Driverless cars may be a thing of the future, but connected cars aren’t, so the entire automotive information security ecosystem has to be locked down, says PAUL WILLIAMS, Fortinet country manager for SADC.
Driverless cars, now being tested on public roads in countries such as the United Kingdom, France, and Switzerland, may be a futuristic dream in South Africa. But connected cars with inbuilt intelligence, and digitally-enabled public transport, are already here; presenting multiple potential security risks to motorists, manufacturers and automotive partners.
On the road to the intelligent driverless car of the future, we are already connecting vehicles and equipping them with a range of intelligent features. These connected, intelligent systems gather potentially sensitive information and communicate it with a control or command centre. Point of sale information, entertainment and online services delivered within the vehicle have to be secured. As we advance toward fully autonomous vehicles, controls including steering, braking, engine management and navigation will depend on a fully secure ecosystem supported by a reliable 3G/4G/5G and Carrier Wi-Fi connection, to function safely.
Effectively securing this ecosystem will depend on close collaboration between vehicle manufacturers, application developers, service providers and carriers. In South Africa, achieving self-driving cars will also depend on expanded Mobile or Wireless coverage across towns, cities and the country. Efforts are already being made internationally for automotive, IT and security stakeholders to work together more closely to ensure a fully secure environment for self-driving and connected cars, but their efforts will have to intensify as the pace of smart car development picks up.
Incorporating more and more technology into a vehicle, whether for improving the customer’s driving experience or enhancing the vehicle’s performance, must be balanced with the management of their potential threats and risks. Ensuring that appropriate and effective security technologies are implemented within these systems must be a mandatory objective, even if it’s not (yet) a regulatory requirement.
Additionally, a growing problem with many IoT devices is that they use common communications programs that have no security built into them at all. As a direct result, an alarming number of IoT devices to date have been highly insecure. We need to achieve better for autonomous cars than what is the current IoT benchmark today.
At the same time, manufacturers must work with their different technology and communications suppliers, across all of the territories where their vehicles are sold, to ensure that any network connections to the vehicles are appropriately hardened.
Automotive security can be addressed as three distinct domains that may make use of similar techniques in some instances, and require novel treatments in others.
- Intra-vehicle communications. Smart vehicles will have several distinct on-board systems, such as vehicle controls systems, entertainment systems, passenger networking, and even third-party systems loaded on-demand by owners. To a certain extent, these systems will need to engage in “cross-talk” to bring new services to life, but this cross-talk needs to be closely monitored and managed by systems such as firewalls and Intrusion Prevention Systems (IPS) that can distinguish between legitimate and normal communications and illicit activity in the car’s area network.
- External communications. Many, if not all on-board systems will have reasons to communicate to Internet-based services: for manufacturer maintenance, for software updates, for passenger Internet access, for travel and driving instructions, for service requests, to purchase items or services, or to backup data. External communications will very likely be both “push” and “pull” – they may be initiated either from inside the vehicle, or to the vehicle from a manufacturer or the Internet. This also means that traffic to and from the vehicle will need to be inspected and managed for threats and illicit, defective, or unauthorized communications using firewalls and IPS-like capabilities.
- Next, the connectivity infrastructure used by a vehicle will likely be based on well-established cellular networks, such as 3G/4G/5G and Carrier Wi-Fi data services, but with a twist. While these wireless services already provide connectivity to billions of smart phones and other devices around the world today, they also suffer from inconsistent security. Smart, driver-assisted, or even driverless vehicles will raise the stakes significantly. A directed attack on or through the “connected” network could trigger significant, safety-critical failures on literally thousands of moving vehicles at the same time. Securing “the connected” networks providing critical vehicle communication will require a thorough review in light of such potential catastrophe.
- Finally, high-assurance identity and access control systems suitable and designed for machines, not people, will need to be incorporated such that: cars can authenticate incoming connections to critical systems, and internet-based services can positively and irrefutably authenticate cars and the information they log to the cloud, or transaction requests they may perform on behalf of owners – such as service requests or transactions to buy fuel or pay tolls.
Unless efforts are stepped up to secure the entire automotive environment, Gartner’s vision of driverless vehicles representing approximately 25 percent of the passenger vehicle population in use in mature markets by 2030 will be fraught with new risks.
From a hacker’s perspective, connected and driverless cars will represent yet another opportunity to wreak havoc by remotely accessing a vehicle and compromising one of its onboard systems, resulting in a range of risks from privacy and commercial data theft, to actual physical risks to people and property.
Here are some attacks that are likely to be targeted at highly connected and autonomous cars:
Privilege escalation and system interdependencies: not all systems and in-car networks will be created the same. Attackers will seek vulnerabilities is lesser-defended services, such as entertainment systems, and try to “leap” across intra-car networks to more sensitive systems through the integrated car communications systems. For instance, a limited amount of communication is typically allowed between an engine management system and an entertainment system to display alerts (“Engine fault!” or “Cruise Control is Active”) that can potentially be exploited.
System stability and predictability: Conventional, legacy car systems were self contained, and usually came from a single manufacturer. As new autonomous cars are developed, they will very likely need to include software provided by a variety of vendors – including open source software. Information technology (IT), unlike industrial controls systems such as legacy car systems, are not known for predictability. IT systems, in fact, tend to fail in unpredictable manners. This may be tolerable if it is just a matter of a web site going down until a server re-boots. It is less acceptable in the event of a guidance systems being degraded even slightly when an adjacent entertainment or in-car Wi-Fi systems crashes or hangs.
Also expect to see known threats be adapted to this new target, expanding from common Internet platforms like laptops and smart phones an IoT device like an autonomous car. For instance:
Botnet Attack: The Botnet “robot” attack is on the increase to an extent of the endpoint is now becoming the victim, without them realizing the attack at first. This attack can be targeted to a single endpoint or a handful of machines, network and endpoints simultaneously, depending the severity of the attack. The infection takes place normally through malware, with a specific Trojan viruses which allows the cybercriminal to start controlling the environment. The answer is to ensure an Application control function, Botnet detection with IP Reputation and Distributed Denial of Service (DDoS) system is in place to monitor and defend against such attacks. If the driverless car is receiving email type messages or the same type of format, nothing stops this way of communication being compromise.
Ransomware: Ransomware is certainly on the rise on PCs and mobile phones. But driverless cars represent an almost ideal target. Imagine the following scenario: a hacker uses the in-car display to inform the driver that his car has been immobilized and that a ransom must be paid to restore the vehicle to normal operation. While a laptop or tablet may be restored relatively easily with potentially no damage, assuming backups are available, a car is a very different story. The owner may be far from home (the ransomware could be programmed to only launch when the car is a predetermined distance from its home base.) Naturally, few dealerships would be familiar with resolving this sort of problem, and specialist help would most likely be required to reset affected components. The cost of such a ransom is expected to be very high, and will likely take time. In the meantime, the vehicle may have to be towed. So the question is, what is the amount of the ransom demand that we expect to see? Estimates are that it is likely to be significantly higher than for traditional computer ransomware, but probably less than any related repair costs so that the car owner is tempted to pay.
Spyware: Perhaps a more attractive target for hackers is collecting data about you through your car. Driverless cars collect massive amounts of data, and know a lot about you – including your favourite destinations, your travel routes, where you live, how and where you buy things, and even the people you travel with. Imagine a hacker, knowing that you’re travelling far from home, sells that information to a criminal gang who then breaks into your home, or uses your online credentials to empty your bank account.
That last risk exists because your driverless and connected vehicle is likely to become a gateway for any number of electronic transactions, such as automatic payment of your daily morning coffee, or parking charges, or even repairs. With sensitive information stored in the car, it becomes another attack vector to obtain your personal information. And with RFIDs and Near Field Communications (NFC) becoming commonplace in payment cards, accessing their details through your car would be another way to capture data about you and your passengers.
And last but not least, there are legal and authenticity issues. Can we consider the location data of the car as authentic? That is, if your car reports you opened it, entered it, and travelled to a particular location at a certain time of the day, can we really assume everything happened as recorded? Will such data hold up in court? Or can this sort of data be manipulated? This is an issue that will need to be addressed. Similarly, if cars contain software from several different providers, and spends the day moving from one network to another, who is accountable or liable for a security breech and resulting losses or damage? Was it a software flaw? Was it negligent network management? Was it on-board user-error or lack of training?
Meet Aston Martin F1’s incredible moving data centre
The Aston Martin Red Bull Racing team faces a great deal more IT challenges than your average enterprise as not many IT teams have to rebuild their data center 21 times each year and get it running it up in a matter of hours. Not many data centers are packed up and transported around the world by air and sea along with 45 tonnes of equipment. Not many IT technicians also have to perform a dual role as pit stop mechanic.
The trackside garage at an F1 race is a tight working environment and a team of only two IT technicians face pressure from both the factory and trackside staff to get the trackside IT up and running very fast. Yet, despite all these pressures, Aston Martin Red Bull Racing do not have a cloud-led strategy. Instead they have chosen to keep all IT in house.
The reason for this is performance. F1 is arguably the ultimate performance sport. A walk round the team’s factory in Milton Keynes, England, makes it abundantly clear that the whole organization is hell bent on maximizing performance. 700 staff at the factory are all essentially dedicated to the creation of just two cars. The level of detail that is demanded in reaching peak performance is truly mind blowing. For example, one machine with a robotic arm that checks the dimensions of the components built at the factory is able to measure accuracy to a scale 10 times thinner than a human hair.
This quest for maximum performance, however, is hampered at every turn by the stringent rules from the F1 governing body – the FIA. Teams face restrictions on testing and technology usage in order to prevent the sport becoming an arms race. So, for example, pre-season track testing is limited to only 8 days. Furthermore, wind tunnel testing is only allowed with 60% scale models and wind tunnel-usage is balanced with the use of Computational Fluid Dynamics (CFD) software, essentially a virtual wind tunnel. Teams that overuse one, lose time with the other.
In order to maximize performance within uniquely difficult logistical and regulatory conditions, the Aston Martin Red Bull Racing team has had to deploy a very powerful and agile IT estate.
According to Neil Bailey, Head of IT Infrastructure, Enterprise Architecture and Innovation, their legacy trackside infrastructure was “creaking”. Before choosing hyperconverged infrastructure, their “traditional IT had reached its limits”, says Bailey. “When things reach their limits they break, just like a car,” adds Bailey.
The team’s biggest emphasis for switching to HPE’s hyperconverged infrastructure, SimpliVity, was performance. Now, with “the extra performance of SimpliVity, it means it doesn’t get to its limits,” says Bailey. HPE SimpliVity has helped reduce space, has optimized processing power and brought more agility.
One of the first and most important use cases they switched to hyperconverged infrastructure was post-processing trackside data. During a race weekend each car is typically fitted with over 100 sensors providing key data on things like tyre temperature and downforce multiple times per second. Processing this data and acting on the insights is key to driving performance improvements. With their legacy infrastructure, Bailey says they were “losing valuable track time during free practice waiting for data processing to take place.” Since switching to HPE SimpliVity, data processing has dropped from being more than 15 minutes to less than 5 minutes. Overall, the team has seen a 79% performance boost compared to the legacy architecture. This has allowed for real time race strategy analysis and has improved race strategy decision making.
Data insights helps the team stay one step ahead, as race strategy decisions are data driven. For example, real time tyre temperature data helps the team judge tyre wear and make pit stop decisions. Real time access to tyre data helped the team to victory at the 2018 Chinese Grand Prix as the Aston Martin Red Bull cars pitted ahead of the rest of the field and Daniel Ricciardo swept to a memorable victory.
Hyperconverged infrastructure is also well suited to the “hostile” trackside environment, according to Bailey. With hyperconverged infrastructure, only two racks are needed at each race of which SimpliVity only takes up about 20% of the space, thus freeing up key space in very restricted trackside garages. Furthermore, with the team limited to 60 staff at each race, only two of Bailey’s team can travel. The reduction in equipment and closer integration of HPE SimpliVity means engineers can get the trackside data center up and running quickly and allow trackside staff to start work as soon as they arrive.
Since seeing the notable performance gains from using hyperconverged infrastructure for trackside data processing, the team has also transitioned some of the factory’s IT estate over to HPE SimpliVity. This includes: Aerodynamic metrics, ERP system, SQL server, exchange server and the team’s software house, the Team Foundation Server.
As well as seeing huge performance benefits, HPE SimpliVity has significantly impacted the work patterns of Bailey’s team of just ten. According to Bailey, the biggest operational win from hyperconverged infrastructure is “freeing up engineers’ time from focusing on ‘business as usual’ to innovation.” Traditional IT took up too much of the engineers’ time monitoring systems and just keeping things running. Now with HPE SimpliVity, Bailey’s team can “give the business more and quicker” and “be more creative with how they use technology.”
Hyperconverged infrastructure has given Aston Martin Red Bull Racing the speed, scalability and agility they require without any need to turn to the cloud. It allows them to deliver more and more resources to trackside staff in an increasingly responsive manner. However, even with all these performance gains, Aston Martin Red Bull Racing has been able to reduce IT costs. So, the users are happy, the finance director is happy and the IT team are happy because their jobs are easier. Hyperconvergence is clearly the right choice for the unique challenges of Formula 1 racing.
Body-tracking tech moves to assembly line
Technology typically used by the world’s top sport stars to raise their game, or ensure their signature skills are accurately replicated in leading video games, is now being used on an auto assembly line.
Employees at Ford’s Valencia Engine Assembly Plant, in Spain, are using a special suit equipped with advanced body tracking technology. The pilot system, created by Ford and the Instituto Biomecánica de Valencia, has involved 70 employees in 21 work areas.
Player motion technology usually records how athletes sprint or turn, enabling sport coaches or game developers to unlock the potential of sport stars in the real world or on screen. Ford is using it to design less physically stressful workstations for enhanced manufacturing quality.
“It’s been proven on the sports field that with motion tracking technology, tiny adjustments to the way you move can have a huge benefit,” said Javier Gisbert, production area manager, Ford Valencia Engine Assembly Plant. “For our employees, changes made to work areas using similar technology can ultimately ensure that, even on a long day, they are able to work comfortably.”
Engineers took inspiration from a suit they saw at a trade fair that demonstrated how robots could replicate human movement and then applied it to their workplace, where production of the new Ford Transit Connect and 2.0-litre EcoBoost Duratec engines began this month.
The skin-tight suit consists of 15 tiny movement tracking light sensors connected to a wireless detection unit. The system tracks how the person moves at work, highlighting head, neck, shoulder and limb movements. Movement is recorded by four specialised motion-tracking cameras – similar to those usually paired with computer game consoles – placed near the worker and captured as a 3D skeletal character animation of the user.
Specially trained ergonomists then use the data to help employees align their posture correctly. Measurements captured by the system, such as an employee’s height or arm length, are used to design workstations, so they better fit employees.