The new word to describe transportation is “mobility”, reflecting the needs and preferences of the traveller to seamlessly move them from one place to the other in comfort, as efficiently, as reliably and, eventually, as autonomously as possible.
A whole range of new services are being created to support the mobility concept, for example:
- Ride hailing e.g. Uber
- Ride sharing e.g. BlaBlaCar
- Car sharing e.g. Zipcar
- Microtransit e.g. Bridj
- Mobility-as-a-Service (MaaS) — UbiGo
- Vehicle Connectivity Solutions (for conventional cars) e.g. BMW ConnectedDrive
- Shared Autonomous Vehicles (SAV) — Google (in development)
However, in order to realise this transport utopia, a great deal of new technology and infrastructure is being developed within vehicles, at the roadside, in the cloud and in mobile apps to support these services.
The diagram below highlights just how complex the interactions are with a modern road vehicle.
Every communications path open to a system potentially provides an opportunity for malicious parties to attack it and, as can be seen in the diagram below, there are a large number of possible attack paths into a connected vehicle.
Therefore, cyber security assurance is key to providing these services without opening up new opportunities to attackers.
Figure 1: Connected vehicle attack surface overview
Why would anyone want to hack a car?
If you ask this question to the media, the responses often include words such as “crash”, “death” and “terrorism”.
However, in reality hacking cars to the point where the attacker has full control of all systems requires complex skills and is extremely difficult, costly and time-consuming.
Therefore, anyone planning to hack cars/vehicles will be looking for a significant return on their investment.
Far more lucrative than crashing a car would be to extort money from either the vehicle owner or the manufacturer using some kind of ransomware attack.
Rather than actually gain control of a vehicle’s cyber-physical functions (steering/braking/acceleration), all they need to do is convince the driver that they have control.
After all, how many people would risk driving their car after reading a message on the dashboard that said it had been hacked and all vehicle safety functions had been disabled?
Consumers are making many of their purchases for goods and services online via smartphone apps and as a result of connected vehicles, these apps are increasingly being integrated into cars.
Therefore, another potential target for cyber criminals hacking cars is the PII (Personally Identifiable Information) that can potentially be used for identity theft and also payment card data that could be used to make fraudulent purchases.
With regulations such as the PCI DSS (Payment Card Industry Data Security Standard) and the upcoming GDPR (General Data Protection Regulation), any company with a system that gets hacked, resulting in the theft of PII or payment card data, is likely to face significant fines.
What strategies can be employed to reduce the risks?
Firstly, the concept of a “secure car” is fiction — it is impossible to achieve 100 per cent cyber security.
Security is measured in terms of levels of assurance i.e. the more security activities you perform, the greater the level of assurance gained.
At NCC Group we advocate the use of the Secure Development Lifecycle (SDL), which provides security assurance at each stage of the development lifecycle for systems and components.
The approach ensures that system-level attack points are recognised and departments within an organisation can agree upon which department implements each countermeasure.
It also significantly reduces the risks of identifying design-level security vulnerabilities late in the development process, reducing potentially unforeseen project costs.
Figure 2: The Secure Development Lifecycle
One of the assurance activities used at NCC Group that can easily be applied to existing systems or components is Threat Modelling, which uses the STRIDE[1] methodology to identify the potential ways a system could be attacked.
The freely-available Microsoft Threat Modelling Tool[2] is used in conjunction with an automotive template[3] that we have developed and also provide for free.
Figure 3: Sample threat model of a vehicle using the NCC Group Automotive Threat Modelling Template.
[1] — https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
[2] — https://www.microsoft.com/en-us/download/details.aspx?id=49168
[3] — https://github.com/nccgroup/The_Automotive_Threat_Modeling_Template
To find out more about the cyber security and assurance services we offer, visit us at Mobile World Congress: Hall 5 Stand 5G27
Alternatively, contact us at TransportSecurity@nccgroup.trust
A global practice offering the full range of Cyber Security and Assurance services to the Transport industry.
Originally published at www.nccgroup.trust
