Search Results

Defending the heavy-vehicle cyber domain

It delivers details on key subject areas including: • SAE International Standard J3061; the cybersecurity guidebook for cyber-physical vehicle systems • The differences between automotive and commercial vehicle cybersecurity. • Forensics for identifying breaches in cybersecurity. • Platooning and fleet implications. • Impacts and importance of secure systems for today and for the future. ...This book provides a thorough view of cybersecurity to encourage those in the commercial vehicle industry to be fully aware and concerned that their fleet and cargo could be at risk to a cyber-attack. ...It delivers details on key subject areas including: • SAE International Standard J3061; the cybersecurity guidebook for cyber-physical vehicle systems • The differences between automotive and commercial vehicle cybersecurity. • Forensics for identifying breaches in cybersecurity. • Platooning and fleet implications. • Impacts and importance of secure systems for today and for the future.

The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks.

Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic.

On the other hand, the potential risks associated with CAV deployment related to technical vulnerabilities are safety and cybersecurity issues that may arise from flawed hardware and software. Cybersecurity and Digital Trust Issues in Connected and Automated Vehicles elaborates on these topics as unsettled cybersecurity and digital trust issues in CAVs and follows with recommendations to fill in the gaps in this evolving field. ...Cybersecurity and Digital Trust Issues in Connected and Automated Vehicles elaborates on these topics as unsettled cybersecurity and digital trust issues in CAVs and follows with recommendations to fill in the gaps in this evolving field. ...This report also highlights the importance of establishing robust cybersecurity protocols and fostering digital trust in these vehicles to ensure safe and secure deployment in our modern transportation system.

Their associated information technology and cyber physical systems—along with an exponentially resultant number of interconnections—present a massive cybersecurity challenge. Unlike the physical security challenge, which was treated in earnest throughout the last decades, cyber-attacks on airports keep coming, but most airport lack essential means to confront such cyber-attacks. ...These missing means are not technical tools, but rather holistic regulatory directives, technical and process standards, guides, and best practices for airports cybersecurity—even airport cybersecurity concepts and basic definitions are missing in certain cases. Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity. ...Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity.

This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. ...Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. ...As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges.

What standardization is needed to ensure that quantum technologies do not pose an unacceptable risk from an automotive cybersecurity perspective? Click here to access the full SAE EDGETM Research Report portfolio.

Abstract Trust in the digital data from heavy vehicle event data recorders (HVEDRs) is paramount to using the data in legal contests. Ensuring the trust in the HVEDR data requires an examination of the ways the digital information can be attacked, both purposefully and inadvertently. The goal or objective of an attack on HVEDR data will be to have the data omitted in a case. To this end, we developed an attack tree and establish a model for violating the trust needed for HVEDR data. The attack tree provides context for mitigations and also for functional requirements. A trust model is introduced as well as a discussion on what constitutes forensically sound data. The main contribution of this article is an attack tree-based model of both malicious and accidental events contributing to compromised event data recorder (EDR) data. A comprehensive list of mitigations for HVEDR systems results from this analysis.

Vehicle cybersecurity consists of internal security and external security. Dedicated security hardware will play an important role in car’s internal and external security communication. ...For certain AURIX MCU consisting of HSM, the experiment result shows that cheaper 32-bit HSM’s AES calculating speed is 25 times of 32-bit main controller, so HSM is an effective choice to realize cybersecurity. After comparing two existing methods that realize secure CAN communication, A Modified SECURE CAN scheme is proposed, and differences of the three schemes are analyzed.

A ranked list of value exchanges is created based on the impact of cybersecurity on the stakeholder map. System level-losses are identified from high impact value exchanges, which can then be fed into the step 1 of STPA-Sec analysis.

Day by day, airports adopt more IoT devices. However, airports are not exempt from possible failures due to malware’s proliferation that can abuse vulnerabilities. Computer criminals can access, corrupt, and extract information from individuals or companies. This paper explains the development of a propagation model, which started with a Delphi process. We discuss the preliminary implications for airports of the simulation model built from the Delphi recommendations.

Classic vehicle production had limitations in bringing the driving commands to the actuators for vehicle motion (engine, steering and braking). Steering columns, hydraulic tubes or steel cables needed to be placed between the driver and actuator. Change began with the introduction of e-gas systems. Mechanical cables were replaced by thin, electric signal wires. The technical solutions and legal standardizations for addressing the steering and braking systems, were not defined at this time. Today, OEMs are starting E/E-Architecture transformations for manifold reasons and now have the chance to remove the long hydraulic tubes for braking and the solid metal columns used for steering. X-by-wire is the way forward and allows for higher Autonomous Driving (AD) levels for automated driving vehicles. This offers new opportunities to design the vehicle in-cabin space. This paper will start with the introduction of x-by-wire technologies.

Special guest Kirsten Koepsel, lawyer and engineer specializing in cyber security, talks with SAE International about how this new environment affects the planes and airports we use every day.

The results of this work is allowed to identify a number of cybersecurity threats of the automated security-critical automotive systems, which reduces the efficiency of operation, road safety and system safety. ...According to the evaluating criterion of board electronics, the presence of poorly-protected communication channels, the 75% of the researched modern vehicles do not meet the minimum requirements of cybersecurity due to the danger of external blocking of vital systems. The revealed vulnerabilities of the security-critical automotive systems lead to the necessity of developing methods for mechanical and electronic protection of the modern vehicle. ...The law of normal distribution of the mid-points of the expert evaluation of the cyber-security of a modern vehicle has been determined. Based on the system approach, ranking of the main cybersecurity treats is performed.

OBD, J1939 and UDS on CAN / IP), and a glimpse into the near future covering remote, cloud-based diagnostics and cybersecurity threats.

The flexible data rate capability in CAN (commonly called CAN FD) is implemented as a transport layer in order to allow for functional safety, cybersecurity, extended transport capability, and backward compatibility with SAE J1939DA.