Yet when the subject of cybersecurity comes up for discussion in trucking circles, it’s one usually centered around how to improve protection for information technology (IT) system, communication networks, freight data and the link.
Now, however, as more and more IT systems are deployed to better manage the operation of motor vehicles large and small (think airbag sensors, emission control systems, and the like) OEMs are focusing on how to better protect them against cyber-attacks, too.
“Security is not just about technology,” noted Dominique Bonte (at right), VP and automotive practice director for consulting firm ABI Research in a recent brief. “It’s now about adopting end-to-end, balanced, and cost-effective risk management practices. That includes security-based design procedures, frequency/severity analysis, audit and monitoring policies, and detection and assessment of vulnerabilities through self-induced cyber-attacks to prevent malicious intrusions.”
He went on to note that where “connected car security” so far has been mainly based on hardware protection and separation with infotainment and vehicle-centric safety systems shielded from each other, there’s now a shift towards software-based security systems with the expectation now that20 million connected cars forecasted to ship with software-based security by 2020.
The Alliance of Automobile Manufacturers trade group issued a report on this very subject late last year, noting that automotive engineers (and one would suspect truck engineers as well) are now incorporating security solutions into vehicles from the first stages of design and production on through their use over time.
“As cars and other forms of transportation increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cyber-security is among the industry’s top priorities,” the group noted, with automotive engineers using “threat modeling” and simulated attacks test their security systems and to help design controls to enhance data integrity.
Here are some other developments in “vehicle cyber security” the Auto Alliance report says is going on:
- The International Society of Automotive Engineers, or SAE, has established the Vehicle Electrical System Security Committee to evaluate challenges and technical solutions and draft standards and best practices to help ensure the safety of vehicle electronic control systems and safeguards against cyber-security threats in current and future motor vehicles.
- The U.S. Council for Automotive Research (USCAR) formed a Cyber-Physical Systems Task Force in 2007 and participates in National Science Foundation workshops.
- Automakers are bench-marking cyber-security initiatives in other industries, including airlines, railways, and medical. The prevention strategies used in these industries include advanced security architecture, patch management, intrusion detection and prevention and cloud security measures, which are in varying stages of adaptation to the private vehicle environment, according to the Auto Alliance group.
- The Defense Advanced Research Projects Agency or DARPA (the Pentagon's research arm) is often associated with a competition to develop self-driving cars, but DARPA also funds projects to test auto security. In a 2013 project, researchers needed physical access to a vehicle in order to redirect some electronic functions.
- For its first CyberAuto Challenge in August 2012, Battelle invited top-notched high school and college students to the U.S. Army’s Aberdeen Proving Grounds outside Washington, D.C., to work for a week alongside two dozen automotive engineers, IT researchers and government and Department of Defense officials to conduct an auto “hackathon.” The second CyberAuto Challenge took place in July 2013.
- Vehicle manufacturers participate in DEFCON conferences, like the August 2013 event in Las Vegas, to contribute knowledge and expertise regarding cyber-security research involving motor vehicles.
Now, I’d wager the “hacking” of car and truck IT systems still remains a rarity; a criminal enterprise still in its infancy, as it were. But it’s an area of IT security that trucking fleets will no doubt need to keep an eye upon as commercial vehicles will only continue to get “tech heavy” in the future.