These security measures are addressed at both OEMs and suppliers due to the tight links between them. Policy-related security measures cover both security and privacy aspects, and they have been classified into four main security domains, namely Security by design, Privacy by design, Asset management, and Risk and threat management. The policies are to ensure the level of the cybersecurity readiness within the organization. Practices for Mitigating Threats to Smart CarsĪs the main aim of this study is to introduce the right practices and security measures, the 17 security domains of smart cars are organized in three categories: policies, organizational practices, and technical practices. This segment of the study identifies the security domain, security measure or good practices, threat groups, and references. The most crucial piece of this study is the security measures mapping. Furthermore, the report details three types of attack scenarios encompassing various use-cases from connected cars to automation levels 4 & 5. These attack scenarios show the severity of the impact the attack has on smart cars. The attack scenarios provided in the report are explained and analyzed based on their impact, ease of detection, cascade effect risk, assets affected, stakeholders involved, attack steps, recovery time, gaps and challenges with respective countermeasures. Therefore, it comes as no surprise that the study includes a threat taxonomy, which identifies the threats to smart cars, including the in-vehicle cyber threats, eavesdropping, legal, physical attacks, failures, outages, abuse, and unintentional damages.įurther, the report provides an association between the threats and the assets affected under these threats. The target of these cyberattacks can be any part of the ecosystem from a smart car to the backend remote server. This aggregation is exceptionally sophisticated when it comes to interoperability.īy leveraging all these technologies for automation and connectivity, the smart car’s ecosystem opens a new landscape for even more severe cyber threats. However, the range of these technologies, components, and functions covers sensors as well as computational, communication, functional auto parts of the vehicle. Therefore, the security of smart cars is of prime importance. The functions of the smart cars have a direct impact on the safety of passengers. The study provides an asset taxonomy that covers the smart car functions to identify the associated risks and threats. The report also provided European as well as international legislative, standardization and policy initiatives to foster harmonization. The objective of this comprehensive study was to identify the main assets and threats subjected to the ecosystem of connected and autonomous cars with actionable practices to address cybersecurity issues. In November 2019, the European Union Agency for Cybersecurity (ENISA) published a report that provides a baseline for comprehensive cybersecurity and privacy challenges related to smart cars, outlining the good cybersecurity practices by determining the challenges, threats, risks and attack scenarios.
That’s because doing so has a direct impact on human lives.
Such attacks elevate the risks associated with the smart car systems and indicate that there have to be diligent measures taken before rolling out these vehicles on the road. In particular, remote hacks took a lot of attention in 2015 when two security researchers hijacked the car’s infotainment system and demonstrated how to manipulate smart car functions. In recent years, various attacks have been performed to highlight security concerns about evolving smart cars.
0 kommentar(er)
