webvic-c

Security-by-design is vital to preventing hacks on future smart cars, roadways

Security

Securing tomorrow’s driverless vehicles and smart roadways needs to begin today, according to a report from F-Secure Consulting

The report, Future Threats to ITS Networks and CAV Infrastructure, identifies numerous vulnerable areas within Intelligent Transport Systems (ITS) and Connected Autonomous Vehicles (CAV) proposals.

“We took a holistic view of the security of ITS and CAV networks,” said Vic Harkness, lead report author and security consultant at F-Secure Consulting. “Existing literature often focuses on a single aspect of this ecosystem and considers security out of scope. The roads that you, me, and everyone else depend on will be part of this ecosystem, so it’s important to take a look at the interoperability of the whole system to see what could go wrong.”

Within the European proposals for futurePenta Security, Harkness and her team found a wide variety of potential attack entry points which bear strong similarities to proposals in the US and other countries.

Based on current proposals, potential attack vectors identified in the report range from in-vehicle systems such as sensors and entertainment systems to roadside units that collect and collate network data, to data storage hubs, transmission media, and connecting protocols that currently lack security mechanisms.

These potential attacks could involve opponents forcing cars to take malicious actions, stealing data from a car’s internal network, manipulating or disrupting traffic patterns, or using a car as a point of entry into ITS networks.

Vehicle testbeds, stretches of smart roadway used for testing vehicles and technologies, would be of particular interest to attackers looking to steal intellectual property or disrupt testing of a competing product.

In addition to providing recommendations to secure all facets of the ITS ecosystem, Harkness and her team are calling for a few overall initiatives to help ensure future roadways are safer:

-A pre-deployment test of ITS and CAV technologies to address safety-critical issues. Creating and examining CAV testbeds would help to uncover those problems.

-Forming a consortium to provide overall guidance on CAV and ITS security, set and maintain ITS safety standards, and facilitate the sharing of information.

-Complex automated detection, logging and signing of messages at all levels of the ITS network to help an actor identify and remedy a breach.