ENISA Asset and Threat TaxonomyThe study provides an asset taxonomy that covers the smart car functions to identify the associated risks and threats. The functions of the smart cars have a direct impact on the safety of passengers. Therefore, the security of smart cars is of prime importance. However, the range of these technologies, components, and functions covers sensors as well as computational, communication, functional auto parts of the vehicle. This aggregation is exceptionally sophisticated when it comes to interoperability. By leveraging all these technologies for automation and connectivity, the smart car's ecosystem opens a new landscape for even more severe cyber threats. The target of these cyberattacks can be any part of the ecosystem from a smart car to the backend remote server. Therefore, it comes as no surprise that the study includes a threat taxonomy, which identifies the threats to smart cars, including the in-vehicle cyber threats, eavesdropping, legal, physical attacks, failures, outages, abuse, and unintentional damages. Further, the report provides an association between the threats and the assets affected under these threats. The attack scenarios provided in the report are explained and analyzed based on their impact, ease of detection, cascade effect risk, assets affected, stakeholders involved, attack steps, recovery time, gaps and challenges with respective countermeasures. These attack scenarios show the severity of the impact the attack has on smart cars. Furthermore, the report details three types of attack scenarios encompassing various use-cases from connected cars to automation levels 4 & 5. The most crucial piece of this study is the security measures mapping. This segment of the study identifies the security domain, security measure or good practices, threat groups, and references.
Practices for Mitigating Threats to Smart CarsAs the main aim of this study is to introduce the right practices and security measures, the 17 security domains of smart cars are organized in three categories: policies, organizational practices, and technical practices. The policies are to ensure the level of the cybersecurity readiness within the organization. Policy-related security measures cover both security and privacy aspects, and they have been classified into four main security domains, namely Security by design, Privacy by design, Asset management, and Risk and threat management. These security measures are addressed at both OEMs and suppliers due to the tight links between them. Organizational and governance practices are of utmost importance to ensure smart cars’ security. They cover several aspects such as relationships with suppliers, training and awareness, security management, and incident management. The technical security measures, which help to secure the smart cars and the back-end systems, involve different aspects, such as:
- Detection, including the deployment of Intrusion Detection Systems (IDS) at the vehicle and back-end, data validation checks, periodically network logs and audit logs with forensics-ready procedures in place for accountability purposes during the investigation.
- Protection of network and protocols to safeguard the integrity and authentication of the internal (in-vehicle) and external wireless communication.
- Software security, to ensure software authenticity and integrity before installation with a secure default configuration of devices and services. Software security practices are also important to define secure Over-the-Air updates to avoid firmware manipulation.
- Cloud security, which covers all security and availability aspects with cloud providers to ensure the safe operation of critical systems and to protect all data within the cloud and during transfer.
- Cryptography to encrypt all sensitive, personal and private data to prevent its disclosure to illegitimate entities. Moreover, encryption is used to authenticate connected systems to avoid manipulation of personal data while ensuring their confidentiality.
- Access control, which covers physical and logical security aspects for the security of internal networks and data. Policies include “least privileges” principle and network segmentation.
- Self-protection and cyber resilience, to withstand the adversarial attacks by preventing data falsification with respect to the in-use AI or ML.
- Continuity of Operations, to ensure that displayed notifications are easy to understand and help users find remediation or workaround. In addition, the continuity plans should cover third-party aspects and should be periodically tested to ensure the resilience of smart cars.
ConclusionThe ENISA report is one of the best resources by far and serves as an accelerator for the joint efforts of the automotive sector and the cybersecurity domain experts to address the unforeseen safety, security and privacy challenges. Since raising awareness is one of the main objectives of the report, identifying and mitigating the threats during the development phase is of the utmost importance for making a safer driving experience with secure automated capabilities.