Toward a Coordinated, Industry-wide Cybersecurity Approach

Activity is intensifying across the growing automotive ecosystem to rally around emerging security challenges. A new article from Consumer Reports, “Your Car Could Be the Next Ransomware Target,” offers a glimpse across the organizations and communities of interest that are contributing to the industry-wide effort to rearchitect vehicles with cybersecurity at their foundation. Craig Hurst, executive director of the FASTR℠ nonprofit research consortium, is referenced heavily in the Consumer Reports article, as is Monique Lance, head of marketing at Argus Cyber Security, a FASTR contributor member.

No single organization can tackle the whole of automotive security; nor is the problem one to be solved in silos. Diverse, multifaceted cybersecurity research collaboration is crucial to forging a more concerted, coordinated effort in cybersecurity. Success in automotive security for tomorrow’s vehicles will require a unified, system-of-systems approach through knowledge exchange and technology-sharing initiatives.

FASTR’s unique role in accelerating the realization of tomorrow’s “organically secure” vehicles is marshaling collaboration across the automotive ecosystem and has the goal of producing reference architectures, proofs of concept and other tangible research deliverables that automotive original equipment manufacturers (OEMs) can leverage in customizing requirements for their supply chains.

For example, FASTR recently has released Automotive Cybersecurity Literature Review, an analysis of the state of academic research in the field.

“The project identified the major kinds of research conducted in automotive cybersecurity, with the ultimate goal of indicating which technologies are underserved, what type of research is underrepresented, and where FASTR should focus its resources,” reads the report authored by Marcello Balduccini and Hajer Karoui of Drexel University and Dan J. Klinedinst of Carnegie Mellon University. “The review was created using an iterative process that included gathering representative sources, building a concept taxonomy, and classifying the collected sources accordingly. Finally, we analyzed the resulting research categories as to the amount and quality of research that has been published in each of them.”

Among the takeaways of Automotive Cybersecurity Literature Review:

  • One of two categories of components—radio frequency (RF) interfaces and the controller area network (CAN) bus—are typically being researched today.
  • Offensive exploitation and vulnerabilities and existing vehicles and systems have received the bulk of emphasis in public research to date.
  • More formal methods for verifying security properties of a vehicle or subsystem and future technologies such as vehicle-to-vehicle and vehicle-to-infrastructure, autonomy and machine learning, and intelligent transportation systems (ITS) have received scant attention thus far.

Original equipment manufacturers (OEMs) can leverage Automotive Cybersecurity Literature Review in identifying where their resources would be most wisely invested today. It’s one example of how FASTR members gain insight into ahead-of-the-curve technologies and solutions and improve their own organizations’ security implementations.