In recent years, various attacks have been performed to highlight security concerns about evolving smart cars. In particular, remote hacks took a lot of attention in 2015 when two security researchers hijacked the car’s infotainment system and demonstrated how to manipulate smart car functions. Such attacks elevate the risks associated with the smart car systems and indicate that there have to be diligent measures taken before rolling out these vehicles on the road. That’s because doing so has a direct impact on human lives.
In November 2019, the European Union Agency for Cybersecurity (ENISA) published a report that provides a baseline for comprehensive cybersecurity and privacy challenges related to smart cars, outlining the good cybersecurity practices by determining the challenges, threats, risks and attack scenarios. The objective of this comprehensive study was to identify the main assets and threats subjected to the ecosystem of connected and autonomous cars with actionable practices to address cybersecurity issues. The report also provided European as well as international legislative, standardization and policy initiatives to foster harmonization.
ENISA Asset and Threat Taxonomy
The study provides an asset taxonomy that covers the smart car functions to identify the associated risks and threats. The functions of the smart cars have a direct impact on the safety of passengers. Therefore, the security of smart cars is of prime importance.
However, the range of these technologies, components, and functions covers sensors as well as computational, communication, functional auto parts of the vehicle. This aggregation is exceptionally sophisticated when it comes to interoperability.
By leveraging all these technologies for automation and connectivity, the smart car’s ecosystem opens a new landscape for even more severe cyber threats. The target of these cyberattacks can be any part of the ecosystem from a smart car to the backend remote server. Therefore, it comes as no surprise that the study includes a threat taxonomy, which identifies the threats to smart cars, including the in-vehicle cyber threats, eavesdropping, legal, physical attacks, failures, outages, abuse, and unintentional damages.
Further, the report provides an association between the threats and the assets affected under these threats. The attack scenarios provided in the report are explained and analyzed based on their impact, ease of detection, cascade effect risk, assets affected, stakeholders involved, attack steps, recovery time, gaps and challenges with respective countermeasures. These attack scenarios show the severity of the impact the attack has on smart cars. Furthermore, the report details three types of attack scenarios encompassing various use-cases from connected cars to automation levels 4 & 5.
The most crucial piece of this study is the security measures mapping. This segment of the study identifies the security domain, security measure or good practices, threat groups, and references.
Practices for Mitigating Threats to Smart Cars
As the main aim of this study is to introduce the right practices and security measures, the 17 security domains of smart cars are organized in three categories: policies, organizational practices, and technical practices.
The policies are to ensure the level of the cybersecurity readiness within the organization. Policy-related security measures cover both security and privacy aspects, and they have been classified into four main security domains, namely Security by design, Privacy by design, Asset management, and Risk and threat management. These security measures are addressed at both OEMs and suppliers due to the tight links between them.
Organizational and governance practices are of utmost importance to ensure smart cars’ security. They cover several aspects such as relationships with suppliers, training and awareness, security management, and incident management.
The technical security measures, which help to secure the smart cars and the back-end systems, involve different aspects, such as:
- Detection, including the deployment of Intrusion Detection Systems (IDS) at the vehicle and back-end, data validation checks, periodically network logs and audit logs with forensics-ready procedures in place for accountability purposes during the investigation.
- Protection of network and protocols to safeguard the integrity and authentication of the internal (in-vehicle) and external wireless communication.
- Software security, to ensure software authenticity and integrity before installation with a secure default configuration of devices and services. Software security practices are also important to define secure Over-the-Air updates to avoid firmware manipulation.
- Cloud security, which covers all security and availability aspects with cloud providers to ensure the safe operation of critical systems and to protect all data within the cloud and during transfer.
- Cryptography to encrypt all sensitive, personal and private data to prevent its disclosure to illegitimate entities. Moreover, encryption is used to authenticate connected systems to avoid manipulation of personal data while ensuring their confidentiality.
- Access control, which covers physical and logical security aspects for the security of internal networks and data. Policies include “least privileges” principle and network segmentation.
- Self-protection and cyber resilience, to withstand the adversarial attacks by preventing data falsification with respect to the in-use AI or ML.
- Continuity of Operations, to ensure that displayed notifications are easy to understand and help users find remediation or workaround. In addition, the continuity plans should cover third-party aspects and should be periodically tested to ensure the resilience of smart cars.
The ENISA report is one of the best resources by far and serves as an accelerator for the joint efforts of the automotive sector and the cybersecurity domain experts to address the unforeseen safety, security and privacy challenges. Since raising awareness is one of the main objectives of the report, identifying and mitigating the threats during the development phase is of the utmost importance for making a safer driving experience with secure automated capabilities.
About the Author: Ikjot Saini is a dynamic Cybersecurity professional playing a leading role in the emerging & challenging field of Automotive Cybersecurity. Ikjot is currently pursuing her Ph.D. in Cybersecurity of Connected Vehicles in the School of Computer Science at the University of Windsor. Her research is focused on the development of a framework for privacy assessment of the Network of Connected Vehicles. Ikjot has published many research papers and journal articles on the topics including V2X privacy schemes, engineering privacy attacks for equitable assessment, DSRC network congestion and routing protocols. Ikjot is passionate about cyber security and is a leading voice for enabling women participation and leadership in this field. She founded the first Canadian Student Chapter of WiCyS (Women in CyberSecurity) with the mission to provide opportunities for women to learn and get hands on experience in cybersecurity. She is also the winner of the inaugural WEtech Alliance Woman in Tech of the Year award.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.