SlideShare a Scribd company logo
1 of 32
Download to read offline
Connected Cars & Autonomous Vehicles
A case study of Cybersecurity
on a Grand Scale
• A presentation given at How the
Internet of Things is Changing Cyber
Security - an event organised by
Optimise Hub (Portsmouth University) on
January 26th 2017 at Havant.
• This talk describes the issues relating
to cybersecurity of Connected Cars
and Autonomous Vehicles.
• It is a perfect case study in the
challenge of achieving cybersecurity
on a massive scale.
OptimiseHub
University of Portsmouth
25/01/2017 © 2017 Astius Technology Systems Ltd2
About your presenter
Bill Harpley
bill.harpley@astius.co.uk
Bill Harpley MSc
• 30+ year experience working in the
technology sector
• Founder of Astius Technology
• Organiser of Brighton IoT Forum meetup
group (740+ members)
• Event organiser for the Self Driving and
Autonomous Vehicles meetup group
25/01/2017 © 2017 Astius Technology Systems Ltd3
• Innovation consultancy
• Internet of Things
• Blockchain
• Wireless Technology
• Cybersecurity
• New Business Thinking
• Digital Business Strategy
• New Business Models
• Disruptive Innovation
• Training and Skills
astius technology
25/01/2017 © 2017 Astius Technology Systems Ltd4
Route for today
1. Why this topic is important
2. What we mean by
‘Connected Cars and
Autonomous Vehicles’
3. Identify the major known
cyber-risks
4. Explore the challenges of
finding a scalable
cybersecurity solution
25/01/2017 © 2017 Astius Technology Systems Ltd5
The future promise of Connected Cars
25/01/2017 © 2017 Astius Technology Systems Ltd6
A century of innovation
• Both the Model-T of 1910 and the Tesla electric car of 2016 represent truly
transformational technologies.
• Expect the evolution from ‘manual’ to ‘connected’ vehicles to be every bit as
revolutionary as the shift away from ‘horse powered’ transport more than a
century ago.
25/01/2017 © 2017 Astius Technology Systems Ltd7
The Opportunities
• Connected Cars market represents major growth
opportunity
– Markets & Markets estimate it will be worth $47 billion by
2020 ( ~ £38 billion at today’s rate)
– PwC estimate it will be worth £120 billion by 2022
• Greater public safety
– WHO state there were 1.25 million road deaths globally in
2013
– More than 200,000 people die through traffic accidents in
China alone!
• Tremendous spur to R&D and product innovation on
a global basis
– Nothing like this since ‘space race’ of the 1960s
25/01/2017 © 2017 Astius Technology Systems Ltd8
The story so far …
Society of Automotive Engineers: standard SAE J3016 defines six
classes of vehicle automation.
25/01/2017 © 2017 Astius Technology Systems Ltd9
Levels of Vehicle Automation
25/01/2017 © 2017 Astius Technology Systems Ltd10
Here is a summary of the SAE J3016 automation levels:
Technology Timeline
Multiple generations of technology will co-exist on our roads for many years.
25/01/2017 © 2017 Astius Technology Systems Ltd11
ADAS in Action
• ‘Tesla Autopilot predicts collision ahead seconds
before it happens’
– Dashcam recording from within a Tesla car of
road incident in the Netherlands
– http://www.kurzweilai.net/tesla-autopilot-predicts-
collision-aheads-seconds-before-it-happens
• Thanks to @HansNoordsij , an enthusiastic
champion of Tesla Model S and Nissan Leaf
25/01/2017 © 2017 Astius Technology Systems Ltd12
Vehicle Cybersecurity: what’s the problem?
25/01/2017 © 2017 Astius Technology Systems Ltd13
Attackers have many Faces
http://opengarages.org/handbook/2014_car_hackers_handbook_compressed.pdf
Organised Criminal gangs
intent on theft of
personal data and
deploying “ransomware”
State-sponsored actors,
terrorists and political
‘hactivists’
Small-time crooks intent
on stealing vehicles and
property
“Curiosity driven”
attacks (e.g. car
owners ‘tweaking’)
25/01/2017 © 2017 Astius Technology Systems Ltd14
It’s complicated …
Example: Ford F150
‘smart’ pickup truck
150 million
lines of
software code
Multiple
‘Electronic
Control Units
(ECUs)’
Numerous potential
points of attack
Complexity is the
enemy of security!
25/01/2017 © 2017 Astius Technology Systems Ltd15
Examples of Risks
Unauthorised access to vehicles Keyless door entry systems use mobile apps
or electronic key-fobs
Theft of personal information Owner details, GPS logs, Credit Card info, etc.
‘Hijacking’ of individual vehicles Feasibility demonstrated by ‘Jeep hack’ (2015)
Creation of mobile ‘bots’ Vehicle software compromised by hackers
and used to launch cyber-attacks
Installation of ‘ransomware’ Victims must pay money to regain control of
their vehicles
25/01/2017 © 2017 Astius Technology Systems Ltd16
A first look at the problem
KEY
V2V Vehicle-to-Vehicle
V2I Vehicle-to-Infrastructure
V2P Vehicle-to-Person
V2C Vehicle-to-Everything
V2V
V2I
V2P
Data Storage
Data Analytics
The Cloud
Back Office
 Billing
 Provisioning
 Operations
 Cybersecurity
End-to-end Security
Phone-to-Car
Myriad
of attack
points
Myriad of
Stakeholders
GPS
V2X
25/01/2017 © 2017 Astius Technology Systems Ltd17
In-vehicle systems
Manual controls Driver-assisted
GPS jamming
Malware
infection via
smartphone
apps
Wireless
hacking
(e.g. door
security)
Many types of
threats
25/01/2017 © 2017 Astius Technology Systems Ltd18
Vehicle-to-Vehicle (V2V)
Radar for hazard detection
Status message
V2V messages must be securely
transmitted and processed.
 Reliable
 Encrypted
 Authenticated
 Ensure privacy (no tracking)
Vehicles transmit status messages
to each other to improve traffic
flows and increase safety.
 “Traffic jam ahead”
 “I have just put the brakes on”
 “Ice on the road ahead”
Secure these
wireless links
25/01/2017 © 2017 Astius Technology Systems Ltd19
Vehicle-to-Infrastructure (V2I)
“Spaces available in
Broad Street car
park”
“Road works ahead”
“Traffic lights not
working at junction
ahead”
ROADSIDE UNITS
Status messages can be
transmitted from kerbside
infrastructure to warn of
delays, hazards or provide
useful advice to travellers.
“Road ahead closed.
Turn left at junction”
Secure these
wireless links
25/01/2017 © 2017 Astius Technology Systems Ltd20
Vehicle-to-Person (V2P)
Pedestrians
and joggers
Horses (and
other animals)
Cyclists, scooter
riders and other
2-wheeled transport
Non-vehicular road
users can indicate their
presence by sending
status messages to
oncoming vehicles
Secure these
wireless links
25/01/2017 © 2017 Astius Technology Systems Ltd21
Vehicle-to-Everything (V2X | V-LTE)
Cellular
Operator
• V2X developed by 3GPP
(organisation which develops
Cellular technology standards)
• Not likely to be available until
2018 at the earliest
• Aims to provide all the functions
of V2V, V2P and V2I
• UK has relatively poor 4G coverage!
• Would vehicle owners be able to
choose which MNO to subscribe to?
• Would government license
infrastructure as a concession?
• Would key roads be privatised to
facilitate use of V2X?
Leverages security of Cellular network
25/01/2017 © 2017 Astius Technology Systems Ltd22
A second look at the problem
KEY
V2V Vehicle-to-Vehicle
V2I Vehicle-to-Infrastructure
V2P Vehicle-to-Person
V2X Vehicle-to-Everything
V2V
V2I
V2P
Data Storage
Data Analytics
The Cloud
Back Office
 Billing
 Provisioning
 Operations
 Cybersecurity
Phone-to-Car
Myriad
of attack
points
Myriad of
Stakeholders
GPS
V2X
Potential vulnerabilities
within Service Provider
networks and Back
Office functions
25/01/2017 © 2017 Astius Technology Systems Ltd23
Vehicle Cybersecurity: the challenge ahead
25/01/2017 © 2017 Astius Technology Systems Ltd24
Cybersecurity at scale
So far, we have just
considered a handful of
vehicles. But how do we
make cybersecurity scale
to encompass huge
number of stakeholders?
Cities Major routes
Nation states Major regions
25/01/2017 © 2017 Astius Technology Systems Ltd25
How do we scale this up?
National
Cybersecurity
Strategy
Electricity
Telecoms
Transport
Local
Government
Central
Government
Infrastructure
Owners
Infrastructure
Operators
1. Promote
cybersecurity
initiatives within
Automotive industry
2. Promote
partnership and
dialogue between
infrastructure owners
and operators
3. Plan for Connected
and Driverless vehicles
within a national
cybersecurity
framework.
Cybersecurity industry has major leadership role in facilitating these conversations.
25/01/2017 © 2017 Astius Technology Systems Ltd26
Automotive Industry
Drive to
improve
software
quality
Publication of
automotive
cybersecurity
standard
SAE J3061
Provision of
Over-the-air
software
updates to cars
Sharing of
cybersecurity
expertise via
AUTO-ISAC
• Automotive industry has
started to take cybersecurity
seriously
• Many important initiatives
have been launched
25/01/2017 © 2017 Astius Technology Systems Ltd27
Let’s talk about Infrastructure
Cyber-attacks could cause:
• Traffic gridlock
• Economic losses
• Accidents and loss of life
• Massive insurance claims
• Political repercussions
Integrate
with other
forms of
transport!
Who owns the
infrastructure?
Who pays for
the
infrastructure?
Legal and
regulatory
barriers to
co-operation?
Clear need for common approach to
protecting infrastructure, data and services.
25/01/2017 © 2017 Astius Technology Systems Ltd28
The Policy of Government
CPNI
Centre for the
Protection of
National
Infrastructure
NCSC
National
Cyber Security
Centre
Department
of Transport
These websites are
silent about
cybersecurity for
Connected and
Driverless vehicles
This document has
nothing to say about
cybersecurity for
Connected and
Driverless vehicles
We may conclude that
H.M. Government has
no coherent strategy for
dealing with this issue!
25/01/2017 © 2017 Astius Technology Systems Ltd29
How do we compare?
• Very active program of
research and development
• Have conducted open
discussions about vehicle
cybersecurity for several
years now
• Sept. 2016 announced
formal policy on
Autonomous Vehicles
• All documents can be freely
downloaded from website
• Formal cybersecurity
strategy since 2013
• Has funded numerous
research projects
• Published research into
cybersecurity of vehicles
• Hosts a Cars and Roads
Security (CarSEC) Experts
Group
• All documents can be freely
downloaded from website
UK lags well
behind in
terms of
developing
cybersecurity
strategy for
Connected and
Autonomous
vehicles.
25/01/2017 © 2017 Astius Technology Systems Ltd30
Conclusions
1. Connected and Autonomous Vehicles are a great opportunity.
2. It will take several decades to build the necessary infrastructure.
3. It’s not clear who will build and operate the infrastructure.
4. We can only speculate what kind of cyber-attacks may happen.
5. The automotive industry is building capability in cyber-security.
6. Dialogue needed between infrastructure owners and operators.
7. Major challenge to plan, deploy & manage large scale cybersecurity.
8. UK Government appears to have no coherent strategy in place.
25/01/2017 © 2017 Astius Technology Systems Ltd31
Questions and Answers?
Hack me if
you can!
25/01/2017 © 2017 Astius Technology Systems Ltd32

More Related Content

What's hot

Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 
AI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AIAI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AINUS-ISS
 
Harman automotive cybersecurity business overview
Harman automotive cybersecurity business overviewHarman automotive cybersecurity business overview
Harman automotive cybersecurity business overviewHARMAN Connected Services
 
How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...
How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...
How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...Bernard Marr
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesHARMAN Connected Services
 
Edge Artificial Intelligence in smart city development
Edge Artificial Intelligence in smart city developmentEdge Artificial Intelligence in smart city development
Edge Artificial Intelligence in smart city developmentPromiseElechi1
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous carsAmal Jose
 
Nasscom AI top 50 use cases
Nasscom AI top 50 use casesNasscom AI top 50 use cases
Nasscom AI top 50 use casesADDI AI 2050
 
VEHICLE TO VEHICLE WIRELESS COMMUNICATION
VEHICLE TO VEHICLE WIRELESS COMMUNICATIONVEHICLE TO VEHICLE WIRELESS COMMUNICATION
VEHICLE TO VEHICLE WIRELESS COMMUNICATIONRahul Natarajan
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityDr David Probert
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 

What's hot (20)

Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
 
AI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AIAI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AI
 
Harman automotive cybersecurity business overview
Harman automotive cybersecurity business overviewHarman automotive cybersecurity business overview
Harman automotive cybersecurity business overview
 
Connected Cars
Connected CarsConnected Cars
Connected Cars
 
How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...
How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...
How Tesla Is Using Artificial Intelligence to Create The Autonomous Cars Of T...
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
 
Edge Artificial Intelligence in smart city development
Edge Artificial Intelligence in smart city developmentEdge Artificial Intelligence in smart city development
Edge Artificial Intelligence in smart city development
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best Practices
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous cars
 
Nasscom AI top 50 use cases
Nasscom AI top 50 use casesNasscom AI top 50 use cases
Nasscom AI top 50 use cases
 
VEHICLE TO VEHICLE WIRELESS COMMUNICATION
VEHICLE TO VEHICLE WIRELESS COMMUNICATIONVEHICLE TO VEHICLE WIRELESS COMMUNICATION
VEHICLE TO VEHICLE WIRELESS COMMUNICATION
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
 
Infotainment system of car
Infotainment system of carInfotainment system of car
Infotainment system of car
 
Automobile platforms
Automobile platformsAutomobile platforms
Automobile platforms
 
Connected and Autonomous Vehicles: The Enabling Technologies
Connected and Autonomous Vehicles: The Enabling TechnologiesConnected and Autonomous Vehicles: The Enabling Technologies
Connected and Autonomous Vehicles: The Enabling Technologies
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event Management
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPT
 

Viewers also liked

Public policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous VehiclesPublic policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous VehiclesBill Harpley
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1Bill Harpley
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT SecurityBill Harpley
 
Building an 'Internet of Things' ( IoT ) technology cluster in Brighton
Building an 'Internet of Things' ( IoT ) technology cluster in BrightonBuilding an 'Internet of Things' ( IoT ) technology cluster in Brighton
Building an 'Internet of Things' ( IoT ) technology cluster in BrightonBill Harpley
 
Get yourself connected: Google Glass and the Internet of Bling
Get yourself connected: Google Glass and the Internet of BlingGet yourself connected: Google Glass and the Internet of Bling
Get yourself connected: Google Glass and the Internet of BlingBill Harpley
 
Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Iddan Halevy
 
FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017Craig Hurst
 
Autonomous Vehicles
Autonomous VehiclesAutonomous Vehicles
Autonomous VehiclesIoT613
 
Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...
Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...
Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...Ludovic Privat
 
Myths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's HospitalMyths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's HospitalNewellNYC
 
Building the Social Internet of Things
Building the Social Internet of ThingsBuilding the Social Internet of Things
Building the Social Internet of ThingsBill Harpley
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsAndreas Mai
 
Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Joseph Hennawy
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
 
2016- A Year in Review of the Development of Autonomous vehicles
2016- A Year in Review of the Development of Autonomous vehicles2016- A Year in Review of the Development of Autonomous vehicles
2016- A Year in Review of the Development of Autonomous vehiclesJen Rossi
 
Hackers are the new highway threat
Hackers are the new highway threatHackers are the new highway threat
Hackers are the new highway threatHarman Innovation
 

Viewers also liked (20)

Public policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous VehiclesPublic policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous Vehicles
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT Security
 
Building an 'Internet of Things' ( IoT ) technology cluster in Brighton
Building an 'Internet of Things' ( IoT ) technology cluster in BrightonBuilding an 'Internet of Things' ( IoT ) technology cluster in Brighton
Building an 'Internet of Things' ( IoT ) technology cluster in Brighton
 
Get yourself connected: Google Glass and the Internet of Bling
Get yourself connected: Google Glass and the Internet of BlingGet yourself connected: Google Glass and the Internet of Bling
Get yourself connected: Google Glass and the Internet of Bling
 
Build Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsBuild Safe and Secure Distributed Systems
Build Safe and Secure Distributed Systems
 
Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010
 
FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017
 
Autonomous Vehicles
Autonomous VehiclesAutonomous Vehicles
Autonomous Vehicles
 
2014 MATC Spring Lecture Series: Chris Schwarz
2014 MATC Spring Lecture Series: Chris Schwarz2014 MATC Spring Lecture Series: Chris Schwarz
2014 MATC Spring Lecture Series: Chris Schwarz
 
Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...
Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...
Study HERE SBD - How autonomous vehicles could relieve or worsen traffic cong...
 
Myths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's HospitalMyths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's Hospital
 
Building the Social Internet of Things
Building the Social Internet of ThingsBuilding the Social Internet of Things
Building the Social Internet of Things
 
Bayesian risk assessment of autonomous vehicles
Bayesian risk assessment of autonomous vehiclesBayesian risk assessment of autonomous vehicles
Bayesian risk assessment of autonomous vehicles
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
 
Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
 
2016- A Year in Review of the Development of Autonomous vehicles
2016- A Year in Review of the Development of Autonomous vehicles2016- A Year in Review of the Development of Autonomous vehicles
2016- A Year in Review of the Development of Autonomous vehicles
 
Hackers are the new highway threat
Hackers are the new highway threatHackers are the new highway threat
Hackers are the new highway threat
 
Autonomous Vehicles and Reducing GHG
Autonomous Vehicles and Reducing GHGAutonomous Vehicles and Reducing GHG
Autonomous Vehicles and Reducing GHG
 

Similar to Connected & Autonomous vehicles: cybersecurity on a grand scale v1

Hitch-hikers guide to AI for Connected and Autonomous Vehicles
Hitch-hikers guide to AI for Connected and Autonomous VehiclesHitch-hikers guide to AI for Connected and Autonomous Vehicles
Hitch-hikers guide to AI for Connected and Autonomous VehiclesBill Harpley
 
Connected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptxConnected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptxbrigel529
 
A Simple Journey Enabled by Connected Corridors
A Simple Journey Enabled by Connected CorridorsA Simple Journey Enabled by Connected Corridors
A Simple Journey Enabled by Connected CorridorsSophie Ericson
 
Connected Car Investment Thesis
Connected Car Investment ThesisConnected Car Investment Thesis
Connected Car Investment ThesisJames Harris
 
NEC5-18- Brief Summary
NEC5-18- Brief SummaryNEC5-18- Brief Summary
NEC5-18- Brief SummarySandeep Kar
 
"Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th...
"Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th..."Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th...
"Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th...Edge AI and Vision Alliance
 
The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)
The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)
The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)Lucy Woods
 
13 03-28-scv-its-advisory-cisco-perspective-f
13 03-28-scv-its-advisory-cisco-perspective-f13 03-28-scv-its-advisory-cisco-perspective-f
13 03-28-scv-its-advisory-cisco-perspective-fAndreas Mai
 
Interview: What is the main security and privacy risks associated with the ad...
Interview: What is the main security and privacy risks associated with the ad...Interview: What is the main security and privacy risks associated with the ad...
Interview: What is the main security and privacy risks associated with the ad...Ersin KARA
 
Session 1.3 context information management across smart city knowledge domains
Session 1.3   context information management across smart city knowledge domainsSession 1.3   context information management across smart city knowledge domains
Session 1.3 context information management across smart city knowledge domainssemanticsconference
 
AESIN MWC2016 Presentations AESIN, Visteon, Plextek
AESIN MWC2016 Presentations AESIN, Visteon, PlextekAESIN MWC2016 Presentations AESIN, Visteon, Plextek
AESIN MWC2016 Presentations AESIN, Visteon, PlextekSophie Ericson
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Mark Goldstein
 
MassIntelligence 2018: Intelligent Connected Cities
MassIntelligence 2018: Intelligent Connected CitiesMassIntelligence 2018: Intelligent Connected Cities
MassIntelligence 2018: Intelligent Connected CitiesMassTLC
 
Swiss Re - Insurer Innovation Award 2022
Swiss Re - Insurer Innovation Award 2022Swiss Re - Insurer Innovation Award 2022
Swiss Re - Insurer Innovation Award 2022The Digital Insurer
 
5G and Connected Car Oppurtunities.pdf
5G and Connected Car Oppurtunities.pdf5G and Connected Car Oppurtunities.pdf
5G and Connected Car Oppurtunities.pdfDSP/CSP Company
 
Internet of Cars, Andreas Mai, Cisco Systems
Internet of Cars, Andreas Mai, Cisco SystemsInternet of Cars, Andreas Mai, Cisco Systems
Internet of Cars, Andreas Mai, Cisco SystemsAndreas Mai
 
IoT enabled Smart Mobility: Hype or Reality?
IoT enabled Smart Mobility: Hype or Reality?IoT enabled Smart Mobility: Hype or Reality?
IoT enabled Smart Mobility: Hype or Reality?Srinivasan Ramaswamy
 

Similar to Connected & Autonomous vehicles: cybersecurity on a grand scale v1 (20)

Hitch-hikers guide to AI for Connected and Autonomous Vehicles
Hitch-hikers guide to AI for Connected and Autonomous VehiclesHitch-hikers guide to AI for Connected and Autonomous Vehicles
Hitch-hikers guide to AI for Connected and Autonomous Vehicles
 
Connected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptxConnected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptx
 
Smart & Safer Cities by Richard Knight
Smart & Safer Cities by Richard KnightSmart & Safer Cities by Richard Knight
Smart & Safer Cities by Richard Knight
 
A Simple Journey Enabled by Connected Corridors
A Simple Journey Enabled by Connected CorridorsA Simple Journey Enabled by Connected Corridors
A Simple Journey Enabled by Connected Corridors
 
Connected Car Investment Thesis
Connected Car Investment ThesisConnected Car Investment Thesis
Connected Car Investment Thesis
 
NEC5-18- Brief Summary
NEC5-18- Brief SummaryNEC5-18- Brief Summary
NEC5-18- Brief Summary
 
"Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th...
"Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th..."Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th...
"Automakers at a Crossroads: How Embedded Vision and Autonomy Will Reshape th...
 
The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)
The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)
The Connected Car: The Next 500 Million Connections (Mobile Broadband Event)
 
13 03-28-scv-its-advisory-cisco-perspective-f
13 03-28-scv-its-advisory-cisco-perspective-f13 03-28-scv-its-advisory-cisco-perspective-f
13 03-28-scv-its-advisory-cisco-perspective-f
 
Interview: What is the main security and privacy risks associated with the ad...
Interview: What is the main security and privacy risks associated with the ad...Interview: What is the main security and privacy risks associated with the ad...
Interview: What is the main security and privacy risks associated with the ad...
 
Mobilità del Futuro
Mobilità del FuturoMobilità del Futuro
Mobilità del Futuro
 
Session 1.3 context information management across smart city knowledge domains
Session 1.3   context information management across smart city knowledge domainsSession 1.3   context information management across smart city knowledge domains
Session 1.3 context information management across smart city knowledge domains
 
AESIN MWC2016 Presentations AESIN, Visteon, Plextek
AESIN MWC2016 Presentations AESIN, Visteon, PlextekAESIN MWC2016 Presentations AESIN, Visteon, Plextek
AESIN MWC2016 Presentations AESIN, Visteon, Plextek
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
 
MassIntelligence 2018: Intelligent Connected Cities
MassIntelligence 2018: Intelligent Connected CitiesMassIntelligence 2018: Intelligent Connected Cities
MassIntelligence 2018: Intelligent Connected Cities
 
Swiss Re - Insurer Innovation Award 2022
Swiss Re - Insurer Innovation Award 2022Swiss Re - Insurer Innovation Award 2022
Swiss Re - Insurer Innovation Award 2022
 
5G and Connected Car Oppurtunities.pdf
5G and Connected Car Oppurtunities.pdf5G and Connected Car Oppurtunities.pdf
5G and Connected Car Oppurtunities.pdf
 
IYF Building Nextgen Infotainment & Telematics Systems
IYF Building Nextgen Infotainment & Telematics SystemsIYF Building Nextgen Infotainment & Telematics Systems
IYF Building Nextgen Infotainment & Telematics Systems
 
Internet of Cars, Andreas Mai, Cisco Systems
Internet of Cars, Andreas Mai, Cisco SystemsInternet of Cars, Andreas Mai, Cisco Systems
Internet of Cars, Andreas Mai, Cisco Systems
 
IoT enabled Smart Mobility: Hype or Reality?
IoT enabled Smart Mobility: Hype or Reality?IoT enabled Smart Mobility: Hype or Reality?
IoT enabled Smart Mobility: Hype or Reality?
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Connected & Autonomous vehicles: cybersecurity on a grand scale v1

  • 1. Connected Cars & Autonomous Vehicles A case study of Cybersecurity on a Grand Scale
  • 2. • A presentation given at How the Internet of Things is Changing Cyber Security - an event organised by Optimise Hub (Portsmouth University) on January 26th 2017 at Havant. • This talk describes the issues relating to cybersecurity of Connected Cars and Autonomous Vehicles. • It is a perfect case study in the challenge of achieving cybersecurity on a massive scale. OptimiseHub University of Portsmouth 25/01/2017 © 2017 Astius Technology Systems Ltd2
  • 3. About your presenter Bill Harpley bill.harpley@astius.co.uk Bill Harpley MSc • 30+ year experience working in the technology sector • Founder of Astius Technology • Organiser of Brighton IoT Forum meetup group (740+ members) • Event organiser for the Self Driving and Autonomous Vehicles meetup group 25/01/2017 © 2017 Astius Technology Systems Ltd3
  • 4. • Innovation consultancy • Internet of Things • Blockchain • Wireless Technology • Cybersecurity • New Business Thinking • Digital Business Strategy • New Business Models • Disruptive Innovation • Training and Skills astius technology 25/01/2017 © 2017 Astius Technology Systems Ltd4
  • 5. Route for today 1. Why this topic is important 2. What we mean by ‘Connected Cars and Autonomous Vehicles’ 3. Identify the major known cyber-risks 4. Explore the challenges of finding a scalable cybersecurity solution 25/01/2017 © 2017 Astius Technology Systems Ltd5
  • 6. The future promise of Connected Cars 25/01/2017 © 2017 Astius Technology Systems Ltd6
  • 7. A century of innovation • Both the Model-T of 1910 and the Tesla electric car of 2016 represent truly transformational technologies. • Expect the evolution from ‘manual’ to ‘connected’ vehicles to be every bit as revolutionary as the shift away from ‘horse powered’ transport more than a century ago. 25/01/2017 © 2017 Astius Technology Systems Ltd7
  • 8. The Opportunities • Connected Cars market represents major growth opportunity – Markets & Markets estimate it will be worth $47 billion by 2020 ( ~ £38 billion at today’s rate) – PwC estimate it will be worth £120 billion by 2022 • Greater public safety – WHO state there were 1.25 million road deaths globally in 2013 – More than 200,000 people die through traffic accidents in China alone! • Tremendous spur to R&D and product innovation on a global basis – Nothing like this since ‘space race’ of the 1960s 25/01/2017 © 2017 Astius Technology Systems Ltd8
  • 9. The story so far … Society of Automotive Engineers: standard SAE J3016 defines six classes of vehicle automation. 25/01/2017 © 2017 Astius Technology Systems Ltd9
  • 10. Levels of Vehicle Automation 25/01/2017 © 2017 Astius Technology Systems Ltd10 Here is a summary of the SAE J3016 automation levels:
  • 11. Technology Timeline Multiple generations of technology will co-exist on our roads for many years. 25/01/2017 © 2017 Astius Technology Systems Ltd11
  • 12. ADAS in Action • ‘Tesla Autopilot predicts collision ahead seconds before it happens’ – Dashcam recording from within a Tesla car of road incident in the Netherlands – http://www.kurzweilai.net/tesla-autopilot-predicts- collision-aheads-seconds-before-it-happens • Thanks to @HansNoordsij , an enthusiastic champion of Tesla Model S and Nissan Leaf 25/01/2017 © 2017 Astius Technology Systems Ltd12
  • 13. Vehicle Cybersecurity: what’s the problem? 25/01/2017 © 2017 Astius Technology Systems Ltd13
  • 14. Attackers have many Faces http://opengarages.org/handbook/2014_car_hackers_handbook_compressed.pdf Organised Criminal gangs intent on theft of personal data and deploying “ransomware” State-sponsored actors, terrorists and political ‘hactivists’ Small-time crooks intent on stealing vehicles and property “Curiosity driven” attacks (e.g. car owners ‘tweaking’) 25/01/2017 © 2017 Astius Technology Systems Ltd14
  • 15. It’s complicated … Example: Ford F150 ‘smart’ pickup truck 150 million lines of software code Multiple ‘Electronic Control Units (ECUs)’ Numerous potential points of attack Complexity is the enemy of security! 25/01/2017 © 2017 Astius Technology Systems Ltd15
  • 16. Examples of Risks Unauthorised access to vehicles Keyless door entry systems use mobile apps or electronic key-fobs Theft of personal information Owner details, GPS logs, Credit Card info, etc. ‘Hijacking’ of individual vehicles Feasibility demonstrated by ‘Jeep hack’ (2015) Creation of mobile ‘bots’ Vehicle software compromised by hackers and used to launch cyber-attacks Installation of ‘ransomware’ Victims must pay money to regain control of their vehicles 25/01/2017 © 2017 Astius Technology Systems Ltd16
  • 17. A first look at the problem KEY V2V Vehicle-to-Vehicle V2I Vehicle-to-Infrastructure V2P Vehicle-to-Person V2C Vehicle-to-Everything V2V V2I V2P Data Storage Data Analytics The Cloud Back Office  Billing  Provisioning  Operations  Cybersecurity End-to-end Security Phone-to-Car Myriad of attack points Myriad of Stakeholders GPS V2X 25/01/2017 © 2017 Astius Technology Systems Ltd17
  • 18. In-vehicle systems Manual controls Driver-assisted GPS jamming Malware infection via smartphone apps Wireless hacking (e.g. door security) Many types of threats 25/01/2017 © 2017 Astius Technology Systems Ltd18
  • 19. Vehicle-to-Vehicle (V2V) Radar for hazard detection Status message V2V messages must be securely transmitted and processed.  Reliable  Encrypted  Authenticated  Ensure privacy (no tracking) Vehicles transmit status messages to each other to improve traffic flows and increase safety.  “Traffic jam ahead”  “I have just put the brakes on”  “Ice on the road ahead” Secure these wireless links 25/01/2017 © 2017 Astius Technology Systems Ltd19
  • 20. Vehicle-to-Infrastructure (V2I) “Spaces available in Broad Street car park” “Road works ahead” “Traffic lights not working at junction ahead” ROADSIDE UNITS Status messages can be transmitted from kerbside infrastructure to warn of delays, hazards or provide useful advice to travellers. “Road ahead closed. Turn left at junction” Secure these wireless links 25/01/2017 © 2017 Astius Technology Systems Ltd20
  • 21. Vehicle-to-Person (V2P) Pedestrians and joggers Horses (and other animals) Cyclists, scooter riders and other 2-wheeled transport Non-vehicular road users can indicate their presence by sending status messages to oncoming vehicles Secure these wireless links 25/01/2017 © 2017 Astius Technology Systems Ltd21
  • 22. Vehicle-to-Everything (V2X | V-LTE) Cellular Operator • V2X developed by 3GPP (organisation which develops Cellular technology standards) • Not likely to be available until 2018 at the earliest • Aims to provide all the functions of V2V, V2P and V2I • UK has relatively poor 4G coverage! • Would vehicle owners be able to choose which MNO to subscribe to? • Would government license infrastructure as a concession? • Would key roads be privatised to facilitate use of V2X? Leverages security of Cellular network 25/01/2017 © 2017 Astius Technology Systems Ltd22
  • 23. A second look at the problem KEY V2V Vehicle-to-Vehicle V2I Vehicle-to-Infrastructure V2P Vehicle-to-Person V2X Vehicle-to-Everything V2V V2I V2P Data Storage Data Analytics The Cloud Back Office  Billing  Provisioning  Operations  Cybersecurity Phone-to-Car Myriad of attack points Myriad of Stakeholders GPS V2X Potential vulnerabilities within Service Provider networks and Back Office functions 25/01/2017 © 2017 Astius Technology Systems Ltd23
  • 24. Vehicle Cybersecurity: the challenge ahead 25/01/2017 © 2017 Astius Technology Systems Ltd24
  • 25. Cybersecurity at scale So far, we have just considered a handful of vehicles. But how do we make cybersecurity scale to encompass huge number of stakeholders? Cities Major routes Nation states Major regions 25/01/2017 © 2017 Astius Technology Systems Ltd25
  • 26. How do we scale this up? National Cybersecurity Strategy Electricity Telecoms Transport Local Government Central Government Infrastructure Owners Infrastructure Operators 1. Promote cybersecurity initiatives within Automotive industry 2. Promote partnership and dialogue between infrastructure owners and operators 3. Plan for Connected and Driverless vehicles within a national cybersecurity framework. Cybersecurity industry has major leadership role in facilitating these conversations. 25/01/2017 © 2017 Astius Technology Systems Ltd26
  • 27. Automotive Industry Drive to improve software quality Publication of automotive cybersecurity standard SAE J3061 Provision of Over-the-air software updates to cars Sharing of cybersecurity expertise via AUTO-ISAC • Automotive industry has started to take cybersecurity seriously • Many important initiatives have been launched 25/01/2017 © 2017 Astius Technology Systems Ltd27
  • 28. Let’s talk about Infrastructure Cyber-attacks could cause: • Traffic gridlock • Economic losses • Accidents and loss of life • Massive insurance claims • Political repercussions Integrate with other forms of transport! Who owns the infrastructure? Who pays for the infrastructure? Legal and regulatory barriers to co-operation? Clear need for common approach to protecting infrastructure, data and services. 25/01/2017 © 2017 Astius Technology Systems Ltd28
  • 29. The Policy of Government CPNI Centre for the Protection of National Infrastructure NCSC National Cyber Security Centre Department of Transport These websites are silent about cybersecurity for Connected and Driverless vehicles This document has nothing to say about cybersecurity for Connected and Driverless vehicles We may conclude that H.M. Government has no coherent strategy for dealing with this issue! 25/01/2017 © 2017 Astius Technology Systems Ltd29
  • 30. How do we compare? • Very active program of research and development • Have conducted open discussions about vehicle cybersecurity for several years now • Sept. 2016 announced formal policy on Autonomous Vehicles • All documents can be freely downloaded from website • Formal cybersecurity strategy since 2013 • Has funded numerous research projects • Published research into cybersecurity of vehicles • Hosts a Cars and Roads Security (CarSEC) Experts Group • All documents can be freely downloaded from website UK lags well behind in terms of developing cybersecurity strategy for Connected and Autonomous vehicles. 25/01/2017 © 2017 Astius Technology Systems Ltd30
  • 31. Conclusions 1. Connected and Autonomous Vehicles are a great opportunity. 2. It will take several decades to build the necessary infrastructure. 3. It’s not clear who will build and operate the infrastructure. 4. We can only speculate what kind of cyber-attacks may happen. 5. The automotive industry is building capability in cyber-security. 6. Dialogue needed between infrastructure owners and operators. 7. Major challenge to plan, deploy & manage large scale cybersecurity. 8. UK Government appears to have no coherent strategy in place. 25/01/2017 © 2017 Astius Technology Systems Ltd31
  • 32. Questions and Answers? Hack me if you can! 25/01/2017 © 2017 Astius Technology Systems Ltd32