NHTSA and Vehicle Cybersecurity
In 2013, 32,719 people died on the Nation's roadways. Sadly, NHTSA estimates 94 percent of highway crashes are a result of human error. Today's electronics, sensors, and computing power enable the deployment of safety technologies, such as forward-collision warning, automatic-emergency braking, and vehicle-to-vehicle technologies, which can keep drivers from crashing in the first place. Given the potential of these innovations, NHTSA is looking at all of our tools, as well as exploring new ones, that can be used to deploy these technologies in safe and effective ways, taking steps to address the new challenges they pose — particularly with respect to cybersecurity.
Many people are familiar with the concept of cybersecurity. Over the last few decades, our lives have been revolutionized by the rapid connectivity made possible by computers, the Internet, satellites and other technologies. As these systems became integral to our daily lives, so too did the potential for attacks to those same systems. Cybersecurity rose out of necessity to protect these vital systems and the information contained within them. Applied to vehicles, cybersecurity takes on an even more important role: systems and components that govern safety must be protected from malicious attacks, unauthorized access, damage, or anything else that might interfere with safety functions.
For these reasons, vehicle cybersecurity was never an afterthought for NHTSA. In exploring the potential of connected vehicles and other advanced technologies, NHTSA remained aware that cybersecurity would be essential to the public acceptance of vehicle systems and to the safety technology they governed.
To ensure a robust cybersecurity environment for these dynamic new technologies, NHTSA modified its organizational structure, developed vital partnerships, adopted a layered research approach, considered legislative additions, and encouraged members of the industry to take independent steps to help improve the cybersecurity posture of vehicles in the United States. NHTSA's goal is be ahead of potential vehicle cybersecurity challenges, and seek ways to address or avoid them altogether.
What Is NHTSA Doing?
In 2012, NHTSA modified its research organization to focus on vehicle electronics, including cybersecurity. NHTSA established a new division, Electronic Systems Safety Research, to conduct research on the safety, security, and reliability of complex, interconnected, electronic vehicle systems. More recently, NHTSA expanded its research and testing capabilities in vehicle electronics at the Vehicle Research and Test Center in East Liberty, Ohio. Together, these entities execute research programs in three main areas:
- electronics reliability (including functional safety)
- automotive cybersecurity
- automated vehicles
They are responsible for evaluating, testing, and monitoring potential automotive cyber vulnerabilities, and for leading the agency's research of highly automated vehicles.
NHTSA also established an internal agency working group, the Electronics Council. This council is responsible for collaborating more broadly on issues related to vehicle electronics, including cybersecurity, across the entire NTHSA organization with particular focus on the Research, Rulemaking, Data, Enforcement, and Chief Counsel offices.
NHTSA’s Research Approach
To help develop a comprehensive approach to address cybersecurity challenges in automobiles, NHTSA consulted other government agencies, vehicle manufacturers, suppliers, and the public. The approach covers various safety-critical applications deployed on current vehicles, as well as those envisioned for future vehicles that may feature more advanced forms of automation and connectivity. The Agency's multilayered approach to cybersecurity has the following goals:
- Expand the knowledge base to establish comprehensive research plans for automotive cybersecurity and develop enabling tools for applied research in this area;
- Facilitate the implementation of effective, industry-based best practices and voluntary standards for cybersecurity and cybersecurity information-sharing forums;
- Foster the development of new system solutions for automotive cybersecurity;
- Research the feasibility of developing minimum performance requirements for automotive cybersecurity; and
- Gather foundational research data and facts to inform potential future Federal policy and regulatory activities.
In October 2014, NHTSA published four cybersecurity reports that describe the agency’s initial work to support the goals outlined in its Automotive Cybersecurity Research Program.
- Assessment of the Information Sharing and Analysis Center Model
This report presented findings from an assessment of the ISAC model, and how ISACs are effectively implemented in other sectors. The report also explains how a new sector ISAC could be formed by leveraging existing ISAC models. This report was sent directly to the Association of Global Automakers and Alliance of Automobile Manufacturers to aid with their automotive ISAC activities.
- A Summary of Cybersecurity Best Practices
This report documented results from the analysis and review of best practices and observations across a variety of industries in the field of cybersecurity involving electronic control systems. It provides benchmarks for the agency and the industry.
- Characterization of Potential Security Threats in Modern Automobiles: A Composite Modeling Approach
This report described a composite modeling approach for potential cybersecurity threats in modern vehicles. Threat models, threat descriptions, and examples of various types of conceivable threats to automotive systems are included, along with a matrix containing a condensed version of the various potential attacks.
- National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework Applied to Modern Vehicles
This report reviewed the NIST guidelines and foundational publications from an automotive cybersecurity risk management standpoint. The NIST approach is often used as a baseline to develop a more targeted risk management approach for use in specific industries and sectors.
As mentioned, NHTSA’s research program takes a layered approach to cybersecurity for automobiles. What this means is that we assume all entry points into the vehicle, such as Wi-Fi, infotainment, the OBD-II port, and other points of potential access to vehicle electronics, could be potentially vulnerable. This way, NHTSA focuses on solutions to harden the vehicle’s electrical architecture against potential attacks and to ensure vehicle systems take appropriate safe steps even when an attack may be successful. A layered approach to vehicle cybersecurity reduces the probability of attack and mitigates the potential ramifications of a successful intrusion.
At the vehicle level this approach includes the following four main areas:
- Protective/preventive measures and techniques: These measures, such as isolation of safety-critical control systems networks or encryption, implement hardware and software solutions that lower the likelihood of a successful hack and diminish the potential impact of a successful hack.
- Real-time intrusion (hacking) detection measures: These measures continually monitor signatures of potential intrusions in the electronic system architecture.
- Real-time response methods: These measures mitigate the potential adverse effects of a successful hack, preserving the driver's ability to control the vehicle.
- Assessment of solutions: This involves methods such as information sharing and analysis of a hack by affected parties, development of a fix, and dissemination of the fix to all relevant stakeholders (such as through an ISAC). This layer ensures that once a potential vulnerability or a hacking technique is identified, information about the issue and potential solutions are quickly shared with other stakeholders.
NHTSA also has examined whether legislative provisions might further improve the cybersecurity posture of vehicles. The U.S. Department of Transportation (USDOT)'s GROW AMERICA legislative proposal includes liability for hackers, clarifying authority for the agency to issue process rules or guidelines for the safe development of new systems, and imminent hazard authority that would enable swift action to protect the public from cybersecurity vulnerabilities and other safety threats. We believe the legislative proposals contained in GROW AMERICA will allow the agency to stay ahead of cybersecurity challenges.
Who Is NHTSA Working With?
NHTSA maintains significant interactions with vehicle manufacturers, other government agencies, automotive suppliers, and the security research community regarding potential cyber threats and vulnerabilities. Some interactions involve the security community conducting research on behalf of the agency while other interactions are information exchanges.
Engagement With the Automotive Industry
On July 14, 2014, NHTSA challenged the automotive industry to form an Information Sharing and Analysis Center (ISAC) to help the industry proactively and uniformly address cybersecurity threats. ISACs were created as a result of Presidential Decision Directive 63, which sought ways for public and private sector partners to share information about physical and cyber threats to critical infrastructure. Today, ISACs are used in over a dozen critical infrastructure areas, such as surface transportation, finance, and energy. NHTSA believes an automotive industry ISAC is a critical piece of vehicle cybersecurity infrastructure, as manufacturers and suppliers are in the best position to identify weaknesses in their own products. As vehicle cybersecurity and the role of an automotive ISAC mature, identification of those weaknesses can be made during the engineering phases, so they can be corrected earlier in the process. The auto industry announced the formation of an ISAC in July of 2015.
Below are a few examples of NHTSA’s partnerships on cybersecurity issues.
- NHTSA holds detailed meetings with technical leads at OEMs and Tier 1 suppliers regarding their cybersecurity initiatives, processes, risk assessment and product/process plans to design security into their products.
- NHTSA meets with suppliers in the aviation, space, and defense industries to learn about their approaches to secure design for safety-critical embedded control systems, as well as evolutions that transpired in those industries over time.
- NHTSA is a regular participant in various widely attended security conferences and events, such as DefCon; Blackhat; Embedded Security in Cars (ESCAR); the Defense Advanced Research Projects Agency (DARPA)'s High Assurance Cyber Military Systems (HACMS) and National Science Foundation (NSF)'s Principal Investigators conferences; and the CyberAuto Challenge. NHTSA holds discussions with white-hat hackers who have demonstrated experience in this domain. In addition, NHTSA co-organizes the biannual Enhanced Safety of Vehicles conference and the annual SAE Government-Industry meetings, which address cybersecurity among other topics.
- NHTSA serves as a liaison to SAE International's Vehicle Electrical Security System committee and participates in their meetings.
- NHTSA works closely with other Federal organizations with interests in automotive cybersecurity. For instance, we have been interacting with DARPA and their HACMS program leaders and are pursuing a research project to develop a secure reference parser for Vehicle-to-Vehicle (V2V) communication interfaces based on DARPA's extensive research and experience in this area. We also collaborate with the U.S. Department of Homeland Security (DHS), NIST, and the U.S. Army Tank Automotive Research, Development, and Engineering Center (T ARDEC) in different capacities to leverage synergies, avoid redundant emphasis, and share knowledge and expertise.
V2V & V2I Communications and Security Infrastructure
For the past several years, USDOT, NHTSA, vehicle manufactures, automotive suppliers, security experts, and other government agencies have been developing Dedicated Short Range Communications (DSRC) radio technology and the associated architecture and protocols to support trusted vehicle-to-vehicle and vehicle-to-infrastructure communications. We are finalizing the architecture and have research plans to conduct full-scale vulnerability testing and to address any security issues that emerge from that testing. In addition, as NHTSA pursues its regulatory efforts, the agency will propose and seek comments on various aspects of the architecture including the protocols that will ensure interoperability and security.
NHTSA and its partners are developing a Public Key Infrastructure (PKI) based system, termed the “Security Credential Management System” (SCMS), for ensuring trusted and secure V2V and V2I communications. PKI security architectures and methodologies are already used extensively in the auto industry. The SCMS would employ highly innovative methods, encryption, and certificate management techniques to address the challenging task of ensuring trusted communications between entities that previously have not encountered each other—but also wish to remain anonymous (as is the case when vehicles/drivers encounter each other on the road). This is further detailed in NHTSA's publication, Vehicle to Vehicle Communications: Readiness of V2V Technology for Application.
In addition, USDOT and NHTSA will adhere to the fullest extent possible to industry consensus standards applicable to V2V and V2I DSRC-based communications. These include the Institute of Electrical and Electronics Engineers (IEEE) P 1609 and 802.11 P standards that cover communication protocols, as well as SAE International standards that address communications performance, applications, and data coding requirements.
USDOT also intends to work with DARPA to identify potentially unique cyber vulnerabilities associated with establishing a standardized wireless link with motor vehicles, and develop countermeasures and solutions for such vulnerabilities.
No single approach is sufficient because in the cybersecurity realm, those involved must keep moving, adapting, and improving. To that end, NHTSA will continue to explore numerous approaches, including internal research, independent testing, analysis conducted by the agency, and communication. NHTSA cannot do this alone, but neither can vehicle manufacturers or suppliers. Our efforts will need to be collective, collaborative, and complete.
As Secretary Foxx said on May 13, 2015, "The Department wants to speed the Nation toward an era when vehicle safety is not just about surviving crashes; it is about avoiding them. Connected, automated vehicles that can sense the environment around them and communicate with other vehicles and with infrastructure have the potential to revolutionize road safety and save thousands of lives." To do this, cybersecurity must be an integral part of vehicle engineering, manufacturing, and enforcement. NHTSA already is laying the groundwork needed for the road ahead, and looks forward to working with Congress, manufacturers, suppliers, and the American public in our exciting transportation future.