5*StarSAutomotive Cybersecurity

Through Assurance

SMMT CAV Forum

5th December 2017

Introduction

• Automotive Cybersecurity Through Assurance is a collaborative research project funded by InnovateUK

• The project will address the challenges of achieving cybersecurity assurance for CAVs and meaningful ways of communicating cybersecurity risk to consumers

Why cybersecurity matters

• Remote compromise of vehicle systems

1. Gain remote access via vulnerable entry point (e.g. Wi-Fi, Bluetooth)

2. Exploit flaw in Head Unit to gain code execution

3. Bridge or “pivot” via in-vehicle network to exploit other (safety-related) ECUs

21

Head Unit

Other ECU(e.g. steering,

braking)

CAN

3

Source: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

The vehicle attack surface

Background

• Consumer level interest in cybersecurity is increasing

• Potential future regulations e.g. UN ECE

• US SPY Car Act 2015 proposes a “cyber dashboard”

• Consumer groups such as Consumer Reports (USA)

• CITL* developing metrics for security of software including IoT

• UK insurance industry has committed to recognise cybersecurity risk within its future risk based Group Rating system

• There is currently no way for consumers to make informed buying decisions based on cybersecurity, or for insurers to evaluate cybersecurity risk

* CITL – Cyber Independent Testing Lab

Project Objectives

• The project objectives are to research and develop:

• an assurance methodology to assure that vehicles and their components have been designed and tested to the relevant cybersecurity standards throughout their lifecycle

• a uniform and consistent CAV innovation framework to monitor & manage the continuously evolving landscape of digitally connected products & infrastructure

• consumer and insurer oriented rating framework, analogous to existing EuroNCAP type ratings for vehicle safety

• Develop a digital framework for Innovation Management of CAV R&D outputs

• The project outputs will be processes and tools for product development and assurance ready for commercial adoption

Cybersecurity Assurance

Consumer Visible Risk

Rating

Threat Analysis

Maturity Framework

Vehicle Assessment

Relationship to other initiatives

5*StarS “Automotive Cybersecurity Through Assurance” Project

Assurance Framework Risk Rating Framework

Regulations, Standards and Best Practice

ISO/SAE AWI 21434 Cybersecurity Engineering

Under development

Align and Informstandardisation

Innovation & Product development according to

international standards

Vehicle manufacturers and suppliers

Cybersecurity Assessment Laboratory

Insurers & Consumers

Assurance rating

Submit for assessment

SAE J3061 ASDL UN ECE

Challenges

• Some of the challenges that the project must address:

1. Defining a manageable scope for the assessment scheme and rating

2. Adapting the framework to reflect the continuously evolving threat landscape

3. Establishing meaningful ways of communicating cybersecurity risk to consumers

4. Managing consumer perception of the rating and avoiding misunderstandings

1. Defining a manageable scope

• Individual implementations each have a different set of attack points

• Attack vectors appropriate to the implementation to be considered based on relevant standards

• The scope will be limited to the vehicle architecture

2. Evolving threat landscape

• The threat landscape is constantly evolving

• New attacks are continually discovered

• The assurance framework and risk rating will account for this through an agility concept

• The methodology will be based on recognised standards and methods for security engineering, security by design and risk management

Vu

lner

abili

ties

Time

Unknown

Known

Time of testing

3. Communicating cybersecurity risk

• Establishing meaningful metrics for security is important but difficult

• Security is hard to measure and any judgement is only valid at a point in time

• Coverage is a commonly used concept in testing, but is difficult to apply to security

• How do we know when we have done enough?

• It is usual to speak about assurance rather than coverage for security• How can we rate the level of assurance?

4. Managing consumer perception

• “Cyber is something customers are making purchasing decisions on,” he said, adding that the customer’s notion of a particular company’s cybersecurity proficiency is likely to become like many other competitive metrics when it comes to winning a spot on a buyer’s consideration list. (Jeff Massimilla, GM, http://articles.sae.org/15549/)

• "For a measure to significantly inform customers, it requires pervasiveness, understandability, simplicity and efficiency” NISTIR 8151 Dramatically Reducing Software Vulnerabilities

• The risk rating framework must be designed so that it is both understandable to consumers and a meaningful statement about security

Clarifications

• The rating is intended to be a measure of assurance, rather than an absolute statement of “how hackable” a vehicle is

• The project is not intending to define a checklist of security features a vehicle should have to get “5 stars”

• The rating criteria will not be static – the project will address the need for the rating scheme to evolve over time in line with the evolving threat landscape

• The project is intended to complement other standards and regulatory activities, rather than trying to replace or compete with them

Digital Framework for Innovation Management of CAV R&D• The CAV Innovation Framework will develop a digital

platform of knowledge management tools for Project Management, Innovation Strategy and Internal Collaboration.

• It will support the development of secure products in line with both digital & technology readiness levels .

• Addressing the gap between security standards, innovation methods & disruptive digitalisation to support emerging readiness levels such as the APC DETC’s Digital Readiness Level (DRL) announced earlier this year.

Dissemination

Standardisation Bodies

BSI, ISO, SAE

Stakeholder Groups

OEMs and suppliersInsurers

Government

Conferences andIndustry Events

Workshops throughout project to inform and foster acceptance

Dissemination at key international events as project matures

Media campaigns once concept proven

Align and inform through partners’ engagement in standards development

Consumer / Motoring Media

Start Year 1 Year 2

Engaging with the project

• We are establishing a stakeholder panel to inform the project and ensure it is aligned with industry needs

• Please visit the project website to enquire about joining the stakeholder panel or to request updates on the project

https://5starsproject.com/

Summary

• Cybersecurity is a fundamental impediment to CAV adoption

• The 5*StarS project directly counters this with • An innovative assurance methodology for assessing the cybersecurity of new vehicles• A risk based rating framework analogous to Euro NCAP, clarifying risk for the insurance

industry and enabling consumer confidence in CAVs

• Leveraging best practices from other sectors, to deliver cybersecurity assured CAVs more quickly than through legislation/standards alone

https://5starsproject.com/

Acknowledgements