Guidance For Connected Vehicle Security

Uploaded on 2017-06-16 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Transport & Travel, TECHNOLOGY--Developments, TECHNOLOGY-Key Areas-Internet of Things

“In the near future, connected vehicles will operate in a complex ecosystem that connecting vehicles not only with each other and the traffic infrastructure, but also with new forms of connectivity and relationships to cloud-based services, smart homes, and even smart cites,” said Brian Russell, chair of the CSA IoT Working Group

“For a safe and secure transportation system, the community must take a fresh look at the larger picture, and develop the policies, designs, and operations that incorporate security throughout the development.”

Automobile connectivity today is evolving on a number of fronts. Platforms designed in the pre-connected era are now being connected in multiple ways. This has allowed security researchers to gain access to sensitive vehicles.

Sensitive functions can be compromised via direct access, such as with USB and the On Board Diagnostic (OBD-II) port, or by remote access such as infotainment consoles, Bluetooth, WiFi and cellular devices.

One of the more interesting topics for conversation at RSA Conference 2017 in San Francisco this year was the IoT and the next generation of ransomware. After all, if you can make money encrypting people’s hard drives (and you can, a LOT of money,) then surely the explosion of smart devices could offer the ingenious criminal even more opportunity to make money fast.

So how does this change how we think about things like ransomware? After all, it’s not likely that we’ll see weaponised encryption techniques holding data hostage when most of the IoT devices are more likely to be throwing data back up to some service as fast as their little wireless card will let them. What is more likely is that attackers will hold them hostage, by shutting them down, making them disappear, or turning them into, well, evil.

For example, the story of the hotel in Austria who discovered that smart door locks are great until someone else controls them, and they want money to let the guests back in. Not good – especially when you have hundreds of angry guests wanting to go to bed.

This kind of Denial of Things (DoT) attack is going to be increasingly effective as the IoT becomes more and more embedded in the fabric of our homes, offices, and cities.

Consider, for a moment, the 15 million+ trucks in the US. Autonomous trucking is clearly on the horizon, yet imagine the social and economic impact if one day those trucks simply stopped. An attack on autonomous vehicles like trucking doesn’t have to be some kind of science-fiction scenario to be devastating.

Rather, as autonomous trucks (or any other vehicle) become a reality, they are likely going to be highly connected to management systems, tracking systems, smart infrastructure, freight tracking systems, and so on. In short, an attack surface, the size of an 18-wheeler. The only thing an attacker would have to do is simply tell them to stop. All at once. And then brick the system, so that it takes a lot of time and effort to clear the roads and get them moving again. Imagine millions of trucks simply grinding to a halt across the country. Think your morning commute is bad? It could get a whole lot worse.

Of course, I understand that this may be far easier said than done, and that all kinds of safeguards will be in place to prevent this from happening. That the trucking industry and autonomous vehicle manufacturers will take security very seriously. 

Nevertheless, let’s be under no illusions that the explosion in devices will offer up countless opportunities to inflict cost, discomfort, and possibly actual physical danger to users and innocent bystanders alike, and controlling that risk will bring with it monetary value.

As usual, the good news is that we’re not there, yet. But “there” isn’t very far from “here” and the attackers know it. This kind of attack isn’t just the kind of thing that commercial hackers would be interested in, either. Far from it – the level of impact rises quickly to be something a non-too-friendly nation state would be interested in, also. Pretty soon those “kinetic IoT” devices become part of the critical infrastructure, and should be treated, and regulated, as such.

Taking control of such complex and deeply intertwined systems will be a tempting target that we need to plan to protect, and force protection of, at the Federal Government level. Otherwise turning the entire US road system into a giant, perpetual truck stop is going to be available at the flick of a switch.

HelpNetSecurity:             HelpNetSecurity:

You Might Also Read: 

Hackers Could Turn Off Your Car Engine – While You Are Driving:

 

« Employees That Cause Data Breaches
How Social Media Influences Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

CloudSigma

CloudSigma

CloudSigma, a pure-cloud IaaS provider offers flexible and innovative cloud hosting solutions for companies of all sizes both in Europe and the US.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

Syskode Technologies

Syskode Technologies

Sykode Technologies is a next-generation global technology company offering an integrated portfolio of advisory services, products and solutions in areas including AI, IoT and Cyber Security.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Hub One

Hub One

Hub one is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

Summit 7 (S7)

Summit 7 (S7)

Summit 7 is a national leader in cybersecurity, compliance, and managed services for the Aerospace and Defense industry and corporate enterprises.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.