Expert Panel
Every u time yo xities ple add commake-up to the icle, you of a vehversely con easier t i e k a m ally to digit s acces
! to convince companies from within and without to invest in cyber security and software management. Risk is currently relatively small; few connected cars are on the road and there are few financial incentives for hackers to go after cars. But it is the technology being worked on now to be rolled out over the next few years that manufacturers are concerned about. “There’s also a recognition of the need to make the entire supply chain aware that they need to design and build in cyber security. The big challenge is that the hacking threat is always evolving, so it’s a case of not only securing systems for today’s threats but also for unknown future threats that haven’t even been developed yet.” Digitally accessible The Society of Motor Manufacturers and Traders (SMMT) has said that more than half the cars sold in the UK in 2015 – some 1.5 million – had Internet-connected safety systems. The number of gadgets and applications available to vehicle manufacturers is increasing at an alarming rate, with most cars having between 50
18
and 60 computers on board. Sensors in the engines to monitor performance and emission outputs, video technology to assist with parking and collision avoidance and even awareness systems to help tackle driver fatigue – each individual gadget informs the driver, and in some cases their insurance company or fleet operator, how they can become safer drivers, more fuel efficient, conscientious or even simply slower on the roads. Every time that you add complexities to the make-up of the vehicle, you conversely make it easier to digitally gain access. The more systems, the more areas to exploit. Vehicles contain dozens of electronic control units and an excess of lines of code, that are used to control brakes, wipers and steering – among others. This is before the Internet is taken into account. A report by the Software Engineering Institute at America’s Carnegie Mellon University, titled On Board Diagnostics: Risks and Vulnerabilities of the Connected Vehicle, examined the situation in March this year. The report dictates the common
DEDICATED TO PROMOTING A CLEANER ENVIRONMENT | www.greenfleet.net
architectural issues with devices, threat modelling and recommendations to limit the risk of cyber attack to your vehicle. In the report, Dan Klinedinst and Christopher King examine the threat posed by OBD-II ports. It says: “With the advent of the smartphone revolution and increased miniaturisation, startups and existing vehicle aftermarket manufacturers have developed devices that attach to the on-board diagnostic (OBD-II) port that is present in all modern cars (OTAQ, 1996). This port has traditionally been used by mechanics to download diagnostic data and run tests, but there is a market emerging to allow car owners to access the same data via their mobile device or even over the Internet. These OBD-II ports provide raw access to the CAN bus, potentially allowing direct manipulation of CAN traffic in the vehicle.” It is important to remember that every company will address concerns differently, and Annie Reddaway uses the American model to demonstrate this. She says: “Individually, companies have different approaches. Some are buying up start-ups (such as Harman’s acquisition of TowerSec), some are building up cyber security teams, some are disseminating experts throughout different departments, most are also bringing in third party help from researchers and consultants. “In the USA, the industry is working