What if we could detect and filter out any anomalous behavior in our vehicles?
The Secretary of State for Digital Progress, Francisco Polo, and the General Manager of Spain’s National Cybersecurity Institute (Instituto Nacional de Ciberseguridad: (INCIBE), Rosa Díaz, have opened the sixth CyberCamp, the benchmark, open-entry cybersecurity congress organized by INCIBE, aiming to spread the cybersecurity culture wider among the country’s citizens and companies. Crucial within this overarching endeavor is the promotion and encouragement of secure and responsible use of internet and associated technology from the earliest age, while also driving talent in this field.
Today’s world is continually evolving; new business models and disruptive technology are mushrooming all around us. The downside of this boon is that cyberthreats themselves are becoming increasingly sophisticated. No sector can afford to ignore this development. In the automotive sector, in particular, long gone are the days when robbers stole cars by simply capturing, storing and replicating the door-key’s opening signal. The current spate of cyberattacks and threats takes in not only connected vehicles but also all connected devices in our daily world; this makes it very hard to keep an up-to-date list of attacks and head them off beforehand. In CyberCamp, Carlos Sahuquillo, technical leader of Cybersecurity in Onboard Systems of GMV’s Secure e-Solutions sector, demonstrated some of the commonest connected-vehicle cyberattacks before explaining the workings of a device that analyzes all the packages running through any intravehicular network to pinpoint any untoward behavior and filter it out in real time.
Sahuquillo’s speech ran through the whole gamut of cyberattacks on the first vehicles and showed how they have evolved to date. He stressed the sheer complexity of today’s vehicles, containing more than 80 Electronic Control Units (ECUs), many of them representing cyberattack vulnerabilities due to the very age of the protocol. He also presented some examples of GMV’s lab simulations of attacks, such as the CAN-BUS hack known as BUS-OFF. This bears many similarities to the better-known Denial of Service (DoS) attack. Yet another hack vector involves taking over the Parking Assistant Module (PAM) ECU to send commands and swivel the steering wheel at any moment. Then there is also the well-known GPS spoofing option for sending a misleading tracking signal and diverting an autonomous car from its intended path.
As new mobility procedures continue to make further headway our vehicles will become increasingly connected to each other, to the roadside infrastructure and surrounding networks. The future of the connected vehicle is bound up with smart cities and all signals our future cars will receive, such as the traffic-management technology announced by Audi (connecting vehicles to stop lights to advise them of the right approach speed for catching the green light). To confront the threats posed by this hyper-connected world we have to bear in mind, first and foremost, all the safety risks; here is where manufacturers need to concentrate their greatest effort. GMV has therefore developed an “active CAN filter”. Adapted to the vehicle network, this device keeps up a real-time inspection of all vehicle parameters, distinguishing licit vehicle traffic from any anomalous behavior. This is no easy task; over 60,000 messages per second pass through any CAN-BUS.