Car manufacturers should look at how nuclear plants separate monitoring systems from operations control systems to mitigate risks, says security expert
Car manufacturers were quick to dismiss reports appearing in the media that researchers were able to electronically commandeer a 2010 Ford Escape and a Toyota Prius.
Representatives of the vehicles’ manufacturers contend that the proof of concept work by Chris Valasek, director of security intelligence at IOActive Inc. and Charlie Miller, a security engineer at Twitter, could not be considered a hack because it required a wired connection between the “attacker’s” device (an old Nintendo game controller) and the target vehicle.
The researchers connected their controller to the electronic control units (ECU) of the vehicles via the on-board diagnostics ports. The ECU is part of the vehicle’s computer network which controls functions such as acceleration, braking, steering and monitor displays. The researchers, who were onboard the target vehicle, over-rode the computer commands and steered the vehicle with their controller, activated the brakes and made the fuel gauge drop to zero.
The car manufacturers missed the point according to security experts. What the experiment illustrates is that each step takes researchers nearer to “a new step forward,” according to Glenn Chisholm, chief security officer of Cylance, a critical infrastructure security company.
The fact that the United States Defense Department’s Defense Advanced Research Projects Agency (DARPA) funded the research indicates that the government believes the ubiquity of computers in vehicles and the possibility of digital attacks are a legitimate security threat, said Aaron Portnoy, vice-president of research at security researcher firm Exodus Intelligence.
The dangers of machine-to-machine communication being exploited for ill-intentions was demonstrated back in 2010 when group of researchers from Rutgers University were able to wirelessly hack a car’s tire pressure monitoring system to send false low-pressure warning. The hackers were travelling on a separate car behind the target vehicle when they sent the command.
Vehicle manufacturers should look to the nuclear power industry for examples best practices examples, said Andrew Ginter, vice president of industrial security for Waterfall Security Solutions Ltd.
In nuclear plants, monitoring systems are located in one network, while systems that control reactor operations are on a separate network. Ginter said manufacturers can use the same architecture layout for vehicles to segregate monitoring functions from critical functions such as brakes, steering and acceleration.