Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mar 27, 2018 Mafijul Islam.

Published byJudith Anthony Modified over 6 years ago

Similar presentations

Presentation on theme: "Mar 27, 2018 Mafijul Islam."— Presentation transcript:

1 Mar 27, 2018 Mafijul Islam

2 “…….These attacks have had a common denominator: transport systems have been used either as a means or as a target.” Mar 27, 2018 Mafijul Islam

3 Cybersecurity Challenges in the “Commercial” Vehicle Industry
Mafijul Islam March 27, 2018 Contributors: Christian Sandberg, Andreas Bokesand

4 Commercial Vehicle vs Passenger Car
Mar 27, 2018 Mafijul Islam

5 Commercial Vehicle vs Passenger Car
DESIGNED TO BE CUSTOMIZABLE Customization: Customizable and tuned to buyers business, distances of transportation, weight, types of roads. Hardly two trucks produced are the same. Different parameters. Body builders are able to interface and control parts of the functionality, engine revs, power take-off. Easier to fix a car configuration in the factory. Bodybuilder interface used to build trucks for purpose X Diversified attack surfaces to consider during design Mar 27, 2018 Mafijul Islam

6 Mar 27, 2018 Mafijul Islam

7 Commercial Vehicle vs Passenger Car
THEFT OF TRANSPORTED MATERIAL VS VEHICLE ITSELF AVAILABILITY OF TRANSPORTED MATERIAL SOMETIMES CRITICAL “Over 80 percent of all communities in the US rely exclusively on trucks to deliver all of their fuel, clothing, medicine, and other consumer goods” Source: Mar 27, 2018 Mafijul Islam

8 Commercial Vehicle vs Passenger Car
DIFFERENT LEGISLATION 90km/h speed limit in the EU emissions driver resting hours Source: Mar 27, 2018 Mafijul Islam

9 Commercial Vehicle vs Passenger Car
SOLD TO BUSINESSES, NOT PERSONS DRIVER AND OWNER OFTEN DIFFER fleet of trucks (compare taxi services, car pools) Driver & Owner: Creates misuse cases there in between. e.g. using truck to run other errands. Good driving bonus programme (speeding) . Owner business image impacted on bad driving. Compare teenager borrowing a car. Future ~ transportation as service, extrapolate car pool and uber. Will people be owner of their own car? Mar 27, 2018 Mafijul Islam

10 Mar 27, 2018 Mafijul Islam

11 Introduction to ELD Mandate
US-DOT Federal Motor Carrier Safety Administration (FMCSA) published the final electronic logging device rule — or ELD mandate – in Dec. 2015 requires an electronic logging device (ELD) to be used by commercial drivers who are required to prepare hours-of-service (HOS) records of duty status (RODS). Fleets have until December 2017 to implement certified ELDs in commercial vehicles (enforced for vehicles model year 2000 and newer), i.e. applies also for existing vehicles on the road ELD device manufacturers performs self-certification. i.e. leaves a lot of room for ambiguity, and unknown implementations Mar 27, 2018 Mafijul Islam

12 ELD and Cybersecurity CAN and Wireless access
An ELD shall automatically record: date; time; location; engine hours; vehicle miles and identification information for the driver. An ELD must be “integrally synchronized with the engine" of the vehicle. Engine synchronization means monitoring of the vehicle’s engine to automatically capture the engine’s power status, vehicle’s motion status, miles driven, and engine hours. An ELD will have CAN bus access (read/send) A compliant ELD must provide one of the following data transfer options: Option 1: Telematics: Web Services and Option 2: Local Transfer: USB 2.0 and Bluetooth An ELD will have wireless access Mar 27, 2018 Mafijul Islam

13 Impact (in existing vehicles)
ELD devices will connect to J1939 network to get required information J1939 protocol is standardized and publicly available, also for critical vehicle control signals (e.g.,Torque Speed Control). ELD devices will have capability to read and send CAN frames (in order to support multiple vehicle OEMs, and since some data only available by request according to standard) Researchers show J1939 standardized signals can be used to control vehicle from OBD. ELD adds wireless attacks, in case ELD compromised. Mar 27, 2018 Mafijul Islam

14 Mar 27, 2018 Mafijul Islam

15 EU: ENISA Guidance, February 2017 European Union Agency For Network And Information Security
“Cybersecurity and Resilience of smart cars” Good practices and recommendations (DOI: /87614) covers passenger cars and commercial vehicles including trucks but excluding autonomous vehicles. lists sensitivities present in smart cars as well as corresponding threats, risks, mitigation factors and possible security measures that can be taken. applies to car manufacturers, Tier 1 and Tier 2 suppliers, aftermarket suppliers, insurance providers and other auto industry stakeholders. industry needs to make efforts to clarify where liability may fall amongst car manufacturers, tier suppliers, vendors, aftermarket support operators and end users. Mar 27, 2018 Mafijul Islam

16 EU: ENISA Guidance, February 2017
“Cybersecurity and Resilience of smart cars” Mar 27, 2018 Mafijul Islam

17 EU: ENISA Guidance, February 2017
“Cybersecurity and Resilience of smart cars” Mar 27, 2018 Mafijul Islam

18 Nov 27, 2017: Draft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 IWG ITS/AD Informal Working Group on Intelligent Transport Systems / Automated Driving (IWG on ITS/AD) Defines principles to address key cyber threats and vulnerabilities identified in order to assure vehicle safety in case of cyber-attacks. Defines detailed guidance or measures for how to meet these principles, including examples of processes and technical approaches. Considers what assessments/evidence may be required to demonstrate compliance/certification with any requirements identified. Mar 27, 2018 Mafijul Islam

19 October 2016: Cybersecurity Best Practices for Modern Vehicles
National Highway Traffic Safety Administration. (2016, October). Cybersecurity best practices for modern vehicles. (Report No. DOT HS ). Washington, DC: Author. Covers cybersecurity issues for all motor vehicles and therefore applicable to all individuals and organizations manufacturing and designing vehicle systems and software. entities include, but are not limited to, motor vehicle and motor vehicle equipment designers, suppliers, manufacturers, alterers, and modifiers Mar 27, 2018 Mafijul Islam

20 September 2017: Automated Driving Systems 2.0: A Vision for Safety
Focuses on vehicles that incorporate SAE Automation Levels 3 through 5 – Automated Driving Systems (ADSs). Applies to the design aspects of motor vehicles and motor vehicle equipment under NHTSA’s jurisdiction, including low-speed vehicles, motorcycles, passenger vehicles, medium-duty vehicles, and heavy-duty CMVs such as large trucks and buses. Outlines 12 safety elements that are generally considered to be the most salient design aspects to consider and address when developing, testing, and deploying ADSs on public roadways. 7. Vehicle Cybersecurity: Entities are encouraged to follow a robust product development process based on a systems engineering approach to minimize risks to safety, including those due to cybersecurity threats and vulnerabilities. Mar 27, 2018 Mafijul Islam

21 NIST Cybersecurity Framework (CSF) Source: https://www. nist
Version 1.1 Draft 2, December 2017 This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. Mar 27, 2018 Mafijul Islam

22 Proposed USA: Internet of Things Cybersecurity Improvement (IoTCI), 2017 “Requires all IoT devices purchased by the government to be compliant with the NIST Best Practices framework” USA: Security and Privacy in Your Car Study Act of 2017 (SPY Car Act) USA: SELF DRIVE and AV START Acts, 2017 Aim at clearing regulatory hurdles for the deployment of autonomous vehicles Include specific sections with respect to cybersecurity Mar 27, 2018 Mafijul Islam

23 ISO 21434 – “Road vehicles - Cybersecurity engineering”
SAE J3061 ”Cybersecurity guidebook for Cyber-Physical Vehicle Systems” released Jan 2016. ISO – “Road vehicles - Cybersecurity engineering” ISO Secure data link for diagnostic Mar 27, 2018 Mafijul Islam

24 Many guidelines, best practices, recommendations, etc.!!!
Establishing ”right” balance? ”much”/”less”/”adequate”? What is ”unique”/”different” across those? Any major ”surprise” across those? ”missing”? How/What to follow and follow-up of .....? How to adapt to the needs of each ”stakeholder”? keep pace with ”dynamic” nature of cybersecurity? learn from other industries that are ”good” in security? align automotive safety and security processes? Utilize existing safety knowledge & experience! Mar 27, 2018 Mafijul Islam

25 Mar 27, 2018 Mafijul Islam

Download ppt "Mar 27, 2018 Mafijul Islam."

Similar presentations

 Thomas Bray Senior Editor, Transportation Management J. J. Keller & Associates, Inc.  Elise Chianelli Product Manager Safety & Compliance PeopleNet.

 Thomas Bray Senior Editor, Transportation Management J. J. Keller & Associates, Inc.  Elise Chianelli Product Manager Safety & Compliance PeopleNet.
IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2013 Overview of International Activities to Limit Distraction Document No. ITS-21-06 (21st ITS,

IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2013 Overview of International Activities to Limit Distraction Document No. ITS (21st ITS,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
1 Development of California Regulations for the Testing and Operation of Automated Vehicles on Public Roads Steven E. Shladover, Sc.D.Ching-Yao Chan, Ph.D.

1 Development of California Regulations for the Testing and Operation of Automated Vehicles on Public Roads Steven E. Shladover, Sc.D.Ching-Yao Chan, Ph.D.
An Introduction to the Federal Motor Carrier Safety Administration.

An Introduction to the Federal Motor Carrier Safety Administration.
IntelliDrive Policy and Institutional Issues Research Valerie Briggs Team Lead, Knowledge Transfer and Policy, ITS Joint Program Office, RITA May 4, 2010.

IntelliDrive Policy and Institutional Issues Research Valerie Briggs Team Lead, Knowledge Transfer and Policy, ITS Joint Program Office, RITA May 4, 2010.
Implementation of MAP-21 February 10, 2014. MAP-21 is a Strong Safety Bill The Moving Ahead for Progress in the 21st Century Act (MAP-21) provides FMCSA.

Implementation of MAP-21 February 10, MAP-21 is a Strong Safety Bill The Moving Ahead for Progress in the 21st Century Act (MAP-21) provides FMCSA.
Tom Cuthbertson – VP Regulatory Compliance – XRS Corporation Electronic Logging Devices: What Happens Now?

Tom Cuthbertson – VP Regulatory Compliance – XRS Corporation Electronic Logging Devices: What Happens Now?
Innovative ITS services thanks to Future Internet technologies ITS World Congress Orlando, SS42, 18 October 2011.

Innovative ITS services thanks to Future Internet technologies ITS World Congress Orlando, SS42, 18 October 2011.
USDOT, RITA RITA: Oversight of USDOT’s R&D programs  University Transportation Centers $100M  UTC Consortia $80M  UTC Multimodal R&D $40M  Intelligent.

USDOT, RITA RITA: Oversight of USDOT’s R&D programs  University Transportation Centers $100M  UTC Consortia $80M  UTC Multimodal R&D $40M  Intelligent.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
ITS Program Update Moving Towards Implementation of Wireless Connectivity in Surface Transportation Talking Freight Webinar January 19, 2011.

ITS Program Update Moving Towards Implementation of Wireless Connectivity in Surface Transportation Talking Freight Webinar January 19, 2011.
Mike Schagrin US Department of Transportation ITS Joint Program Office IntelliDrive Safety Program Overview.

Mike Schagrin US Department of Transportation ITS Joint Program Office IntelliDrive Safety Program Overview.
Machine Health and Condition Based Maintenance Mark N. Pope, General Motors.

Machine Health and Condition Based Maintenance Mark N. Pope, General Motors.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
FMCSA Update TTA Middle Tennessee ELD and SFD Update

FMCSA Update TTA Middle Tennessee ELD and SFD Update
Common Understanding on Major Horizontal Issues and Legal Obstacles Excerpts from the relevant sections of the ToR: II. Working items to be covered (details.

Common Understanding on Major Horizontal Issues and Legal Obstacles Excerpts from the relevant sections of the ToR: II. Working items to be covered (details.
EDR in the context of the context of the general safety Regulation Second CDR User Summit Europe 26 June 2015 1 Antony Lagrange - DG GROWTH, Unit C4 Automotive.

EDR in the context of the context of the general safety Regulation Second CDR User Summit Europe 26 June Antony Lagrange - DG GROWTH, Unit C4 Automotive.

Similar presentations

Ads by Google