Intrusion detection becomes vital issue for vehicle developers
Modern vehicles are transforming into driving software applications. Due to the many applications and wireless technologies used, they provide a large attack surface for hackers. To minimize the risks, there are different cybersecurity regulations for United Nations Economic Commission for Europe (UNECE) states and China. Cyber security company Cymotive Technologies has compared them in terms of the tasks of an intrusion detection system (IDS).
In vehicles, there are numerous hardware and software components that send data via various bus systems (CAN, Ethernet, LIN, FlexRay, etc.), receive data from sensors, and communicate with the outside world (cloud, V2X, mobile communications) via radio technologies; in addition, there will be data exchange with the Vehicle Security Control Centers (VSOC) prescribed by the UNECE in the future. The attack surfaces are correspondingly high, especially since many car components still exchange data with each other without encryption.
An intrusion detection system (IDS) is therefore of particular importance in terms of security. It detects when there are changes in network communication, unusual data transfers, new devices appearing on the network, and when attackers try to penetrate the vehicle network. Unlike an intrusion detection and prevention system (IDPS), which can also initiate countermeasures, the IDS reports cyber events to a security information and event management (SIEM) system, which is usually part of a VSOC.
With regard to autonomous vehicles, the greatest possible cyber security is even more important because there is a risk that entire fleets of vehicles could be hijacked, and hijacked autonomous vehicles en masse could pose hitherto unknown dangers – in extreme cases, it is even conceivable that they could be used as weapons.
For the UNECE economic area (North America, Europe, states of the former Soviet Union including Russia) and for China, there are therefore specifications that manufacturers must take into account if they want to offer vehicles on these markets. However, the two regulations differ significantly in terms of cybersecurity challenges in the automotive industry:
For the UNECE, there is UN R155 with various guidelines for vehicle safety and quite a few concepts. It is rather general and lacks concrete implementation specifications. Even the implementation cookbook of the ISO/SAE standard 21434 does not provide any concrete specifications as to which functions an IDS should implement and how.
The GB/T (Guobiao standard) 29246-2017 and 28628-2020, on the other hand, specify the requirement for an IDS in great detail and precision, prescribing the exact functionality, listing the attacks to be registered, and specifying how the cybersecurity functions must be tested.
In contrast to the GB/T, UN R155 leaves a lot of leeway for the implementation of an IDS (and, of course, for the auditors who have to test the specifications).
Consequences for vehicle developers
The Chinese market requires an IDS as mandatory functionality and specifies it exactly. The requirement affects all suppliers offering vehicles or components for the Chinese market. The trend in China is toward a minimal implementation that meets all specifications.
In the northern hemisphere, the situation is rather confusing. The testing methods in the individual member states vary considerably. A “gold standard” and a uniform testing method are not yet in sight. It seems that auditors rather test whether the respective OEM follows its own procedures for the CSMS (cybersecurity management system), for example by following the ISO/SAE 21434 standard, and whether the process is coherent and complete. They are foregoing a professional drill-down of functionality and close monitoring of implemented methods – at least for now. Because the regulation does not define attack scenarios that an IDS must detect, it leaves that up to the OEM to specify.
As a result, OEMs within the UNECE are taking very different approaches to vehicle security. Some OEMs claim that an IDS is not necessary if a security-by-design approach is taken and numerous security mechanisms are implemented. Most vehicle developers, however, see the IDS as the single, independent, dedicated and objective element of a multi-level vehicle security architecture.
Suppliers of IDS for vehicles such as Cymotive know the standards, test procedures and different implementations in the markets of the UNECE member states and in China down to the last detail. Cymotive offers OEMs an intrusion detection system that is already in use on various platforms and complies with the standards applicable there. Cymotive’s experts also continuously monitor how UN R155 requirements are interpreted and implemented by individual countries.
Related articles
Standard emerges to help fight threat of automotive hacks
CAN FD vulnerability threatens vehicle security
Renesas makes automotive SoCs hacker-proof
Integrity RTOS bolsters automotive cybersecurity capability
NXP certified to cybersecurity standard ISO 21434
Automotive cybersecurity report reveals exposer points, hacker tools
Automotive cybersecurity begins with secure ASIC, FPGA and SoC hardware
Karamba and Cypress team on automotive cybersecurity
Kaspersky offers custom threat intelligence reporting for automotive industry
The new generation of “software-defined vehicles”
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
