely mechanical to electro-mechanical, into the computerized vehicles we know today. Networking started with serial connectivity, eventually becoming full buses.
Connected vehicles purchases have seen a surge in production in the past few years. As such, the attack surface is growing with every model year. The Electronic Control Unit (ECU) – infotainment, telematics, and other components were also initially designed without considering cyber-security.
The Evolution of Connectivity
Many previously air-gapped computer networks became connected as they became a part of universities, commercial ventures, and finally the internet. These networks are, in their vast majority, based on Ethernet for their physical and data-link layers, and on IP for their network layer. This makes the attack surfaces of these networks grow exponentially.
It is harder to defend such systems due to their widespread and common usage. There are a huge number of associated scripts and technologies available to take advantage of Software (SW) and Hardware (HW) vulnerabilities. Add to this, wireless technologies such as Bluetooth, Wi-Fi, and cellular mobile, and we see a rise in the possibility of remote attacks, which can be performed without physical access to the system.
The connectivity process began in the late 1990s (about 30–40 years after modern IT). In contemporary times most automation systems are networked and interconnected. Initially existing only on serial and proprietary networks and protocols – such as Modbus, DNP3, Profibus, Profinet, IEC 60870-5-101/104, and IEC 61850 – these systems, one could claim, were a bit harder to attack. However, the process of migration to Ethernet and IP based networks has increased since.
Furthermore, IT-OT convergence is expanding the need for connectivity. Enterprise requirements emphasize access and control of physical network components. For example, a CEO may want to use his mobile smartphone to monitor electrical power consumption on his company’s energy distribution grid. This implies there is a path from the public internet to the allegedly segregated ICS/SCADA system.
In 2018, a European wastewater facility was compromised when a SCADA Human Machine Interface (HMI) controlling the physical system was connected, in a flawed fashion, to the internet. A phishing attack installed a crypto-jacking malware designed to exploit the Central Processing Unit (CPU) power supply to mine cryptocurrency. We can only be thankful that the hackers did not use this vulnerability to attack the wastewater facility itself and spill huge quantities of sewage into the streets. This would have created an environmental disaster for the city in question.
The past 40 years in the automotive industry has seen a process of transitioning from initial proprietary networks and protocols to standard buses – mainly the Controller Area Network (CAN) bus. Standardization of the higher layers of the CAN bus protocol is now well established in the industry, following a process like ICS/SCADA.
Connectivity in the vehicle is here to stay and has a potential that will only grow as new technologies and new use cases are invented. It has also become about much more than just the In-Vehicle Network (IVN).
The 1980s and 90s saw consumers grow used to a variety of quality-of-life innovations such as radio-frequency key fobs and Tire Pressure Monitoring Systems (TPMS). The more recent evolution of the smartphone has seen consumer expectations expand to include wireless communication methods such as Bluetooth, Wi-Fi, and most importantly cellular networks.
There are many usages for vehicle connectivity, such as Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communications, which, along with many other use cases are generally referred to as Vehicle-to-Everything (V2X). It is also possible there might be more than one cellular modem per vehicle. For example, infotainment, telematics, aftermarket fleet monitoring, and young driver monitoring for insurance all use a cellular connection. Additionally, smartphones can be connected to the vehicle infotainment system via Bluetooth and internal Wi-Fi.
Safety systems such as Advanced Driver-Assistance Systems (ADAS) have their own wireless interfaces. They connect to a wide range of sensors including those such as Light Detection and Ranging (LIDAR) which can be hacked/spoofed like any other wireless interface. These sensors enable a wide range of V2X uses cases and lay the foundation for future connectivity for Electrical Vehicles (EVs) and Autonomous Vehicles (AVs). New technologies will become increasingly dependent on these interfaces and on the exchange of information between vehicles.
These trends will force the industry to migrate from legacy networks such as CAN bus and FlexRay to standard IT networking protocols and topologies such as Ethernet. This opens a large set of capabilities for the vehicle industry, but at the cost of inheriting threat scenarios common to the IT world. This is a similar process to that which occurred with ICS/SCADA 10-15 year ago. The difference is that in automotive it is advancing much faster. ICS/SCADA had years to mature. The automotive industry generates a new model every year, innovating new connectivity features and raising new vulnerabilities.
In the second part of this series, we will look at the key events which have shaped IT and ICS/SCADA. We will also look at the early events that have begun to shape future automotive cyber-security and look at some predictions of what may be yet to come.
Sign-up to our newsletter for the latest news and receive alerts when we post new content.
If would like to learn more about Arilou’s in-vehicle network cyber-security solutions, you can read more here or contact us for further information.