Are Self-Driving Cars A Smart City Hacker’s Dream?
By Dan Verton – October 26, 2017
The future autonomous vehicle will be just another device within the automotive Internet of Things, which opens up the future smart city to potential cybersecurity threats, warned Moshe Shlisel, CEO of Guardknox Cyber Technologies, a leading cybersecurity firm specializing in self-driving cars.
“Eventually, a car in the very near future, will be a node in the automotive IoT,” said Shlisel, who spent two decades in the Israeli Air Force and is working to integrate security approaches used in fighter jets to the future self-driving car. “Because if you can really hack a car (such as an electric vehicle connected to the smart grid), through the car you can penetrate the grid, and then you can do basically anything you want.”
This is a concern that is shared by other experts, including the Cloud Security Alliance. In a report issued earlier this year, the CSA warned of the potential vulnerabilities in the larger communications ecosystem that will be required for self-driving and connected cars, including the connectivity to smart road systems and even smart home appliances.
“Vehicles will quickly become reliant on messages received from other vehicles, infrastructure and mobile applications. It is therefore crucial to be able to trust that these messages will be delivered as expected, have not been tampered with, and have not been sent by unauthorized entities,” the CSA study warned. “There are a number of motivations for bad actors to compromise [connected vehicle] components and technologies. These range from curious hackers attempting to demonstrate weaknesses, to malicious entities attempting to cause harm, on both small and large scales. Widespread outages of traffic systems have financial implications, cause confusion, and even grind society to a halt for a short time.”
Harry Lightsey, executive director of emerging technologies policy at General Motors, said his company is constantly monitoring for new and emerging vulnerabilities. GM has established internal and external Red Teams, as well as setup a portal for cybersecurity researchers to report vulnerabilities to the company. It also participates in the industry’s information sharing and analysis center.
“We assume we’re going to assume risk across the board, even state actors,” he said. “We assume the worst.”
Lightsey, who spoke during a DC CyberWeek panel session Oct. 18 on the future of automotive cybersecurity, acknowledged that part of the challenge facing the industry is the lack of a standard baseline for assessing automotive cybersecurity as it applies to vehicle safety.
“There is no baseline…in cyber security [testing for autonomous vehicles]. And there’s no point in trying to pursue that” when the pace of threats and vulnerabilities will force any such baseline will shift and change on almost a weekly basis, Lightsey acknowledged.
Jackie Glassman, the co-head of the Automotive & Transportation Practice at King and Spalding and a former acting administrator of the National Highway Traffic Safety Administration, agreed that the industry is moving so fast that most of the existing safety regulations don’t apply to what many would like to see become a nationwide self-driving ecosystem.
“Technology has outpaced the regulations,” Glassman said. “Most of our regulations in car safety are written around mechanical devices — around cars the way they used to be. Those regulations don’t translate very well to the new structure.”
But Shlisel thinks he has some of the most challenging technological aspects of self-driving car safety and security figured out. The company’s “communication lockdown” approach is the same cybersecurity approach used by the Israeli Air Force to secure the F-35 and F-16 fighter jets.
“The car can be connected, but the protection should be deterministic,” Shlisel said. “We are using a methodology that we have implemented in fighter jets…it’s a completely different approach that is based on security systems that are not continuously connected to the Internet to obtain signatures,” he said. “Most other automotive security firms are focusing on IT-based security methodologies, such as encryption. But you can hack a car below the encryption systems. The heads-up display unit that you have today can be penetrated from the outside.”
The modern connected vehicle can have up to 10 different networks, 30 million lines of code, and between 100 to 150 automotive computers all communicating using various protocols. The automotive security challenge is to orchestrate network connectivity among the networks, as well as in-between the vehicle and the external environment in the most secure manner possible in order to ensure the safety of the vehicle as a whole.
The company’s lockdown method is completely agnostic to attacks, enforcing authorized communications. In addition, it focuses on consolidating the number of processors and systems so that there is room for redundancy – a critical component in airline safety.
“Every mission critical system [in airplanes] has three backups. Yes, the price point is completely different, but what we are working on right now is a completely different architecture that will provide full redundancy for every system in the vehicle,” Shlisel said.