Navigant Research Blog

Physical Security Threats to the Transmission and Distribution Grid, Part 1

— February 8, 2016

Idea for problem solvingWhile popular media continues to feature the ongoing cyber security threats to the electric utility transmission and distribution (T&D) grid across the globe, with recent cyber attacks in Eastern Europe, another T&D grid threat is looming on the horizon. Over the past 6 months, there have been repeated physical security attacks on utility T&D infrastructure in Eastern Europe and Southeast Asia. The unfortunate truth is that substations and power lines on the electric transmission system are particularly vulnerable to physical attacks, where large, high-voltage transformers are typically located in exposed outdoor conditions, and transmission towers can be seen stretching to the horizon.

Incidents such as the Metcalf Transmission Substation gunshot attack in 2014 and the recent transmission tower attacks in Eastern Europe have received significantly less attention in the media. However, they have been serious enough that the North American Electric Reliability Corporation (NERC) in 2014 released and revised Critical Infrastructure Protection-14 (CIP-014) regulations that require utilities to secure their infrastructure from physical and cyber security threats, as well as to identify and strengthen weaknesses in key substations.

Equipment Initiatives

In 2015, a group of eight U.S. transmission system operators (TSOs) announced a new initiative to speed their response to major physical attacks or other equipment failures on the transmission grid by establishing regional warehouses and inventories to long lead-time critical replacement technologies. Participants include American Electric Power, Berkshire Hathaway Energy, Duke Energy, Edison International, Eversource Energy, Exelon, Great Plains Energy, and Southern Company. These companies have committed to a memorandum of understanding to develop Grid Assurance, a limited liability company that will stockpile the critical equipment necessary to shield utility customers from prolonged transmission outages in multiple locations across the nation. Grid Assurance will own and provide participants and subscribers with timely access to an inventory of emergency spare transmission equipment that could otherwise take months to acquire.

Since the release of the NERC CIP-014 regulations in 2014, utilities are significantly more aware of potential threats and vulnerabilities in the grid. Aging infrastructure, natural disasters, and coordinated attacks on key substations are all major issues. Unfortunately, on the transmission grid, a single major attack or breakdown can have long-term regional or national effects on the United States. A recent 2015 industry survey looked at initiatives that over 200 TSOs have taken since the NERC ruling. Findings included:

  • 49% of utilities have identified threats and vulnerabilities to critical assets, though 28% haven’t taken further action
  • 42% of utilities surveyed have already developed physical security plans to address potential threats
  • 40% have not taken any hardening measures to limit or prevent damage to critical assets in the last 2 years

While it is clear that TSOs are vulnerable to both physical and cyber security threats, the obstacles they face in terms of timely service restoration are daunting, to say the least. I’ll discuss these obstacles in Part 2 of this blog series on physical security.

 

Automotive Cyber Security Is Finally Progressing

— February 1, 2016

CarsharingstandortWhen I first joined Navigant Research as an analyst in August 2014, the very first entry I wrote for this blog came on the heels of the annual Black Hat and DEF CON security conferences in Las Vegas. Up to that time, automakers had been conspicuously quiet on the subject of security. Fortunately, in the past 18 months the industry has awoken to the very real problem of automotive cyber security and is taking steps to ensure that increasingly connected and automated vehicles will remain safe.

Over the past several years, security researchers have demonstrated a series of increasingly sophisticated hacks of vehicles. Back in 2010, we were seeing hackers connect to vehicle internal networks by way of wireless tire pressure sensors or from a back seat via a thick bundle of wires connected to a diagnostic port. In the first half of 2015, we saw cars from two different automakers remotely controlled after researchers were able to wirelessly connect to the telematics modules from a safe distance and take control of the brakes, acceleration, and steering.

White Hat Help

In that first blog I wrote, I called on automakers to embrace white hat hackers and security researchers who were trying to invade automotive electronic systems. Today, both Tesla and General Motors (GM) have official responsible disclosure programs where researchers can submit any vulnerabilities they discover. The automakers review those submissions and work to remediate the flaws to help keep customers safe. Tesla launched its program in mid-2015; GM followed suit in January 2016.

Unlike Tesla (and many technology companies including Google, Facebook, and Microsoft), GM is not currently offering any rewards in its program—though it has not ruled out doing so in the future. The GM program is administered through an online portal run by a San Francisco startup called HackerOne. HackerOne provides the disclosure portal free of charge and makes money by taking a percentage of any rewards paid out for verified vulnerabilities.

Industry Response

Another important step forward for the industry was the establishment of the Automotive Information Sharing and Analysis Center (Auto-ISAC). ISACs are now increasingly common in a wide range of industry verticals including utilities, healthcare, financial services, and more. The Auto-ISAC currently includes most major automakers from North America, Europe, Japan, and South Korea; its goal is to provide a platform to share information about cyber security threats and vulnerabilities that put both the general population and auto-industry at risk. The Auto-ISAC began operations in late 2015 and is likely to become a very important tool in the effort to prevent malicious attacks on the transportation ecosystem.

The mobility business is changing. Navigant Research’s Autonomous Vehicles report projects that there will be almost 85 million autonomous-capable vehicles on the world’s roads in the next 20 years and far more vehicles that will have some level of connectivity. Road safety is already a difficult issue to tackle without the problem of malicious attackers intruding from a distance. Fortunately, the industry is now tackling the issue head-on on numerous fronts via improved system architecture, more robust software development processes, and collaboration with anyone willing to step up and help.

 

New Qualcomm Mobile Chip Could Aid Automotive Cyber Security

— September 9, 2015

Dripfixer_webIt’s no secret that the future of transportation is going to be highly dependent on connectivity. As we’ve seen repeatedly in recent years with attacks on everyone from retailers to movie studios to dating websites, keeping computer networks secure has become increasingly difficult. It we are ever going to witness the safety and efficiency benefits made possible by this technology, vehicles are going to have to be made more secure than they are today. Qualcomm, one of the world’s leading suppliers of processors for mobile devices, smartphones, and tablets, has just announced a new feature for its next-generation chips that could be hugely beneficial on the road as well.

Malware on your phone could be annoying and potentially costly if it results in identity theft, but it’s unlikely to cause injury or death. Unfortunately, the same cannot be said of potential intrusions into our increasingly automated and connected vehicles. As recently demonstrated by researchers Charlie Miller and Chris Valasek, it’s possible to remotely control systems such as brakes, steering, and engines.

V2X Dangers

Navigant Research’s Connected Vehicles report projects $36 billion in annual revenue by 2025 resulting from the deployment of vehicle-to-external (V2X) communications systems. Qualcomm and other chipmakers, including Nvidia and Broadcom, are vying for a piece of that transportation business. Qualcomm has already demonstrated future smartphone chips with support for V2X so drivers receive alerts to the presence of pedestrians carrying a compatible phone. Drivers of older vehicles may also be able to use their phones to add V2X capability when they are behind the wheel.

Unfortunately, V2X and telematics systems are the primary target for attackers to break into vehicle systems. Since connectivity systems need access to the vehicle network in order to provide much of the desired functionality, they will need mechanisms to thwart attacks.

When Qualcomm’s Snapdragon 820 system on a chip arrives in early 2016, it will include a feature called Smart Protect, which is specifically designed to recognize and stop malware before it can take control and damage the device. While the 820 is designed for phones and tablets, if Smart Protect works as planned, it could be incorporated into chips that Qualcomm is developing for automotive applications in the future. Smart Protect is different from the antivirus software on computers, which relies on static virus signatures that are compared against applications that try to run. Qualcomm augments the traditional approach with real-time machine learning that runs right on the chip to detect potential malicious behavior and stop it as it happens.

Best Practices

This sort of real-time heuristic analysis will be a necessity for all automotive electronic systems going forward, and Qualcomm is not alone in developing the technology. Argus Cyber Security, based in Tel Aviv, Israel, is also developing malware detection solutions designed to be embedded separately into the vehicle network from communications chips. While few automakers discuss their security efforts publicly, no one in the industry is denying that this is a major concern. Through the Alliance of Automobile Manufacturers and the Global Automakers, OEMs are in the process of setting up an Automotive Information Sharing and Analysis Center to enable them to share best practices. Even if manufacturers don’t end up using Qualcomm’s Smart Protect, odds are that future vehicles will use something similar to try to thwart hacker havoc on the road.

 

Security Flaws Are Safety Issues, and They Need to Be Fixed

— August 7, 2015

Connected vehicles hold tremendous potential for improving road safety while simultaneously reducing energy consumption and road congestion through data sharing over the next 10–15 years. Unfortunately, that potential may never be realized unless there is a dramatic change in the way automakers and suppliers handle cyber security. The recently revealed security vulnerability in Fiat Chrysler Automobiles (FCA) products with Uconnect telematics systems demonstrates some of the flaws in the current landscape.

Wired.com recently ran a report highlighting a flaw in the Uconnect telematics system discovered by noted white hat security researchers Charlie Miller and Chris Valasek. The pair worked out how to remotely connect to the vehicle’s cellular modem, a key component of Uconnect and all other telematics systems. From there, they were able to access a port in the vehicle network that provided entry to vehicle control systems, including steering, braking, and other functions. The article noted that Miller and Valasek notified FCA and waited until a fix was developed before publicly disclosing the flaw. So far, so good.

A Bloomberg Business story claims that FCA was actually notified of the vulnerability in January 2014 and waited a full 18 months before notifying the National Highway Traffic Safety Administration (NHTSA). However, according to FCA spokesman Eric Mayne, “Prior to last month (July 2015), the precise means of manipulating a vehicle as demonstrated for the media was not known.” FCA notified NHTSA, developed a fix to eliminate the attack vector, and subsequently issued a recall for 1.4 million vehicles. Despite determining that the vulnerability didn’t constitute a safety defect according to current regulations, FCA and NHTSA decided to conduct the campaign as a recall to protect customers.

Potential Safety Defects

Cyber-attacks on banks and retailers can be annoying and costly, but they are unlikely to ever prove life-threatening. All potential automotive cyber security flaws should be treated as potential safety defects until proven otherwise. While the information FCA officials had in early 2014 may not have represented a safety defect, we need a standard mechanism for reporting and tracking potential vulnerabilities.

Navigant Research’s Connected Vehicles report projects that by 2025, 80%–90% of new vehicles in North America and Western Europe will be equipped with vehicle-to-external (V2X) communications technology, a market with potential revenue of more than $36 billion globally. Automakers and suppliers have claimed that they take security seriously, but with few exceptions—notably Tesla Motors, and to a lesser degree, Hyundai— they seem more intent on keeping information out of the public eye.

General Motors (GM) in particular joined John Deere earlier this year to push for protection of their vehicle software under the Digital Millennium Copyright Act (DMCA). GM has not publicly stated why they were seeking protection, but since the DMCA prohibits tampering with or removing protections from software, it seems likely that at least part of the rationale is to keep researchers from legally investigating these systems.

Design for Security

If automakers and suppliers continue to suppress information about automotive cyber security, they will erode both consumer and regulatory confidence in connected vehicles. Software security is an extremely difficult problem, especially for networked systems. It’s best to design the architecture for security from the start rather than patching it in later. However, product development lead times last 3–5 years or more, and legacy systems need to be protected as well.

Automakers need to acknowledge that cyber security vulnerabilities are indeed genuine safety issues now, and they need to be open to both responsible disclosure and prompt updates. If not, we are at serious risk of missing out on the benefits of both connectivity and increasing levels of vehicle automation.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Electric Vehicles, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Smart Transportation Program, Smart Utilities Program, Utility Innovations

By Author


{"userID":"","pageName":"Cyber Security","path":"\/tag\/cyber-security","date":"2\/11\/2016"}