Stories
Slash Boxes
Comments

SoylentNews is people

Best Practices Document for Automotive Security Has Been Published

posted by cmn32480 on Sunday July 24 2016, @01:46PM   Printer-friendly
from the not-just-locking-the-doors-anymore dept.

Knowledge Troll writes:

The Automotive Information Sharing and Analysis Center has published an executive summary of their Automotive Cybersecurity Best Practices.

From the summary

As vehicles become increasingly connected and autonomous, the security and integrity of automotive systems is a top priority for the automotive industry. The Proactive Safety Principles released in January 2016 demonstrate the automotive industry's commitment to collaboratively enhance the safety of the traveling public. The objective of the fourth Principle, "Enhance Automotive Cybersecurity," is to explore and employ ways to collectively address cyber threats that could present unreasonable safety or security risks. This includes the development of best practices to secure the motor vehicle ecosystem.

Unfortunately the public executive overview is somewhat content free and refers to NIST documents on security practices but something is better than nothing. It's been six years since the publication of Experimental Security Analysis of a Modern Automobile and five years since Comprehensive Experimental Analyses of Automotive Attack Surfaces . In those research papers compsci students splay open the control system of a car through standard security analysis techniques such as fuzzing. My favorite technique they used was to install custom software into the QNX powered OnStar device then use it to bridge between the body bus and the bus that handles the engines, brakes, steering, etc. Very clever indeed.

How does the community feel about the poorly secured two ton (metric or imperial, you pick) rolling robot that the modern vehicle has become?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Best Practices Document for Automotive Security Has Been Published | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by fido_dogstoyevsky on Sunday July 24 2016, @11:17PM

    by fido_dogstoyevsky (131) <{axehandle} {at} {gmail.com}> on Sunday July 24 2016, @11:17PM (#379549)

    (0) DON'T allow wireless acess to ANYTHING in the car.

    (1) DON'T allow any system to communicate with any other system (this allows excluding the radio from (0)).

    (2) ANYTHING (except maybe the accelerator) drive by wire has to have a mechanical backup (said backup being permanently connected).

    (3) DON'T allow wireless acess to ANYTHING in the car.

    (4) Include a mechanical kill switch.

    (5) Make the software open source - this is one situation where imaginary property can kill people.

    --
    It's NOT a conspiracy... it's a plot.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Scruffy Beard 2 on Sunday July 24 2016, @11:40PM

    by Scruffy Beard 2 (6030) on Sunday July 24 2016, @11:40PM (#379559)

    And this is why I am leery of Tesla Motors.

    This is coming from somebody who read the manual for the Tesla roadster cover-to-cover.