Functionalities such as automated driving, connectivity and cyber-security have gained increasing importance over the past few years. The importance of these functionalities will continue to grow as these cutting-edge technologies mature and market acceptance increases.
Abstract In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses.
The publication of ISO/SAE DIS 21434 “Road vehicles — Cybersecurity engineering” represents a major step forward for cybersecurity engineering in the automotive domain. ...While ISO/SAE 21434 is the first international standard for automotive cybersecurity there is also a new type approval regulation on automotive cybersecurity (UN R155) for the European market. ...Thus the challenges for embedded automotive systems engineers are increasing while frameworks, tools, and shared concepts for cybersecurity engineering and training are scarce. Furthermore, cybersecurity training in the automotive domain includes very detailed domain knowledge and challenges related to cybersecurity and embedded systems engineering.
Abstract The United Nation Economic Commission for Europe (UNECE) Regulation 155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle’s lifecycle. ...Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. ...An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval.
Abstract Connected autonomous vehicles that employ internet connectivity are technologically complex, which makes them vulnerable to cyberattacks. Many cybersecurity researchers, white hat hackers, and black hat hackers have discovered numerous exploitable vulnerabilities in connected vehicles. ...This study expanded the technology acceptance model (TAM) to include cybersecurity and level of trust as determinants of technology acceptance. This study surveyed a diverse sample of 209 licensed US drivers over 18 years old.
Abstract The innovations of vehicle connectivity have been increasing dramatically to enhance the safety and user experience of driving, while the rising numbers of interfaces to the external world also bring security threats to vehicles. Many security countermeasures have been proposed and discussed to protect the systems and services against attacks. To provide an overview of the current states in this research field, we conducted a systematic mapping study (SMS) on the topic area “security countermeasures of in-vehicle communication systems.” A total of 279 papers are identified based on the defined study identification strategy and criteria. We discussed four research questions (RQs) related to the security countermeasures, validation methods, publication patterns, and research trends and gaps based on the extracted and classified data. Finally, we evaluated the validity threats and the whole mapping process.
Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper describes the strategies and challenges involved in securing vehicle networks through the implementation of an automotive Zero Trust Architecture (ZTA). ...This ZTA solution leverages the best cybersecurity practices from the IT industry and preexisting vehicle architecture components. For example, the vehicle gateway electronic control unit (ECU) is utilized to enforce cyber policy, monitor the network, distribute keys, and implement network segmentation. ...This research successfully demonstrates that using Zero Trust principles in an on-vehicle network greatly improves the cybersecurity posture with manageable impact to system performance, cost, and deployment.
In the “What’s Next for Aerospace and Defense: A Vision for 2050” study, AIA, New York City-based McKinsey & Company, and other industry partners reveal a comprehensive 30-year, Industry 4.0 forecast of air travel and spaceflight based on improvements in automation and digitization, next-generation materials, alternative energy sources and storage, and increased data throughput.
This document defines an Aircraft Data Interface Function (ADIF) developed for aircraft installations that incorporate network components based on commercially available technologies. This document defines a set of protocols and services for the exchange of aircraft avionics data across aircraft networks. A common set of services that may be used to access specific avionics parameters are described. The ADIF may be implemented as a generic network service, or it may be implemented as a dedicated service within an ARINC 759 Aircraft Interface Devices (AID) such as those used with an Electronic Flight Bag (EFB). Supplement 8 includes improvements in the Aviation Data Broadcast Protocol (ADBP), adds support for the Media Independent Aircraft Messaging (MIAM) protocol, and contains data security enhancements. It also includes notification and deprecation of the Generic Aircraft Parameter Service (GAPS) protocol that will be deleted in a future supplement.
An ADS-operated vehicle’s operational design domain (ODD) is defined by the manufacturer based on numerous factors. Research is underway at other organizations to define and organize ODD elements into taxonomies and other relational constructs. In order to enhance collaboration and communication between manufacturers and developers and transportation authorities, common terms and consistent frameworks are needed. The conceptual framework presented by Automated Vehicle Safety Consortium establishes a lexicon that can be used consistently by ADS developers and manufacturers responsible for defining their ADS ODD. A common framework and lexicon will reduce confusion, align expectations, and therefore build public trust, acceptance, and confidence.
AVSC Information Report for Change Risk Management AVSC00010202304 provides a process for change risk management for fleet-operated ADS-DVs using level 4 or 5 automation. The document addresses risks resulting from planned and unplanned changes in an ADS-DV design and/or operation. This information report is based on the concept of risk-informed decision-making. Making risk management decisions such as safety and change management, safety analysis, and safety assurance are especially applicable when moving from concept to production intent for the ADS-DV. Change Risk Management (CRM) does not replace best practices or other methods for managing safety anomalies or change management processes. It may instead be viewed as an additional resource that elaborates on how safety anomaly management and change management can be performed.
Access control enforces security policies for controlling critical resources. For V2X (Vehicle to Everything) autonomous military vehicle fleets, network middleware systems such as ROS (Robotic Operating System) expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or writing expressive policies for distributed fleets. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.
New for 2022, AeroTech® will deliver even more robust programming by teaming up with AeroMat to deliver learning opportunities dedicated to: Additive Manufacturing and Materials, Environment and Sustainable Aviation (Sustainability), Autonomy and AI, Safety and Human Factors, Modeling, Simulation and Testing, Cybersecurity / Cyber-Physical Security, Industry 4.0 Smart Manufacturing and Assembly, IDEAL Summit (inclusion, diversity, equity, accessibility and leadership), Advanced Air Mobility (AAM) and Multimodal Mobility (M3)
New for 2022, AeroTech® will deliver even more robust programming by teaming up with AeroMat to deliver learning opportunities dedicated to: Additive Manufacturing and Materials, Environment and Sustainable Aviation (Sustainability), Autonomy and AI, Safety and Human Factors, Modeling, Simulation and Testing, Cybersecurity / Cyber-Physical Security, Industry 4.0 Smart Manufacturing and Assembly, IDEAL Summit (inclusion, diversity, equity, accessibility and leadership), Advanced Air Mobility (AAM) and Multimodal Mobility (M3)
New for 2022, AeroTech® will deliver even more robust programming by teaming up with AeroMat to deliver learning opportunities dedicated to: Additive Manufacturing and Materials, Environment and Sustainable Aviation (Sustainability), Autonomy and AI, Safety and Human Factors, Modeling, Simulation and Testing, Cybersecurity / Cyber-Physical Security, Industry 4.0 Smart Manufacturing and Assembly, IDEAL Summit (inclusion, diversity, equity, accessibility and leadership), Advanced Air Mobility (AAM) and Multimodal Mobility (M3)