All News | Chips | Boards | Devices | Android | Software | LinuxDevices.com Archive | About | Sponsors | Subscribe

Consortium plans to protect cars from cyber attacks

Oct 1, 2013  |  Rick Lehrbaum
Tweet about this on Twitter10Share on Facebook1Share on LinkedIn2Share on Google+0

As vehicles become increasingly dependent on embedded computers for functions such as engine timing, acceleration, braking, and in-vehicle infotainment (IVI), the risk of cyber attacks on cars is growing dramatically. With this in mind, Southwest Research Institute has formed the Automotive Consortium for Embedded Security (ACES), which will have an informal initial meeting on Oct. 23.

“A successful attack of an automobile could compromise safety and damage an automaker’s reputation,” notes Southwest Research Institute (SWRI) in its announcement.

Imagine the catastrophic damage to a car, its occupants, or those in its path from an exploit that turns up the IVI system’s volume to an excruciating level, suddenly accelerates or brakes, or abruptly steers into oncoming traffic or off the road.



Some automotive cyber risk sources
(click images to enlarge; source: see footnote)

 

“Embedded systems are processors designed for a specific function within a larger system, such as the whole automobile,” explains Mark Brooks, a senior research engineer at SWRI. “They typically handle a specific task and have been optimized to reduce size and cost and increase reliability and performance.”

Brooks also notes that today’s vehicles typically have “dozens of embedded computer systems” in them, and that they are networked with each other through various on-board paths including CAN bus. Putting this together with the fact that smartphones, tablets, and IVI systems have increasingly brought Internet connectivity into the vehicle, the potential for cyber attacks on cars has now become a major concern.

ACES will be chartered to track new trends in automotive embedded systems and develop methods and technologies for protecting automotive systems from malicious cyber attacks. Key priorities will include “identifying system bugs that might be on the computers, and also protecting the intellectual property associated with control system software on those computers,” says Brooks.

ACES objectives currently listed on the organization’s preliminary web page include:

  • Performing high-risk/high-reward pre-competitive and non-competitive research and development
  • Serving as an independent verification and validation entity
  • Developing an understanding of industry problems and associated risk
  • Monitoring and sharing threats and industry research
  • Keeping abreast of and providing input for emerging safety and security regulations and standards
  • Providing members with relevant solutions and actionable results

SWRI says ACES will also “pursue patent applications for technology developed by the ACES program.”

A short YouTube introduction to the new consortium’s purposes and goals is available below.





Introducing the Automotive Consortium for Embedded Security

 

ACES membership will be open to manufacturers and other businesses affiliated with the automotive industry, with annual membership fees running $90,000. An informal meeting for prospective participants will occur on Oct. 23, to be followed by a formal “kickoff” meeting in January or February. Further information is available at SWRI’s ACES initiative website.
 

Note: the two cyber risk illustrations in this post are from an interesting whitepaper on “Paradigm Change of Vehicle Cyber Security,” which is available for download from the NATO Cooperative Cyber Defence Centre of Excellence website, here (PDF file).
 

(advertise here)


PLEASE COMMENT BELOW

2 Responses to “Consortium plans to protect cars from cyber attacks”

  1. CFWhitman says:

    Protecting against these problems seems rather simple to me. Make it so any computer system tied to basic functions of the car like braking, steering, accelerating, etc. is self contained and cannot communicate with outside systems without plugging them directly into the system. As for the ‘infotainment’ system, just give it a hard off switch, and an easy way to reset the system if necessary.

    I’m in the tech support/programming field, but some of the things they do with computers these days just seem foolish and/or unnecessary to me

  2. Adam Goryachev says:

    I think the single biggest and easiest solution to this problem is the ability to roll out software updates. In the majority of cases, the exploit is based on a software bug, and a simple OTA software update would fully resolve the issue quickly and easily. It ensures that all ‘known’ faults are easily and quickly resolved.

    The main problem is ensuring that the OTA update is a legitimate update, eg the microsoft updates issue, or ensuring the network pushing the updates is not compromised allowing unauthorized updates to make every car “crash” at the same time.

    Also how it will be pushed to the cars. Probably most cars would have WiFi connectivity on a regular basis, so that is one possible solution, alternatively the updates could be done manually by the mechanic doing the routine servicing. Of course, this has both advantages and dis-advantages in security.

Leave a Reply