The potential of connected and autonomous vehicles (CAVs) also comes with the legitimate possibility of network intrusion. As a first step toward developing solutions for protecting vehicles, researchers at Oak Ridge National Laboratory recently developed a prototype plug-in device designed to alert drivers of vehicle cyberattacks. The prototype is coded to learn regular timing of signals in the communications network of an individual vehicle and detect abnormalities in timing frequency that could indicate a network intrusion or malicious software. Initial prototype testing in ORNL’s Vehicle Security Laboratory demonstrated near-perfect intrusion detection rates.
We asked Dr. Stacy Prowell, Chief Cyber Security Research Scientist and Program Manager for ORNL Cybersecurity for Energy Delivery Systems, to elaborate on the gains and risk of connected vehicles, and the research team’s detection method and prototype device.
There have been demonstrations of automotive hacking techniques in the recent past. Why are connected cars and autonomous vehicles more susceptible to network intrusion than today’s non-autonomous vehicle?
Connected and autonomous vehicles (CAVs) that communicate with each other (vehicle-to-vehicle, or V2V) and with infrastructure (vehicle-to-infrastructure, or V2I) have the potential to increase fuel economy through better road utilization and through strategies like platooning. CAVs also have the potential to improve safety by communicating with the infrastructure and responding to traffic signal changes (no more running red lights) and by communicating with other vehicles to share information about road conditions the car and driver may not see (such as black ice or other hazards ahead).
However, the external interfaces of a vehicle are also the “attack surface,” and adding these additional connection pathways increases the attack surface, providing other ways to attack – and potentially compromise – a vehicle. Connectivity also makes the vehicle part of a larger system, and an attack against that system could cause traffic jams, divert first responders, or track the precise location of police and other vehicles, perhaps during evacuations or other critical times. In fact, a compromised vehicle could be the means to attack the larger system by feeding bad data into the system. This is already being done for apps like Waze that use crowd-sourced data. Because of the risk of injecting bad data into the system, we need to detect when a vehicle may have been compromised by a hacker to prevent trusting data from that vehicle, to alert authorities, and to alert the driver.
What are some of the cyberattack scenarios that could occur in/with a connected car?
I addressed some of the larger attack scenarios above, but once a vehicle is compromised the attacker can potentially take control of the vehicle. Vehicle systems are connected to each other via the controller area network (CAN) bus. CAN was designed to carry real-time control signals but lacks any intrinsic security. For example, an attacker could apply the brakes, or disrupt application of the brakes. In an autonomous vehicle, all systems are computer controlled so that the attacker could control the steering, acceleration, and brakes. Or the attacker could simply disable the vehicle.
Can you elaborate on how your prototype plug-in device works and how it takes advantage of the signals in the communications network of a vehicle?
Our system monitors signals on the CAN bus for a “learning” period. Once it has learned how a vehicle’s internal systems normally communicate with each other, it uses this information to detect anomalous traffic – such as a hacker injecting bad traffic onto the network. If anomalous traffic is detected above a predetermined threshold, then the vehicle can indicate to the driver through a warning light, or to other vehicles, systems, and the authorities through V2V and V2I communications, that it may be compromised. One use case for this technology is for first responders, including police, to monitor their vehicles for hacking.
What other cybersecurity methods are being developed to address this issue? What are their advantages? Disadvantages?
There are a number of other approaches being developed, including better network segmentation of the CAN bus – so critical signals are restricted to more isolated networks and not connected to the entertainment system, for example – and the use of vehicle firewalls. Other approaches look to modifying or extending the CAN bus and the new standard, CAN-FD, to add explicit security features, but those don’t address current vehicles, and so far have little success.
What are the biggest challenges in this type of research and what, if any, support does research get from automobile manufacturers — or other non-traditional automobile manufacturers?
The biggest challenge is simply getting access to the necessary data. ORNL created the Vehicle Security Center (VSC) as a collaborative effort among multiple ORNL divisions and the National Transportation Research Center (NTRC) to address this. Today VSC staff have access to multiple dynamometers to test passenger vehicles in a controlled environment, and to the NTRC Vehicle Systems Integration (VSI) lab, where it is possible to simulate driving conditions on the real powertrains of large trucks and other vehicles.
“The Scary Efficiency of Autonomous Intersections,” IEEE Spectrum, 21 March 2016
“What is Truck Platooning?” European Automobile Manufacturing Association (EAMA)
“Colorado DOT Launches Autonomous Vehicle to Improve Worker Safety,” FutureStructure, 21 August 2017
“Traffic-weary homeowners and Waze are at war, again. Guess who’s winning?” Washington Post, 5 June 2016
CAN bus firewall (presentation)
“Firewalls can’t protect today’s connected cars,” ComputerWorld, 24 July 2015