Guest blog by Siraj Ahmed Shaikh – Professor of Systems Security at the Institute of Future Transport and Cities (FTC) at Coventry University, UK.
Connected and Autonomous Vehicles (CAVs), as one manifestation of IoT, represent a major cybersecurity challenge. The complex control and communication architecture on-board vehicles, connectivity to the infrastructure and the Internet, sensor-driven intelligence and autonomous control, and terabytes of data generated over hundreds of components means that detecting threats and providing assurance on security at a system level is a substantial challenge.
Moreover, modern vehicles are evolving and dynamic systems. Over-the-air (OTA) updating features mean that component functionality could be updated in real-time; indeed Tesla claims to have increased battery capacity and even updated brakes. Sensor-based AI enabling deep learning components are driving the trend for autonomous technology. These are major shifts that even the likes of Apple and Google – otherwise global leaders in AI – are finding it difficult to realise in the automotive domain.
So how do we achieve practical and feasible systems security for CAVs?
The notion of ‘resilience’ is key here. As per the National Cyber Security Centre (NCSC) it is described as the “measure of how readily a system can persist in a changing environment. And, if we think about it, this is what we want from our cyber systems in the face of an adaptive threat.”
A changing environment, including a threat that keeps evolving and growing, has meant that traditional design, engineering methods and tools do not live up to provide security assurances.
Testbeds and demonstrators, as the one recently announced as part of the Innovate UK-backed project involving Coventry University and UltraSoC, provide one means to engineer and validate system resilience. As such it provides evidence-driven assessment for predicated overt and subtle behaviours: this is likely to take the form of trace and audits of low-level behaviours (system calls and processor-level instructions), and design and implementation vulnerability exposure at the chip, firmware and software level.
Equally important is the ability to simulate a mix of commodity and bespoke multi-vector attacks. These form the basis of security test cases – formalised sets of input for repeatable demonstration – ultimately building towards benchmarks for OEMs and Tier-1s to measure readiness for resilience in light of damaging and disrupting attacks.
Such demonstrators therefore have the potential to alter the engineering lifecycle altogether. This is the hope we carry. The automotive supply chain – and the policy makers – have otherwise realised that we simply cannot design security issues out of modern CAVs.
Resilience is where we need to head to. We are on our way. Where are you?