CybersecurityProtecting vehicles from cyberattacks

Published 3 November 2015

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded two grants for the development of technologies that can help defend government and privately owned vehicles from cyberattacks. “Modern vehicles are no longer purely mechanical systems,” said Dr. Dan Massey, S&T Cyber Physical Systems Security (CPSSEC) Program Manager. “Today’s vehicles have interdependent cyber components used for telematics, conveniences, and safety-critical systems. A stealthy adversary could gain access to a vehicle’s cyber components and remain completely hidden until initiating a widespread attack.”

Auto interior displays some of the vehicle's computer-controlled systems // Source: ucla.edu

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded two grants for the development of technologies that can help defend government and privately owned vehicles from cyberattacks. Both awards were made through Broad Agency Announcement HSHQDC-14-R- B00016 and are part of the DHS S&T Cyber Security Division’s larger Cyber Physical Systems Security (CPSSEC) program.

S&T awarded $1.2 million to the University of Michigan for a project titled “Secure Software Update Over-the-Air for Ground Vehicles Specification and Prototype.” “This is a critical time to be thinking about automotive cyber security,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. “Most modern vehicles are operated by computers and software. Attacks on these systems could have significant and dangerous impacts. We cannot be complacent defending against these attacks.”

Advances in networking, computing, sensing, and control systems have enabled a broad range of Cyber Physical Systems (CPS) devices, including modern vehicles, medical devices, building controls, the smart power grid, and the Internet of Things. Driven by functional requirements and fast moving markets, these systems are being designed and deployed quickly. The design choices being made today will directly impact the nation’s industries and critical infrastructure sectors over the next several decades.

S&T’s Cyber Security Division (CSD) recently launched the CPSSEC project that aims to “build security into” emerging CPS designs.

“Like any other software, CPS in automobiles requires periodic updates for safe and efficient operation,” said Dr. Dan Massey, S&T CPSSEC Program Manager. “We must ensure that updates are adequately protected. The consequences can be costly and potentially impact millions of lives.”

S&T notes that the University of Michigan team, led by Dr. André Weimerskirch, proposes to develop a system for convenient, safe, and reliable software over-the-air (SOTA) updates to securely deploy to vehicles before vulnerabilities can be exploited. The goal is to develop a comprehensive industry standard that includes technical design specification, reference source code and best practice guidance for integration, testing, and deployment.

S&T also awarded $2.5 million to HRL Laboratories, LLC, of Malibu, California, for a project titled “Side-Channel Causal Analysis for Design of Cyber-Physical Security.”

“We need to keep pace with the cyber threat landscape,” said Dr. Brothers. “Cyber threats are constantly changing, and S&T is working to develop innovative solutions to defend against cyber threats for physical systems such as automobiles.”

“Modern vehicles are no longer purely mechanical systems,” said Dr. Dan Massey, S&T CPSSEC Program Manager. “Today’s vehicles have interdependent cyber components used for telematics, conveniences, and safety-critical systems. A stealthy adversary could gain access to a vehicle’s cyber components and remain completely hidden until initiating a widespread attack.”

S&T notes that the HRL team, led by David Payton, proposes to design a system to detect cyber-physical inconsistencies. By detecting structural disturbances, the approach can provide an effective early warning signal in the event of an attack. S&T CSD is partnering with the U.K. Center for the Protection of National Infrastructure (CPNI) and the Defense Science and Technology Laboratory (DSTL) and Defense Research and Development Canada (DRDC) on this effort.