The purpose of this SAE Aerospace Information Report (AIR) is to provide guidance for aircraft engine and propeller systems (hereafter referred to as propulsion systems) certification for cybersecurity. Compliance for cybersecurity requires that the engine control, propeller control, monitoring system, and all auxiliary equipment systems and networks associated with the propulsion system (such as nacelle systems, overspeed governors, and thrust reversers) be protected from intentional unauthorized electronic interactions (IUEI) that may result in an adverse effect on the safety of the propulsion system or the airplane.
It delivers details on key subject areas including: • SAE International Standard J3061; the cybersecurity guidebook for cyber-physical vehicle systems • The differences between automotive and commercial vehicle cybersecurity. • Forensics for identifying breaches in cybersecurity. • Platooning and fleet implications. • Impacts and importance of secure systems for today and for the future. ...This book provides a thorough view of cybersecurity to encourage those in the commercial vehicle industry to be fully aware and concerned that their fleet and cargo could be at risk to a cyber-attack. ...It delivers details on key subject areas including: • SAE International Standard J3061; the cybersecurity guidebook for cyber-physical vehicle systems • The differences between automotive and commercial vehicle cybersecurity. • Forensics for identifying breaches in cybersecurity. • Platooning and fleet implications. • Impacts and importance of secure systems for today and for the future.
The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic.
Abstract Trust in the digital data from heavy vehicle event data recorders (HVEDRs) is paramount to using the data in legal contests. Ensuring the trust in the HVEDR data requires an examination of the ways the digital information can be attacked, both purposefully and inadvertently. The goal or objective of an attack on HVEDR data will be to have the data omitted in a case. To this end, we developed an attack tree and establish a model for violating the trust needed for HVEDR data. The attack tree provides context for mitigations and also for functional requirements. A trust model is introduced as well as a discussion on what constitutes forensically sound data. The main contribution of this article is an attack tree-based model of both malicious and accidental events contributing to compromised event data recorder (EDR) data. A comprehensive list of mitigations for HVEDR systems results from this analysis.
A ranked list of value exchanges is created based on the impact of cybersecurity on the stakeholder map. System level-losses are identified from high impact value exchanges, which can then be fed into the step 1 of STPA-Sec analysis.
The flexible data rate capability in CAN (commonly called CAN FD) is implemented as a transport layer in order to allow for functional safety, cybersecurity, extended transport capability, and backward compatibility with SAE J1939DA.
Quotes from COMVEC 2018 Industry leaders spoke extensively about all things autonomous-ADAS, big data, connectivity, cybersecurity, machine learning-at the annual SAE event. Here's some of what they had to say. Fuel-cell Class 8-take 2.0 With a longer-range and more-refined fuel cell-powered heavy-duty truck, Toyota aims to eventually eliminate emissions from trucks serving increasingly congested California ports. ...Editorial Bring innovation, disruption in-house Adding 3D printing to design, manufacturing processes Upstream devoted to truck cybersecurity threats Jacobs employs cylinder deactivation in HD engines to lower CO2, NOx Emissions reductions continue to disrupt CV industry Mercedes doubles down on electric vans and buses, considers fuel cells Off-road bus from Torsus transports to hard-to-reach places Q&A Perkins pursues plug-and-play connectivity
Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper describes the strategies and challenges involved in securing vehicle networks through the implementation of an automotive Zero Trust Architecture (ZTA). ...This ZTA solution leverages the best cybersecurity practices from the IT industry and preexisting vehicle architecture components. For example, the vehicle gateway electronic control unit (ECU) is utilized to enforce cyber policy, monitor the network, distribute keys, and implement network segmentation. ...This research successfully demonstrates that using Zero Trust principles in an on-vehicle network greatly improves the cybersecurity posture with manageable impact to system performance, cost, and deployment.
Connected commercial vehicles bring cybersecurity to the fore Connectivity, automation and electrification will drive vehicle development in the near future, say industry experts attending the revamped SAE COMVEC 17 event.
To serve and protect As cars become more connected and automated, cybersecurity concerns are rising. Industry engineers have many tools and techniques and are now deploying encryption and standards to ensure that vehicle controls are not altered or usurped by unauthorized people.
Defending the heavy-vehicle cyber domain Cybersecurity experts explained at SAE COMVEC 2021 how they're preparing the next generation of thwarters to protect increasingly electrified, connected and automated trucks.
Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. ...Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. This is achieved through a Satisfiability Modulo Theory (SMT) solver, which operates on symbolic values for program inputs instead of using their concrete counterparts.
Using a wireless medium for tractor-trailer communication will bring new cybersecurity challenges and requirements which requires new development and lifecycle considerations.
Connected commercial vehicles bring cybersecurity to the fore Connectivity, automation and electrification will largely drive vehicle developments in the coming years, according to experts presenting at the revamped SAE COMVEC 17.
The flexible data rate capability in CAN (commonly called CAN FD) is implemented as a transport layer in order to allow for functional safety, cybersecurity, extended transport capability, and backward compatibility with SAE J1939DA.
The flexible data rate capability in CAN (commonly called CAN FD) is implemented as a transport layer in order to allow for functional safety, cybersecurity, extended transport capability, and backward compatibility with SAE J1939DA.
Abstract Heavy vehicles are essential for the modern economy, delivering critical food, supplies, and freight throughout the world. Connected heavy vehicles are also driven by embedded computers that utilize internal communication using common standards. However, some implementations of the standards leave an opening for a malicious actor to abuse the system. One such abuse case is a cyber-attack known as the “Address Claim Attack.” Proposed in 2018, this attack uses a single network message to disable all communication to and from a target electronic control unit, which may have a detrimental effect on operating the vehicle. This article demonstrates the viability of the attack and then describes the implementation of a solution to prevent this attack in real time without requiring any intervention from the manufacturer of the target devices. The defense technique uses a bit-banged Controller Area Network (CAN) filter to detect the attack.
Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper. Examples are: Creating a new key fob Re-flashing ECU firmware Reading/exporting PII out of the ECU Using a subscription-based feature Performing some service on an ECU Transferring ownership of the vehicle Some of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive.