There have been new cyber security initiatives for the automotive industry with an alphabet soup of acronyms, standards, algorithms and protocols. ASDL comes from SBD and NCC Group while IPS based on DPI comes from the Argus Cyber Consulting. ECUSHIELD (pronounced E.C.U. shield) from TowerSec offers intrusion protection (IPS) and firewalls.
ECUs and wireless devices are widely used in modern vehicles, road safety systems and infrastructure as well as infotainment systems, eCall services, road signs and traffic lights. These communication channels expose both the vehicle and the connected infrastructure to various cyber threats which can result in Denial of Service (Dos), information theft and the manipulation of mission critical and safety systems. There are various ways to stop such threats.
TowerSec’s ECUSHIELD Turns ECUS into IPS & Firewalls
TowerSec reports that ECUSHIELD is an on board, embedded software solution that turns any ECU into an Intrusion Detection and Prevention System (IPS) and any Gateway ECU to a Smart Firewall. It appears to be similar to NEM and Argus’ IPS. ECUSHIELD can prevent the attack in real-time, when a threat is detected the communication channel is selectively blocked to prevent malicious content from reaching the critical system or causing sensitive data leakage.
Argus Cyber Security IPS Based on Deep Packet Inspection (DPI)
Argus Cyber Security, a raised $4M in Series A funding. Argus provides the automotive industry an Intrusion Prevention System (IPS), based on patent-pending Deep Packet Inspection (DPI) algorithms. It prevents a vehicle’s critical components from being hacked in real-time and is seamlessly integrated into any vehicle production line. The Argus IPS also generates reports and alerts for remote monitoring of a vehicle’s cyber health.
Argus Cyber Consulting Services claims it enables carmakers to detect threats and find vulnerabilities in the network elements of any vehicle. Argus services claim using its products the automotive industry can adopt a proactive approach to eliminate cyber threats for existing and future vehicle models.
SBD & NCC Partner for Cyber Security
SBD and NCC Group announced a partnership for automotive cyber security. The partnership will combine SBD research connected car architectures and automotive security with work with NCC Group’s cyber security testing. They created the Automotive Secure Development Lifecycle (ASDL) to mitigate cyber security risks in connected cars.
The Automotive Secure Development Lifecycle (ASDL) includes
- International standards,
- OEM specific standards
- Best practice guidance with engineering principles.
A seven-step process offers system / design architecture, protection definitions, threat modelling, counter measures, best practice guidance, penetration testing and incidence response. The process is based on strategic planning, design support, countermeasure evaluation, market intelligence, competitor evaluation, security awareness and training.
GM named its first Cyber Security Chief, Jeff Massimilla in September. At the Battelle CyberAuto Challenge, The Auto Alliance announced a proactive stance towards automotive cyber security. AT Battelle Center for Advanced Vehicle Environments and a team working a security featured called NEM or a Network Enforcement Module.
Therefore security chiefs will have their choice of NEM, ASDL, Argus’ IPS or ECUSHIELD. Meanwhile, hacksters Charlie Miller and Chris Valasek continue to stir fear hacking cars and naming the most hackable. Kasperky is also warning the world about automotive security threats in cars such as BMW.