Car hacking continues to be a growing concern for car manufacturers and their suppliers. As the latest drafts of the new ISO 21434 international standard for automotive cybersecurity and the upcoming WP.29 regulation suggest, vendors need a lot more work surrounding the protection of the vehicles they sell to us.
The most intuitive requirement imposed on the manufacturers is to test all the software that gets into the car against all possible hacks and risks. While that might sound like a straightforward request, it by itself creates a big headache for the vendors.
Vehicles now have more than a hundred different independent electronic control units (ECUs). Each of these embedded systems controls a different subsystem of the vehicle. Some may be simple such as brake systems microcontrollers. Others may be entire computers, such as infotainment or autonomous driving assistance systems. In both cases, each ECU comes with its own distinct architecture and software. These could run from simple microcontrollers to complex Linux, Android, or QNX based operating systems. And then there are also car controlling mobile apps and key fobs. They all sum up together to over a hundred million lines of code.
Historically, automotive security experts performed comprehensive one-off security audits on select components to prevent car hacking. These are no longer appropriate for the task because the security posture of automotive software is a moving target:
- Software use keeps expanding – OEMs keep adding new components to vehicle models. The software also gets regular updates from component vendors. Functionality, safety, and regulatory requirements are primary drivers for these updates. For example, in 2018 Tesla added a new dashcam feature as part of their Autopilot 9.0 software update.
- New risks are constantly arising – The use of third-party operating systems and software libraries brings with it a constantly expanding risk as new issues get disclosed on a daily basis. New attack techniques arise. The threat level and severity of existing vulnerabilities get updated. New threat intelligence is reported, and encryption keys and mechanisms weaken or even get deprecated as new research gets published. Licenses are modified and new licenses are introduced.
Tracking and reviewing all of these changes against existing software is a daunting task. This becomes impractical as the number of software updates arises.
The risk level of automotive software is therefore on the rise. The amount of code requiring assessment increased beyond the scope of legacy methodologies. The result – the industry is left exposed, leaving manufacturers, drivers, and insurers at financial and actual life risks.
Cybersecurity Digital Twins
One recent solution developed for this problem is called Cybersecurity Digital Twins. Before I dive into this solution as it pertains to automotive technology, let’s look first at digital twins in general.
A digital twin is a real-time, virtual replica of a physical object or a computer software process. Using simulation software, the twin can optimize the use and overall business value of the original. This is done by predicting future behavior and suggesting the best courses of action to take.
For example, a simulation of a real turbine used to proactively identify issues before they actually occur in the real world. This enables system owners to predict failures ahead of time and eliminate risk.
However, simulating automotive software, and more specifically ECU firmware, can be a daunting task. Car subsystems vary a lot in complexity and architecture. There is a wide variety of CPU architectures, operating systems, frameworks, and flavors in use by the industry.
So what is this new solution about?
New virtualization and cybersecurity analysis technology enabled a new form of digital twins – Cybersecurity Digital Twins. These are virtualized constructs that are identical to in-vehicle components, following on-road and in-development vehicles. These new assets provide a basis for extensive risk analysis that once required an entire cybersecurity audit performed by a dedicated team. This analysis is performed on a digital twin – a solution that replicates and then simulates the original ECU firmware and performs proactive scans to proactively identify cyber risks such as vulnerabilities and other weaknesses.
In addition, this new form of digital twins also enables an entirely new capability, with benefits that were once unachievable with legacy risk assessment methodologies.
Continuous Risk Assessment
As stated earlier, risks change over time. In addition, the software itself changes as well. Some automotive software gets updated a few times a year. One-time risk assessments are providing only a single snapshot view of the risk posture.
Digital twins for automotive software offer the ability to continuously track new risks, vulnerabilities, exploits, and other threats. The twin version of the original ECU firmware is constantly monitored. The findings are compared with the original scan, and the differences are reported. This enables a continuous and timely update on the risks “hidden” within each firmware.
The Benefits of Cybersecurity Digital Twins
Maintaining twins of vehicle software components enable vendors to continuously monitor software-related risks, both for components in development, and for released vehicles.
Even when many revisions of component software are deployed (likely with remote OTA capabilities), the risk posture of each revision can be assessed in real-time, and enter the desired phase in the software life cycle.
For vehicles still in the pre-deployment phase, critical issues that might affect the vehicle’s reliability in any way can be escalated immediately back to the relevant supplier. Such issues affecting released vehicles can be considered for a recall or an OTA update if needed.
In short, OEMs and their suppliers are provided with full visibility on their asset risk posture.
Automotive OEMs and suppliers can no longer depend on legacy cybersecurity audits as their only source of information during the development or service phases of a vehicle’s lifecycle.
Digital Twins for Automotive Software offers a new approach to automotive software throughout the vehicle lifecycle. Software twins can help OEMs and suppliers to optimize and validate their designs. It also helps with improved operations of existing vehicles already on the road.
More specifically, software twins provide great benefits to the cybersecurity of ECU firmware. With this technology, risks can be promptly identified, assessed, and remediated, both for vehicles still in the development phase, but also in operational fleets. Cybellum’s security suite is such a cybersecurity digital twin solution for both creating and monitoring such twins for the automotive industry, catering to OEMs, suppliers, and alike.
For more information on this technology can be found in this whitepaper: Cybersecurity Digital Twins – a Novel Solution for Automotive Software.