Navigant Research Blog

Automakers Will Have To Adjust to Lifetime Software Support

— February 16, 2016

male hand using navigation system on car dashboardOver the past several years, as automakers have rolled out new infotainment and connectivity features, they have frequently referred to new cars as smartphones on wheels. Unfortunately for those marketers, that concept is becoming more true than they may have ever hoped. Heading into an era of ever more connected and automated vehicles, automakers are coming to terms with having to maintain and update the software in those vehicles for as long as they are on the road.

Prior to the 2007 introduction of the Apple iPhone, when consumers bought a cell phone, updates to the software that the phone shipped with were almost nonexistent. Wireless companies would sell customers a phone and then (aside from billing) forget about it until it was time to offer them a replacement when the contract was up.

The auto industry hasn’t been much different. Typically, the only time automakers update vehicle software is if something is found to be out of compliance with a regulation or if there was a substantial functional problem. Apple overturned that paradigm by issuing major annual software updates and periodic smaller updates to correct bugs and add major functionality to any of its phones with the hardware capable of supporting the features.

Lifetime Support

Until today, if car buyers wanted to add functionality that did not come from the factory, they would either have to look to the aftermarket or buy a newer model. To date, the only automaker to follow the smartphone model on a large scale is Tesla, which has delivered regular updates to the Model S since it went on sale in 2012. In 2015, Tesla even delivered an over-the-air software update that enabled semi-autonomous autopilot capability. Ford has done this on a smaller scale with updates to its SYNC infotainment system, but these changes have been much more limited in scope.

Navigant Research’s Autonomous Vehicles report projects that 85 million vehicles with some degree of autonomous capability will be on the road by 2035. The Navigant Research Connected Vehicles report projects 80 million vehicles with some degree of vehicle-to-external (V2X) communications by 2025.

With the creation of many new vehicles that can communicate with the outside world and take on some or all of the driving functionality, a ship-it-and-forget-it attitude is no longer viable. These new capabilities can provide increased convenience and (potentially) major safety and efficiency improvements to customers. However, they also significantly increase the potential of cyber-attack vectors. This may open the door for bad actors to track people, steal information, or—in the worst case scenario—take remote control of the vehicle, causing injury or death.

Importance of Security

Fortunately, manufacturers have recognized the importance of cyber security and are moving aggressively with new design, development, and validation processes in order to improve the resilience of in-vehicle electronics. However, doing a better job out the door is only the beginning of the process. In addition to developing new vehicles, engineers will now need to track information coming in through responsible disclosure programs and the (Automotive Information Sharing and Analysis Center) Auto-ISAC, and also provide security updates potentially for years after a vehicle is no longer in production.

With the current average age of vehicles at 11.4 years in the United States and many staying in service for 20 years or more, this will put a major new strain on engineering resources. Remote cyber-attacks against vehicles are still a non-trivial problem, but a major incursion is probably not imminent. However, the window of opportunity to find solutions is closing fast.

 

Physical Security Threats to the Transmission and Distribution Grid, Part 1

— February 8, 2016

Idea for problem solvingWhile popular media continues to feature the ongoing cyber security threats to the electric utility transmission and distribution (T&D) grid across the globe, with recent cyber attacks in Eastern Europe, another T&D grid threat is looming on the horizon. Over the past 6 months, there have been repeated physical security attacks on utility T&D infrastructure in Eastern Europe and Southeast Asia. The unfortunate truth is that substations and power lines on the electric transmission system are particularly vulnerable to physical attacks, where large, high-voltage transformers are typically located in exposed outdoor conditions, and transmission towers can be seen stretching to the horizon.

Incidents such as the Metcalf Transmission Substation gunshot attack in 2014 and the recent transmission tower attacks in Eastern Europe have received significantly less attention in the media. However, they have been serious enough that the North American Electric Reliability Corporation (NERC) in 2014 released and revised Critical Infrastructure Protection-14 (CIP-014) regulations that require utilities to secure their infrastructure from physical and cyber security threats, as well as to identify and strengthen weaknesses in key substations.

Equipment Initiatives

In 2015, a group of eight U.S. transmission system operators (TSOs) announced a new initiative to speed their response to major physical attacks or other equipment failures on the transmission grid by establishing regional warehouses and inventories to long lead-time critical replacement technologies. Participants include American Electric Power, Berkshire Hathaway Energy, Duke Energy, Edison International, Eversource Energy, Exelon, Great Plains Energy, and Southern Company. These companies have committed to a memorandum of understanding to develop Grid Assurance, a limited liability company that will stockpile the critical equipment necessary to shield utility customers from prolonged transmission outages in multiple locations across the nation. Grid Assurance will own and provide participants and subscribers with timely access to an inventory of emergency spare transmission equipment that could otherwise take months to acquire.

Since the release of the NERC CIP-014 regulations in 2014, utilities are significantly more aware of potential threats and vulnerabilities in the grid. Aging infrastructure, natural disasters, and coordinated attacks on key substations are all major issues. Unfortunately, on the transmission grid, a single major attack or breakdown can have long-term regional or national effects on the United States. A recent 2015 industry survey looked at initiatives that over 200 TSOs have taken since the NERC ruling. Findings included:

  • 49% of utilities have identified threats and vulnerabilities to critical assets, though 28% haven’t taken further action
  • 42% of utilities surveyed have already developed physical security plans to address potential threats
  • 40% have not taken any hardening measures to limit or prevent damage to critical assets in the last 2 years

While it is clear that TSOs are vulnerable to both physical and cyber security threats, the obstacles they face in terms of timely service restoration are daunting, to say the least. I’ll discuss these obstacles in Part 2 of this blog series on physical security.

 

Automotive Cyber Security Is Finally Progressing

— February 1, 2016

CarsharingstandortWhen I first joined Navigant Research as an analyst in August 2014, the very first entry I wrote for this blog came on the heels of the annual Black Hat and DEF CON security conferences in Las Vegas. Up to that time, automakers had been conspicuously quiet on the subject of security. Fortunately, in the past 18 months the industry has awoken to the very real problem of automotive cyber security and is taking steps to ensure that increasingly connected and automated vehicles will remain safe.

Over the past several years, security researchers have demonstrated a series of increasingly sophisticated hacks of vehicles. Back in 2010, we were seeing hackers connect to vehicle internal networks by way of wireless tire pressure sensors or from a back seat via a thick bundle of wires connected to a diagnostic port. In the first half of 2015, we saw cars from two different automakers remotely controlled after researchers were able to wirelessly connect to the telematics modules from a safe distance and take control of the brakes, acceleration, and steering.

White Hat Help

In that first blog I wrote, I called on automakers to embrace white hat hackers and security researchers who were trying to invade automotive electronic systems. Today, both Tesla and General Motors (GM) have official responsible disclosure programs where researchers can submit any vulnerabilities they discover. The automakers review those submissions and work to remediate the flaws to help keep customers safe. Tesla launched its program in mid-2015; GM followed suit in January 2016.

Unlike Tesla (and many technology companies including Google, Facebook, and Microsoft), GM is not currently offering any rewards in its program—though it has not ruled out doing so in the future. The GM program is administered through an online portal run by a San Francisco startup called HackerOne. HackerOne provides the disclosure portal free of charge and makes money by taking a percentage of any rewards paid out for verified vulnerabilities.

Industry Response

Another important step forward for the industry was the establishment of the Automotive Information Sharing and Analysis Center (Auto-ISAC). ISACs are now increasingly common in a wide range of industry verticals including utilities, healthcare, financial services, and more. The Auto-ISAC currently includes most major automakers from North America, Europe, Japan, and South Korea; its goal is to provide a platform to share information about cyber security threats and vulnerabilities that put both the general population and auto-industry at risk. The Auto-ISAC began operations in late 2015 and is likely to become a very important tool in the effort to prevent malicious attacks on the transportation ecosystem.

The mobility business is changing. Navigant Research’s Autonomous Vehicles report projects that there will be almost 85 million autonomous-capable vehicles on the world’s roads in the next 20 years and far more vehicles that will have some level of connectivity. Road safety is already a difficult issue to tackle without the problem of malicious attackers intruding from a distance. Fortunately, the industry is now tackling the issue head-on on numerous fronts via improved system architecture, more robust software development processes, and collaboration with anyone willing to step up and help.

 

New Qualcomm Mobile Chip Could Aid Automotive Cyber Security

— September 9, 2015

It’s no secret that the future of transportation is going to be highly dependent on connectivity. As we’ve seen repeatedly in recent years with attacks on everyone from retailers to movie studios to dating websites, keeping computer networks secure has become increasingly difficult. It we are ever going to witness the safety and efficiency benefits made possible by this technology, vehicles are going to have to be made more secure than they are today. Qualcomm, one of the world’s leading suppliers of processors for mobile devices, smartphones, and tablets, has just announced a new feature for its next-generation chips that could be hugely beneficial on the road as well.

Malware on your phone could be annoying and potentially costly if it results in identity theft, but it’s unlikely to cause injury or death. Unfortunately, the same cannot be said of potential intrusions into our increasingly automated and connected vehicles. As recently demonstrated by researchers Charlie Miller and Chris Valasek, it’s possible to remotely control systems such as brakes, steering, and engines.

V2X Dangers

Navigant Research’s Connected Vehicles report projects $36 billion in annual revenue by 2025 resulting from the deployment of vehicle-to-external (V2X) communications systems. Qualcomm and other chipmakers, including Nvidia and Broadcom, are vying for a piece of that transportation business. Qualcomm has already demonstrated future smartphone chips with support for V2X so drivers receive alerts to the presence of pedestrians carrying a compatible phone. Drivers of older vehicles may also be able to use their phones to add V2X capability when they are behind the wheel.

Unfortunately, V2X and telematics systems are the primary target for attackers to break into vehicle systems. Since connectivity systems need access to the vehicle network in order to provide much of the desired functionality, they will need mechanisms to thwart attacks.

When Qualcomm’s Snapdragon 820 system on a chip arrives in early 2016, it will include a feature called Smart Protect, which is specifically designed to recognize and stop malware before it can take control and damage the device. While the 820 is designed for phones and tablets, if Smart Protect works as planned, it could be incorporated into chips that Qualcomm is developing for automotive applications in the future. Smart Protect is different from the antivirus software on computers, which relies on static virus signatures that are compared against applications that try to run. Qualcomm augments the traditional approach with real-time machine learning that runs right on the chip to detect potential malicious behavior and stop it as it happens.

Best Practices

This sort of real-time heuristic analysis will be a necessity for all automotive electronic systems going forward, and Qualcomm is not alone in developing the technology. Argus Cyber Security, based in Tel Aviv, Israel, is also developing malware detection solutions designed to be embedded separately into the vehicle network from communications chips. While few automakers discuss their security efforts publicly, no one in the industry is denying that this is a major concern. Through the Alliance of Automobile Manufacturers and the Global Automakers, OEMs are in the process of setting up an Automotive Information Sharing and Analysis Center to enable them to share best practices. Even if manufacturers don’t end up using Qualcomm’s Smart Protect, odds are that future vehicles will use something similar to try to thwart hacker havoc on the road.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Electric Vehicles, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Smart Transportation Program, Transportation Efficiencies, Utility Innovations

By Author


{"userID":"","pageName":"Cyber Security","path":"\/tag\/cyber-security","date":"8\/26\/2016"}