October 4-6, 2016
Rosemont, Illinois, USA
Donald E. Stephens Convention Center
Q&A with Cybersecurity Session Co-Organizer Dr. André WeimerskirchAssessing the vulnerabilities of commercial vehicles to cyber attacks
The critical issues surrounding cybersecurity for commercial vehicles will be a major focus at the SAE 2016 Commercial Vehicle Engineering Congress, with a full day of sessions scheduled for Oct. 5. In addition to safety, secure theft and asset protection, secure fleet management, and protection of business models are all concerns that will be discussed. Presentations will focus on recent advances, standards, best practices, and potential solutions. Dr. André Weimerskirch, Vice President, Cyber Security for E-Systems, Lear Corp., is co-organizer of the two-part “Cybersecurity for Commercial Vehicle” technical session and a panelist in the “Cybersecurity and the CV Ecosystem” Expert Panel Discussion. Prior to joining Lear in August to lead the company’s global cybersecurity technology strategy and implementation, he was an associate research scientist in the University of Michigan Transportation Research Institute (UMTRI) Engineering Systems Group and led cybersecurity and privacy activities. Weimerskirch possesses a vast array of technical and specialized knowledge in creating security architectures ensuring data integrity, privacy, and authenticity for connected car communications, including vehicle-to-vehicle applications. In advance of COMVEC, SAE International spoke with Weimerskirch to discuss the CV cybersecurity landscape and preview the event activities. What are some of the main differences when it comes to cybersecurity for passenger vehicles vs. commercial vehicles?
One really interesting difference is that you buy a car and you don’t modify it anymore. You go to the dealership, buy it, and you drive it for 10 years or so. It’s a bit like an iPhone, it’s one ecosystem. With a heavy truck, you can select what kind of engine you want from what manufacturer, the same with the transmission and other parts of the truck. This comes together to a feature list of more than 100 pages. You have an industry that doesn’t have a single seller, which is forced to collaborate, and that’s exactly why [SAE] J1939 exists because you need a standard of how all the aftermarket components can communicate to the chassis. It’s an open system, with many suppliers involved, decentralized, and less controlled. Of course, that makes cybersecurity so much harder to realize. You're presenting a session on the vulnerability analysis of medium and heavy duty vehicles at COMVEC; what were some areas you found to be most vulnerable?
There’s a standard for in-vehicle communication that’s applied for heavy vehicles, J1939, and what my former students [from the University of Michigan] demonstrated is that it’s possible to modify the vehicle’s behavior by injecting CAN messages based on the SAE J1939 standard. J1939 specifies the exact format of the messages. Almost every truck in the U.S. uses the same standard. So by showing that we inject one truck with these messages and the truck accelerates, for instance, that attack would apply to almost every truck in the U.S. This is certainly not to blame the manufacturer, but quite the opposite. The manufacturers implemented the standard, but the standard is such that it does not counter such vulnerabilities. However, It’s not as if we need to be concerned that every single truck in the U.S. can be hacked now. We assumed in our work that we have physical access to the vehicle. Typically, the attacker does not sit in the passenger seat and is hence not able to do exactly what we did. The concern is that many of these trucks have fleet management systems that are plugged into the truck and then if a hacker compromises the fleet management solution it is as good as having the physical access. What are the keys to building in protection from an attack?
One of the easiest ones is to make sure these fleet management solutions are secure, that you cannot hack into them. For instance, install a firewall between the truck and the fleet management solution. Usually fleet management solutions are put into the truck’s diagnostics port and you can put a firewall in between. So even if someone hacks into fleet management, nothing can happen to the truck. Then you can have an architecture inside the truck electronics that deploys a firewall internally. What should happen is that the J1939 standard will be reopened and cybersecurity will be included with things like message authentication. How is cybersecurity approached differently for manned and unmanned CVs?
If you look at unmanned automated vehicles, it’s fairly clear that they need more connectivity; they need precise maps and very precise sensors. Google Maps works pretty well, but it requires a human driver. Google Maps has a precision of around 5 m, but you wouldn’t even know based on GPS what lane you are in. Whereas once you have automated cars, they need a precision of inches. So your map material needs to be far more precise, and we’re talking about gigabytes of data for maps that need to be in the vehicle. These maps need to be constantly updated, you need constant connectivity, and we need to download huge amounts of data. That combination of connectivity and complexity is where cybersecurity becomes an issue. There are two ways an attacker could use that. The first one is an attacker could try to modify the map data, and the other is to implant malware in the maps to eventually mount an attack with the same impact as the Miller-Valasek attacks where they hacked into an infotainment system of a car. Once there are such complex maps you need fairly complex software in the vehicle to process these maps. Complexity also means it’s more prone to vulnerabilities, and someone could find a weakness in the program. How big of a part will collaboration play in addressing cybersecurity concerns?
I’m a strong believer in collaboration. All the companies need to work together and collaborate. I don’t think it should be so much of a proprietary area. The ‘bad guys’ have a huge advantage. They don’t need to care about bureaucracy or legal regulations and limitations, and they are very well networked and fast because there is no overhead. To counter that, it’s necessary to collaborate. In the automotive space, there’s the Auto-ISAC, or Information Sharing and Analysis Center. The Auto-ISAC is an organization driven by the car makers to enable information exchange about threats, vulnerabilities, and hacks, to be able to be informed much faster and then be able to react much faster. There are currently discussions about a commercial vehicle ISAC, but I am not aware of any decision if this will be a separate ISAC or if the commercial vehicle manufacturers will join the Auto ISAC. What are your expectations for the cybersecurity presentations at COMVEC?
This is the third time we are doing [a cybersecurity session]. The first time was two years ago, there were around 40 people in attendance, and we had three hours. This time, we have almost the entire day, and we have a panel and then seven talks. It’s gotten much larger, and I expect there will be far more people. We were careful in selecting the talks. It’s a great mixture of the work being presented about the vulnerabilities of the J1939 standard by my former students [from the University of Michigan Transportation Research Institute], discussions about how to establish a testbed for cybersecurity testing, and there are presentations about hot topics like secure software updates, which are a buzzword currently, but it’s still not so clear how it’s to be done.