Managing Potential Conflicts Between Vehicle Safety and - - PowerPoint PPT Presentation

managing potential conflicts between vehicle safety and
SMART_READER_LITE
LIVE PREVIEW

Managing Potential Conflicts Between Vehicle Safety and - - PowerPoint PPT Presentation

Sep 02, 2023 181 likes •360 views

Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport Cybersecurity Practice Director Agenda What do we mean by Safety - critical and Cybersecurity - critical? Potential conflict areas

slide-1
SLIDE 1

Managing Potential Conflicts Between Vehicle Safety and Cybersecurity

Andy Davis, Transport Cybersecurity Practice Director

slide-2
SLIDE 2

Agenda

  • What do we mean by “Safety-critical” and “Cybersecurity-critical”?
  • Potential conflict areas
  • Reducing the risks
  • Q&A
slide-3
SLIDE 3

Some definitions

Safety and Cybersecurity

slide-4
SLIDE 4

Vehicle safety (from SAE J3061)

  • System safety (beyond regulatory requirements) is the state of a

system that does not cause harm to life, property, or the environment.

  • A safety-critical system is a system that may cause harm to life,

property, or the environment if the system does not behave as intended or desired.

  • All safety-critical systems are Cybersecurity-critical since a cyber-

attack either directly or indirectly on a safety-critical system could lead to potential safety losses

slide-5
SLIDE 5

Vehicle Cybersecurity (from SAE J3061)

  • System Cybersecurity is the state of a system that does not allow

exploitation of vulnerabilities to lead to losses, such as financial,

  • perational, privacy, or safety losses.
  • A Cybersecurity-critical system is a system that may lead to financial,
  • perational, privacy, or safety losses if the system is compromised

through a vulnerability that may exist in the system.

  • Not all Cybersecurity-critical systems are safety-critical since cyber-

attacks on Cybersecurity-critical systems can result in losses other than safety losses; namely, privacy, operational, or financial

slide-6
SLIDE 6

Safety and Cybersecurity

Potential conflicts

slide-7
SLIDE 7

Confidentiality: Remote map updates vs PII/PCI data access

Images: motoringexposure.com, mazdahandsfree.com, engadget.com

Remote map updates are important for safety: Malicious map updates can provide unauthorised access to PII and potentially payment card data:

slide-8
SLIDE 8

Integrity: Head Unit Integration vs System segregation

Integrated dashboards can reduce driver distraction: Infotainment is the most likely vehicle system to be attacked – if ADAS features are integrated, attackers can directly control them:

Images: youtube.com

slide-9
SLIDE 9

Availability: Laser Fog Lights vs Camera Systems

Laser fog lights can improve vehicle visibility in poor weather conditions: Lasers can render front-facing camera systems useless:

Images: youtube.com, naimark.net

slide-10
SLIDE 10

Increasingly complex safety systems = increased attack surface

Image: deusm.com

slide-11
SLIDE 11

Reducing the risks

Striking the right balance between Safety and Cybersecurity

slide-12
SLIDE 12

Reducing the risks: What can be done?

  • An awareness of the risks needs to be raised with the right stakeholders
  • Techniques such as threat modelling would likely identify many of these

potential conflict areas

  • Vehicle manufacturers and their whole supply chain need to develop-in security

from day one (Secure Development Lifecycle) – bolt-on solutions are never as effective and often very costly

  • Automotive technology must be independently security assessed to ensure

that vulnerabilities haven’t been introduced during development or integration,

  • r as a result of introducing well-intentioned safety features
slide-13
SLIDE 13

Automotive Secure Development Lifecycle

The ASDL should be considered a framework, rather than as a solution that replaces any existing standards Training

slide-14
SLIDE 14

ASDL Standards mapping

SAE J3061 ISO 26262 MISRA C CERT C NIST FIPS 199 TVRA EVITA HEAVENS (cyber-physical focused) (safety focused) (functional safety focused) ISO 12207 ISO 27001 (information security management) (systems and software engineering) (software architecture design threats) (security focused) (risk assessment – telecomms network focussed) (risk assessment – aligned with ISO 26262) (risk assessment – designed By US DoD for healthcare security) STRIDE (threat modelling) Auto Alliance

Consumer Privacy Protection Principles

OCTAVE (risk assessment - electrical systems focused) NIST FIPS 140-2 (Security requirements for cryptographic modules) (privacy focused)

slide-15
SLIDE 15

Q&A

slide-16
SLIDE 16

Contact us

Europe

  • Manchester - Head Office
  • Amsterdam
  • Basingstoke
  • Cambridge
  • Cheltenham
  • Copenhagen
  • Edinburgh
  • Glasgow
  • Leatherhead
  • Leeds
  • London
  • Luxembourg

North America

  • Atlanta
  • Austin
  • Chicago
  • New York
  • San Francisco
  • Seattle
  • Sunnyvale

Canada

  • Waterloo

0161 209 5200 AutomotiveSecurity@nccgroup.trust www.nccgroup.trust

  • Madrid
  • Malmö
  • Milton Keynes
  • Munich
  • Vilnius
  • Wetherby
  • Zurich

Australia

  • Sydney