CyCraft
Published in

CyCraft

CyCraft Secures Electric Vehicles

Security by Design With Mobility in Harmony (MIH) Open EV Platform

Taipei, Taiwan — 18 April 2022 — CyCraft Technology, a world-leading cybersecurity firm based in Taiwan, announced at the recent Foxconn Mobility in Harmony (MIH) EV Partner Conference that they will continue to work with MIH on Zero Trust architecture as well as continue to conduct in-depth research and development on cybersecurity solutions regarding security concerns for self-driving cars (autonomous vehicles, AV), electric vehicles (EV), and the Internet of Vehicles (IoV). At the conference, CyCraft conducted a thorough demonstration of its vehicle network detection and response (VDR) capabilities in stopping cyberattacks targeting EVs.

Raising Security Concerns

As the global EV market continues to rise so do cybersecurity concerns — especially with regards to over-the-air (OTA) software update architecture, as it can serve as a major attack vector for malicious cyberattacks targeting EV.

The recently adopted ISO/SAE 21434, UN R155, and UN R156 have set a framework for automotive cybersecurity. As a result, automakers worldwide have begun investing more resources into cybersecurity as well as adopting and integrating the Security by Design concept into their manufacturing and development processes.

Specification 7.3.7 of the UN R155 states that in order to achieve compliance, vehicle manufacturer shall implement measures for the vehicle type to:

  • detect and prevent cyberattacks against vehicles of the vehicle type;
  • support the monitoring capability of the vehicle manufacturer with regards to detecting threats, vulnerabilities, and cyberattacks relevant to the vehicle type;
  • provide data forensic capability to enable analyses of attempted or successful cyberattacks.

Security by Design aims to ensure that the entire design and manufacturing cycle of the car, its hardware, software, systems, cloud, and other in-vehicle equipment are all built and developed with a primary focus on security from the ground up as well as being further subjected to strict cybersecurity testing and verification.

The EVKit Platform

CyCraft and MIH are determined to jointly strengthen cyber resilience in the automotive industry through the EVKit platform from promoting general security standards for supply chain security to securing the safety of each individual driver behind the wheel of an electric vehicle.

As a solution for raising EV cyber resilience, MIH recently launched its MIH EVKit — a software stack for software-defined vehicles (SDV) that provides a universal interface for application developers. By incorporating strict security standards, developers are able to quickly enter and impact the EV market. CyCraft assisted in the development of the network detection and response (NDR), the intrusion detection and prevention system (IDPS), and other information security specifications for the software development kit (SDK).

PK Tsung, CyCraft Co-Founder and CSO

With the rapid development and integration of the Internet of Vehicles (IoV), numerous internet-facing devices, such as IoT or smartphones, have quickly become a standard in vehicles but do not always undergo strict security testing. As a result, the collection, use, storage, and verification of personal data in an open network environment has greatly increased the attack surface. Securing driver privacy and protecting data from being exfiltrated or tampered with has become a top priority for automakers and their supply chains.

“The main difficulty in integrating Security by Design into the current design and manufacturing processes is that for decades the automotive supply chain industry has been prioritizing safety more than security when designing and manufacturing related components. The automotive supply chain has evolved into an international ecosystem that now needs cybersecurity assessment at every step in the process.”
— PK Tsung, CyCraft Co-Founder and CSO

PK Tsung plans to speak more on the challenges and solutions for EV security at CyberSec 2022 — the largest cybersecurity conference in Taiwan.

About MIH Consortium

MIH Consortium is creating an open EV ecosystem that promotes collaboration in the mobility industry. Our mission is to realize key technologies and develop reference designs and standards, while we bridge the gap for alliance members resulting in a lower barrier to entry, accelerated innovation, and shorter development cycles. Our goal is to bring together strategic partners to create innovative solutions for the next generation of EV, autonomous driving, and mobility service applications.

About CyCraft

CyCraft leverages proprietary continuous digital forensic technology to secure government agencies, financial institutions, semiconductor manufacturing, police and defense organizations, Fortune Global 500 firms, airlines, telecommunications, SMEs, and more by being Fast / Accurate / Simple / Thorough.

CyCraft automates information security protection with built-in advanced managed detection and response (MDR), global cyber threat intelligence (CTI), smart threat intelligence gateways (TIG), network detection and response (NDR), security operations center (SOC) operations software, auto-generated incident response (IR) reports, enterprise-wide Health Check (Compromise Assessment, CA), and Secure From Home services. CyCraft also collaborates with other cybersecurity organizations, including the International Forum of Incident Response & Security Teams (FIRST) and the Taiwan Cybersecurity Center of Excellence (CCoE).

Meet your modern cyber defense needs by engaging CyCraft at engage@cycraft.com

Additional Resources

--

--

--

Everything Starts From Security

Recommended from Medium

CS373 Spring 2020: Gerald Joshua

WIP35 Formal Voting Begins!

AWS (Secrets Manager vs. Parameter Store)

HackTheBox — “Blunder”

{UPDATE} American Retro Car3d Hack Free Resources Generator

The Problems With Password Managers

[Hack The Box]Lame Walkthrough

How to connect EtherCore mainnet with Metamask

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CyCraft Technology Corp

CyCraft Technology Corp

CyCraft automates SOC ops for the Fortune Global 500, national govs, & SMEs with MDR, IR, & threat hunting solutions. Learn more at CyCraft.com

More from Medium

Operationalizing MITRE Engage: Deception Opportunities with APT Cyber Tools Targeting ICS/SCADA…

Fixing the Zeek Add-on for Splunk in DetectionLab

Detecting Active Directory Kerberos Attacks

Threat hunting in light of the claimed breach of OKTA