评估风险：识别和分析自动驾驶汽车的网络安全威胁.pdf

jenk

225

10页

0次

2021-02-22

40墨值下载

January 2018 1

Assessing Risk:

Identifying and Analyzing Cybersecurity

Threats to Automated Vehicles

INTRODUCTION

It’s no secret that developers of automated vehicles face a host of complex issues

to be solved before self-driving cars can hit the road en masse, from building the

necessary infrastructure and deﬁning legal issues to safety testing and coping with the

vagaries of weather and urban environments. In addition, developers face huge risks if

they neglect the vital issue of cybersecurity in automated vehicles.

Driverless vehicles will be at least as vulnerable to all the existing security threats that

regularly disrupt our computer networks. That could include data thieves who want to

glean personal and ﬁnance information, spoofers who present incorrect information to

a vehicle, and denial-of-service attacks that move from shutting down computers to

shutting down cars.

Cybersecurity is an overlooked area of research in the development of driverless vehicles,

even though many threats and vulnerabilities exist, and more are likely to emerge as the

technology progresses to higher levels of automated mobility. Although no over-arching

solutions are obvious at this point, Mcity researchers have developed the ﬁrst tool and

methodology for assessing cybersecurity risks in automated vehicles. This marks not only

Contents

1 Introduction

2 Understanding the

Vulnerabilities

3 Mcity Threat Identiﬁcation

Model

6 A Changing Perspective

7 More Technology,

More Threats

8 Thinking Long-Term

10 Resources

ANDRÉ WEIMERSKIRCH

Lead, Mcity Cybersecurity

Working Group

Vice President, Cybersecurity,

Lear Corporation

DERRICK DOMINIC

Graduate Student Research Assistant,

Robotics, University of Michigan

CYBERSECURITY

Assessing Risk: Identifying and Analyzing Cybersecurity Threats to Automated Vehicles January 2018 2

an important step in solving these problems, but also presents a blueprint to effectively

identify and analyze cybersecurity threats and create effective approaches to make

automated vehicle systems safe and secure.

There are the new cybersecurity threats unique to automated vehicles, including hackers

who would try to take control over or shut-down a vehicle, criminals who could try to

ransom a vehicle or its passengers and thieves who would direct a self-driving car to

relocate itself to the local chop-shop.

Also, there are security threats to the wide-ranging networks that will connect with

automated vehicles, from ﬁnancial networks that process tolls and parking payments

to roadway sensors, cameras and trafﬁc signals to the electricity grid and our personal

home networks. Consider the seemingly nonthreatening convenience of an automated

car that gets within 15 minutes of your home and automatically turns on your furnace or

air conditioner, opens the garage and unlocks your front door. Any hacker who can breach

that vehicle system would be able to walk right in and burglarize your home.

Researchers afﬁliated with the University of Michigan’s Mcity connected and automated

vehicle center are ﬁnding that the complex and wide-ranging issue of cybersecurity

speciﬁc to automated vehicles and the infrastructure that will support them is just

beginning to be recognized, and will become more important as the development of

these vehicles progresses. Without robust, sophisticated, bullet-proof cybersecurity for

automated vehicles, systems and infrastructure, a viable, mass market for these vehicles

simply won’t come into being.

UNDERSTANDING THE VULNERABILITIES

The threats to automated vehicles can come through any of the systems that connect

to the vehicle’s sensors, communications applications, processors, and control systems,

as well as external inputs from other vehicles, roadways, infrastructure and mapping and

GPS data systems. In addition, the control systems of each vehicle for speed, steering

and braking are exposed to attacks.

Each individual automated application will require its own unique threat analysis that maps

its vulnerabilities and assesses the level of risk presented. New work by researchers

working with Mcity on adapting existing automotive threat models demonstrates how

of 10

40墨值下载

database

关注

评论