Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connected Cars & Autonomous Vehicles

Published byCecil Lynch Modified over 7 years ago

Similar presentations

Presentation on theme: "Connected Cars & Autonomous Vehicles"— Presentation transcript:

1 Connected Cars & Autonomous Vehicles
The current state of Cybersecurity

2 A presentation given to the Self Driving and Autonomous Vehicle Technology meetup group at the Brighton Digital Catapult on January 20th 2017 Provides high-level overview of issues around cybersecurity of Connected Cars and what automotive industry is doing to address the problem

3 About your presenter

4

5 The story so far … Society of Automotive Engineers: standard SAE J3016 defines classes of vehicle automation

6 Levels of Vehicle Automation

7 Technology Timeline Multiple generations of technology will co-exist on our roads for many years.

8 Recent Highlights SAE J3016 has been formally validated by the US Department of Transport.  Tesla Motors Inc., BMW, Ford Motor Co. and Volvo Cars have all promised to have fully autonomous cars on the road within five years.   Alphabet Inc.’s (Google) autonomous test vehicles will surpass 3 million test miles on public roads by May 2017. China has set a goal for 10-20% of vehicles to be highly autonomous by 2025, and for 10% of cars to be fully self-driving in 2030. Nvidia and Mercedes-Benz announced intention to develop “cognitive car” using embedded AI technology.

9 Vehicle Cybersecurity: problem description

10 Attackers have many Faces
Criminal gangs intent on: Stealing Personally Identifiable Information (e.g. Credit Card numbers) Deploying “ransomware” State-sponsored actors and politically motivated groups Small-time crooks intent on stealing vehicles “Curiosity driven” attacks (e.g. by car owners)

11 It’s Complicated Example: the new Ford F150 pickup has 150 million lines of code Each vehicle has multiple Electronic Control Units (ECUs) from different vendors Presents multiple attack points for hackers Complexity is the enemy of security

12 Examples of Risks Unauthorised access to vehicles
Keyless door entry systems use mobile apps or electronic key-fobs Theft of personal information Owner details, GPS logs, Credit Card info, etc. ‘Hijacking’ of individual vehicles Feasibility demonstrated by ‘Jeep hack’ (2015) Creation of mobile ‘bots’ Vehicle software compromised by hackers and used to launch cyber-attacks Installation of ‘ransomware’ Victims must pay money to regain control of their vehicles

13 Threats to Infrastructure
Cyber-attacks on infrastructure could cause: Traffic gridlock Economic losses Accidents and loss of life Massive insurance claims Political repercussions Need to think in broad terms Private vehicles Taxis Buses Trams and light rail Pedestrians and cyclists Emergency services vehicles

14 Vehicle Cybersecurity: emerging solutions

15 SAE J3061 “Cybersecurity Guidebook for Cyber-Physical Vehicle Systems” – published January 2016 Provides a framework to help organizations Identify and assess cybersecurity threats related to vehicles Design cybersecurity into cyber-physical vehicle systems throughout the entire development lifecycle process. Provides the foundation for further standards development.

16 OTA Updates “Over-the-air” software updates are crucial part of strategy Already implemented by vendors such as Tesla Motors Needs to be carefully implemented else OTA service can be hacked

17 Sharing of Expertise Automotive Information Sharing Advisory Centre (Auto-ISAC ) Established by the Auto industry to facilitate development of cybersecurity expertise within Automotive supply chain “An industry-operated environment created to enhance cyber security awareness and coordination across the global automotive industry” Published set of ‘Best Practices’ for automotive cybersecurity in July 2016

18 Improve Software Quality
Difficult to accurately estimate extent to which software code may deemed ‘buggy’ Perhaps 1 bug in every lines of code ?? Major initiatives designed to improve software quality NIST 8151 ‘Dramatically Reducing Software Vulnerabilities’ September 2016 General Motors announced recall of 3.6 million vehicles after fear that air-bags may fail to deploy due to software fault. NIST

19 Open Source Activities
Open source code Open source hardware Bug Bounty programmes index.php/Tools .co.uk Significant increase in the level of open source activity in the Automotive space Vendors such as Fiat-Chrysler now offer ‘bug bounties’ to developers

20 Vehicle Cybersecurity: some final thoughts

21 Need for Holistic View End-to-end Security KEY V2V Vehicle-to-Vehicle
V2I Vehicle-to-Infrastructure V2P Vehicle-to-Person Myriad of Stakeholders Phone-to-Car V2V V2I Data Storage Myriad of attack points V2P Data Analytics Back Office Billing Provisioning Operations The Cloud End-to-end Security

22 Two Distinct Cultures Safety culture Security culture
AUTOMOTIVE INDUSTRY Safety culture INFORMATION INDUSTRY Security culture Major challenge to create a unified culture for these two very different industries.

23 Conclusions Industry has started to address issues of cybersecurity of vehicles Cybersecurity issues for Connected Cars remain poorly understood May take 1-3 years for security countermeasures to find their way into products Fragmented business ecosystem and global supply chains make compliance difficult Legal and regulatory framework lags well behind rate of technology development Risk that high costs may result in cybersecurity being given a lower priority than is required Need to think about cybersecurity from the standpoint of Vehicle Lifecycle ( Initial sale – Resale – End of Life )

24 Any Questions?

Download ppt "Connected Cars & Autonomous Vehicles"

Similar presentations

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Autonomous Vehicles in California Stephanie Dougherty Chief of Strategic Planning, California DMV.

Autonomous Vehicles in California Stephanie Dougherty Chief of Strategic Planning, California DMV.
1. 2 A Smarter Supply Chain Using Information & Communications Technology to Increase Productivity in the Australian Transport & Logistics Industry Rocky.

1. 2 A Smarter Supply Chain Using Information & Communications Technology to Increase Productivity in the Australian Transport & Logistics Industry Rocky.
Autonomous Vehicles in California Stephanie Dougherty California DMV

Autonomous Vehicles in California Stephanie Dougherty California DMV
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Autonomous Vehicles in California Bernard Soriano and Stephanie Dougherty.

Autonomous Vehicles in California Bernard Soriano and Stephanie Dougherty.
Michael Westra, CISSP June 2012 2012 BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.

Michael Westra, CISSP June BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
1 National Highway Traffic Safety Administration An Overview of NHTSAs Vehicle Safety Research Priorities Nathaniel Beuse Associate Administrator, Vehicle.

1 National Highway Traffic Safety Administration An Overview of NHTSAs Vehicle Safety Research Priorities Nathaniel Beuse Associate Administrator, Vehicle.
Connected and Autonomous Vehicles Supply Chain Security

Connected and Autonomous Vehicles Supply Chain Security
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
Automation & Enhanced Safety

Automation & Enhanced Safety
SAS® Viya™ Overview ANDRĖ DE WAAL, GLOBAL ACADEMIC PROGRAM

SAS® Viya™ Overview ANDRĖ DE WAAL, GLOBAL ACADEMIC PROGRAM
SAE Cybersecurity Standards Activity

SAE Cybersecurity Standards Activity
Connected Vehicles in the Internet of Things Presenter

Connected Vehicles in the Internet of Things Presenter
Broadband Challenges 2017 Christopher Tamarin

Broadband Challenges 2017 Christopher Tamarin
The Impact of Emerging Technology on Portfolio Risk Management

The Impact of Emerging Technology on Portfolio Risk Management
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Similar presentations

Ads by Google