Section 2: Cyber Challenges for AutomotiveManufacturing

  • Chapter 3: Cybersecurity basies
  • Chapter 4: Cybersenarity chailenges in CAV's
  • Chapter 5: OT Cybersenurity: Securing Manufacturing Networks

Chapter 3: Cybersecurity Basics

Chapter Overview

This chapter is aimed at the Cybersecurity novice and details the core cybersecurity management concepts starting with the A-I-C Triad. The Cybersecurity novice needs also to understand basic Cybersecurity concepts to apply these to automotive cybersecurity best practices. Privacy is highlighted as a major concern for the automotive sector as tracking of vehicle information could impact the safety of the humans using any vehicle. Hacking also remains a great concern in this sector as Cyber best practices are still not followed in many automotive organizations and leads to incidents of Ransomware and more severe breaches of the organization's data assets.

The A-I-C Triad

The A-I-C or the C-I-A Triad stands for Availability, Integrity and Confidentiality which are considered the three pillars of Cybersecurity. During a risk assessment process, every threat to a system's Cyber posture is evaluated in terms of its impact to the Availability, Integrity and Confidentiality of that system. In case the risk from a specific threat is deemed above acceptable levels, risk mitigation techniques must be utilized to bring it to a manageable level.

Reference

Let us explore each one of these pillars individually.

Availability

In terms of Cybersecurity, Availability is the ability of an eco-system to ensure the reliable and timely access to data or computing resources by the appropriate authorized personnel. The reverse of Availability is Destruction as it makes unavailable the access to data or computing resources to the appropriate personnel as and when needed by them.

There are many aspects to the loss of Availability to a computing resource. This loss could be severe as in the case of loss of data processing capabilities due to natural disasters or human actions or it could be intermittent such as the loss of availability caused by a Denial of Service (DoS) attack. A Denial of Service (Dos) attack happens when an intruder carries out specific actions that tie up computing services and the system becomes unstable or even unusable for authorized users. However, whether the impact to availability is low, medium, or high, an organization needs to have risk-mitigating controls in place to counter scenarios that might have an adverse effect on the Availability tenet of the A-I-C Triad.

These controls can be Physical Controls, Technical Controls, or Administrative Controls.

Physical Controls are designed to prevent loss of availability due to physical damage. These include preventing unauthorized personnel from physically entering restricted areas, ensuring fire & water control mechanisms are implemented, developing Hot, Warm and Cold sites for data processing, and having Off-site backup storage facilities.

Technical controls that address Availability include Fault-tolerance mechanisms, Electronic Vaulting, and Access control software. Electronic Vaulting is the term used for backing up data and transmitting the output electronically to a secured offsite storage location. In the age of the Cloud, this is a common practice and used by most SaaS apps.

Finally, Administrative Controls that can address Availability include Access control policies, Operating procedures, Contingency planning, and User training. All these are best practices for limiting impact to the Availability tenet and can be utilized to prevent destruction of a computing asset.

Integrity

The second pillar of the A-I-C Triad is Integrity. Its aim is to ensure that

  • Modifications cannot be made to data by unauthorized personnel or processes
  • Unauthorized modifications cannot be made to data by authorized personnel or processes
  • The data are internally and externally consistent

The reverse of Integrity is Alteration i.e., modification of data that would adversely impact the Integrity of data. The basic principles to establish Integrity Controls are Need-to-know Access (Least Privilege), Separation of Duties and Rotation of Duties. The principle of Need-to-know Access (Least Privilege) highlights that Users should be granted access only to those files and programs that they absolutely need to perform their assigned job functions. The second principle is that of Separation of Duties which states that no single employee should have control of a transaction from beginning to end and that two or more people should be responsible for performing any transaction. This ensures that no unauthorized modifications can be done to data even by authorized personnel and helps reduce insider threats.

Confidentiality

Confidentiality is the third and final pillar of the A-l-C Triad. Confidentiality protects against the intentional or unintentional unauthorized disclosure of any message and its reverse is Disclosure.

There are many threats to Confidentiality. These include Hackers, Masqueraders, Unauthorized user activity, Unprotected downloaded files, Networks, Trojan Horses and Social Engineering.

A Hacker or Cracker is someone who bypasses a system's access controls by taking advantages of security weaknesses that the system's developers have left in the system. On the other hand, a Masquerader is an authorized, or unauthorized, user of the system who has obtained the identity of another user. Thus, he or she can gain access to files available to an authorized user by pretending to be that authorized user. Another threat to Confidentiality is Unauthorized user activity. This occurs when authorized users gain access to files that they are not authorized to access. In the age of the Cloud, unprotected download of files and data is another major threat to Confidentiality. Downloading data from a secure location to an unsecure system can severely compromise the confidentiality of information. Networks also can be used to compromise the confidentiality of data as data flowing through the networks can be viewed at any node of the network. A good example of this is "Account Harvesting" done on unencrypted user IDs and secret passwords. Another tool that can be used to enable Disclosure are Trojan Horses. They can become resident on a target system and can routinely copy confidential files to unprotected resources which can then be transmitted to a hacker. Finally, Social Engineering is one of the easiest forms of enabling Disclosure as human beings are always the weakest link in any cybersecurity chain. This is a non-technical method of intrusion and relies heavily on human interaction.

Data Classification is important to ensure Confidentiality. Data assets must be classified based on their importance with labels such as public, sensitive, confidential, proprietary, private, and critical. Only when such a classification scheme is in place, data assets can be appropriately protected based upon their dassification level and the confidentiality of the data element maintained.

Key Cybersecurity Concepts

Below are a few key Cybersecurity concepts whose understanding is essential for developing a holistic Cybersecurity profile of an organization.

Identity Management

To understand Identity Management, the term of Identification must be clearly defined. For Cybersecurity, identification is defined as the means through which a user's claim to his or her identity to a specific system is verified and validated. Based on this definition, Identity management is a key component of an organization's access control architecture, as it helps validate the identities of the organizations users' before granting them the right level of access to any system and data.

Access Control

Access Control is the discipline of managing a specific user's access to resources to keep systems and data secure and protected. Access Control has three main areas

  • Authentication: The testing of the evidence of a user's identity (Identity Management)
  • Authorization: The rights & permissions granted to an individual or process after the individual has been authenticated
  • Accountability: A system's ability to determine the actions and behavior of a single individual within a system

The terms' identity management, authentication, and access control are used interchangeably. However, it is important to emphasize that each of these functions individually serve as distinct tiers for enterprise security processes.

Least Privilege

As discussed in the Integrity pillar of the A-l-C Triad, another best practice for cybersecurity is the principle of Need-to-know Access (Least Privilege). This principle emphasizes that the access granted to any data element should be limited to the bare minimum access level that is absolutely needed to perform the specific assigned activity. The principle of Least Privilege is applicable to any user, program, or process in a secure environment. Example of this principle are Read, Write & Execute privilege levels that are applied to specific data files for specific user access.

Separation of Duties

Separation of Duties is the second principle of the Integrity pillar of the A-I-C Triad and states that no single employee should have control of a transaction from beginning to end and that two or more people should be responsible for performing any transaction. This ensures that no unauthorized modifications can be done to data even by authorized personnel.

Encryption

Encryption is an important cybersecurity countermeasure that protects both data at rest and the data in transit. Encryption basically scrambles data using a "key" and makes the data unreadable for unauthorized users. During the encryption process, an authorized user utilizes a key with a specific encryption algorithm to make the "plaintext" data unreadable. On the other end, during the decryption process, the same user or another authorized user employs the same key with the same encryption algorithm to decrypt the "ciphertext". This means any unauthorized user cannot read the data transmitted until he or she has the key to decrypt the ciphertext.

An example of such encryption methodology is the Secure Sockets Layer (SSL). This is the data encryption methodology used by many websites to protect vital user data by preventing attackers from accessing sensitive user data that is moving to and from the website. This includes such critical data as user credentials, banking transactions and tax information. As SSL has become "breakable" ", it has now been replaced by Transport Layer Security (TLS).

Logging

System logging is a critical task of corporate technology environment. This is essential for traceability of user actions and events on any system. Most Cyber standards & regulations such as ISO 21434, PCI-DSS, SOX, ISO 27001 and others require the enabling of system logging as one of the controls required for compliance to that framework. Any organization using technology must constantly be logging and should do so by investing in a reliable logging solution. The organization must define what needs to be collected and the parameters needed to analyze this data. Also, an archive policy must be defined that enumerates what to archive and how long to archive that data. Further traceability is ensured by providing time stamps and certificates. Finally, in case the organization needs to follow specific Cyber standards or regulations, the accessibility to sensitive data also needs to be regulated.

Security Audits

Security audit is an important component for securing a technology system. security audit is carried out to evaluate the functioning of a system and to determine the conformity or nonconformity of the system elements with any specified cybersecurity requirements or standards. Security Audits are needed to determine whether the implemented system is effectively meeting the specified cybersecurity objectives. This offers an opportunity for improvement to the system's cybersecurity profile and ensures that statutory & regulatory requirements are met for operating that system.

Fail Secure

Fail Secure means that if a device fails for any reason, it must fail in a manner which secures any data or environment it protects. A good example of this principle is the application of Fail Secure to a perimeter protection device such as a firewall. If a firewall fails in a manner (open) that is not secure, information external to the boundary protection device may enter, or the device may permit unauthorized information to be released to external parties. Thus, Fail Secure must ensure that the firewall fails in a manner that all traffic will be subsequently denied.

Defense in Depth

Any system should have a requirement to ensure whether the appropriate security measures are in place to prevent systems and networks from being compromised. Unfortunately, there is no single method that can successfully protect against every single type of attack. This is where the Defense in Depth architecture comes into play. Defense in Depth is a multi-layered defensive mechanism implemented to protect valuable data and information. If one mechanism fails, there is another layered mechanism that can also thwart an attack. This approach with intentional redundancies increases the cybersecurity of a system as a whole and addresses many different attack vectors.

Security By Design

Security by Design is an important concept in Cybersecurity. It means that organizations start building Cybersecurity into their product in the design stage of the development effort. Indeed, this should be done even earlier, at the concept stage, to ensure that Cyber best practices and solutions are employed to ensure that the system / component is secure.

Security by Design is focused on a proactive approach by preventing vulnerabilities that might be used by attackers to gain access into the system. This is opposite to a reactive approach in which organizations only try to respond and recover from Cyber attacks without any previous preparation or secure software development. However, in order to ensure Security By Design, an organization must have a culture of Cybersecurity ingrained into its very fabric. Only then, the organization shall ensure that Cybersecurity best practices are followed at every level of the organization and all stakeholders involved in enabling the Cybersecurity profile of the organization are onboard.

Privacy: A major concern in the Automotive sector

privacy deserves a special mention when it comes to general cybersecurity terms as it is often differentiated from security of data. Privacy basically means the level of confidentiality a specific user's personal information is provided. Privacy of personal sensitive and private data, communications, & preferences is protected through several techniques & technologies and is influenced by many varying factors such as jurisdiction, privacy laws, type of data asset and security controls implemented. There are many regulatory & ethical Privacy frameworks that define requirements to protect individuals from substantial harm, embarrassment, or inconvenience due to the inappropriate collection, storage, or dissemination of personal information.

The Automotive sector has many major privacy concerns as great amounts of Personally Identifiable Information (PII) is collected by various stakeholders in the automotive sector. These include names, addresses, dates of birth, financial information, and user preferences. Apps in Connected Vehicles are also tracking user behavior and geolocation data for insurance, navigational guidance, and driver incentive purposes. This means that privacy has become an even bigger concern as Mobility undergoes the CASE transformation, as defined in Chapter 2 of this book.

Hacking & its Impact

Although, hacking is just one of several risks that Cyber Governance is used to manage, there can be no conversation on Cybersecurity without the mention of an organization being hacked. The organizations usually mentioned are highly visible brands and leaders in their own industry sectors. However, every day, thousands of smaller entities & individuals are hacked, and critical data assets stolen. Therefore, it is imperative for a Cyber SME to understand the various forms of hacking and its impact on an automotive organization.

Merriam-Webster dictionary defines Hacking? as "to gain illegal access to (a computer network, system, etc.)". However, a more precise definition of Hacking is the "attempt by an unauthorized individual to gain access to a computer system or network by exploiting the vulnerabilities present in that computer system or network". Hackers are the individuals who attempt and succeed in entering a computer system or network through the act of hacking.

Usually, hackers are differentiated between Blackhat & Whitehat hackers. Blackhat hackers use hacking to commit cyber crimes for personal financial gain by means of cyber espionage or cyber extortion. Whitehat hackers, on the other hand, provide "Ethical Hacking" services to proactively protect an organization's critical computing assets. Based on the above differentiation of hackers, a more accurate characterization of hacking would be "extensive and detailed technical knowledge about computers and networks that enable an individual to bypass the system security built into the computing environment".

The below section explores many different forms of hacking techniques that are used to impact the A-I-C Triad of any computing asset.

Malware

Malware is short for "malicious software," and describes any malicious software, program or code that can cause harm to a computing resource. Malware is designed to be intrusive and is hostile in its intentions as it has severe negative impact on the performance of a computer system. Malware can be used to damage or take over control of computers, networks, tablets, and mobile devices.

Virus

Like a human or animal virus, a computer virus is a form of malware that can self-replicate itself by copying itself to another program. Hackers use computer viruses to infect vulnerable systems to gain control of the target system and steal user data. Viruses are usually propagated by tricking a trusting user to take an action that copies the virus into that individual's computer. This could be done by the user visiting an infected website or by opening an attachment in an email. It could also be enabled by clicking on an executable file or by viewing an infected advertisement on the Internet. Another way for a computer virus to propagate itself is by connecting to a USB device that is already infected by a virus.

Ransomware

The US governments' Cybersecurity and Infrastructure Security Agency (CISA) describes Ransomware as "the type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid" Ransomware is easy to protect against by having a Cyber mindset in the organization through a comprehensive & continuous User Cyber Awareness Program. Ransomware is only successful with the cyber-extortion of users & organizations who do not take cybersecurity seriously and do not follow cyber best practices.

Phishing

Phishing is a cyber attack that uses email to trick the email recipient into accepting the authenticity of the message in the email body. This trust makes the user click a link or download an attachment to the email. Phishing is, in fact, a form of spoofing i.e., a disguised form of communication that shows the communication from an unknown source to come from a known, trusted source. An example of a phishing attack is an email that is spoofed to be a request from a user's bank asking the user to click on a specific link to update contact information.

There are many forms of phishing attacks. Spear phishing is a form of phishing that is used to send tailored messages to targeted individuals or organizations. This is more sophisticated than sending out mass phishing attacks that might ensnare any user on the internet. An even more specific form of phishing attack is a whaling attack. The whaling phishing attack targets high-profile employees of a target organization, such as senior company executives, to steal sensitive confidential information from that specific company.

Finally, there is the Smishing attack. Smishing is short for "SMS phishing". Even though, it uses SMS messages as its attack vector rather than emails, it is still a form of a phishing attack. The aim in the case of a Smishing attack is for the user to be tricked into downloading malware onto his or her mobile device.

Denial of Service

Denial of Service attacks are a specific type of hacking attacks that aim to overwhelm the resources of the target system so that authorized users can no longer use the target system for normal use. An example of such an attack is the Smurf Dos attack that utilizes ICMP traffic to overwhelm & block the network bandwidth of a targeted organization and thus make organizational resources unreachable.

In a Smurf Attack, the initial ping request to the destination has a spoofed source IP address of the target organization. This means that all ping responses from any system would be directed to the apparent source of the packet, i.e., the spoofed address of the target. As the number of machines replying to the ping request increase, the number of response packets attacking the target increase.

The intensity of a Denial of Service (DDOS) attack can be increased manifold by using a Distributed DoS (DDoS) attack. In this method, Botnets are used to intensity the attack on the target system or network. Botnets are basically a collection of compromised Internet-connected devices whose control has been taken over by the hacker. These could be computers, smartphones or loT devices (vehicles) which had vulnerabilities due to non-compliance with security best practices. A nightmare scenario would be using a million vehicles as bots to propagate a DDoS attack.

Figure 8 DDoS in Connected Vehicles

Vehicles are basically bots-on-wheels. A DDoS attack scenario can be war-gamed where millions of vehicles can be used to carry out a DDoS attack and degradation of the entire CAV eco-system made possible.

DNS Hijacking Attack

DNS Hijacking attacks are carried out by attackers when they change the DNS record of a target domain. The aim of DNS servers is to translate IP addresses and the networking info into human readable domain names. This enables an individual going to reputable sites such as yourbank.com to visit that site instead of trying to remember the IP addresses of these and millions of other websites on the Internet today.

There are several reasons why an attacker might carry out a DNS Hijacking attack. It could be used as another method of initiating a DoS attack. A Dos attack done via a DNS Hijacking attack enables attackers to compromise the target website and redirect legitimate users to an alternate system. Thus, authorized users cannot continue to use the resources of the original target system as intended.

A second reason why an attacker might want to use a DNS hijacking attack is to gather sensitive information. When legitimate traffic for a specific domain is redirected to a server of the attacker's choosing, this traffic redirection can be used to harvest user information that contain sensitive information. Such a system can be used as part of a phishing attack if the attacker can compromise the DNS information of the target organization.

Another illustration of collecting information via a DNS hijacking is the use of the target domain name for email communication. This not only includes capture of all in-bound email, but it can also be used by the attacker to send email masquerading as the target organization. This enables the attacker to cash in on the positive reputation of the target organization. An example of this is the use of the domain name of a reputable charity to defraud victims by collecting funds on behalf of the charity.

Insider threats

Insider threats should always be considered as a major threat by an organization while developing its Cyber Governance program. This is because insiders always have a higher level of access to data & resources and need to be trusted to perform their work in accordance with organizational policies and procedures. However, a malicious actor can cause considerable damage if that individual is an insider. The impact could include Denial of Service of a service through physical manipulation or damage to the hardware or physical infrastructure of the organization. Furthermore, an organization may even suffer data breaches or information leakage through malicious internal actors through damage, theft, or loss of critical assets.

Cyber Governance, Risk & Compliance (GRC)

The impact of hacking and other Cyber incidents can be mitigated by implementing a comprehensive Cyber Governance, Risk & Compliance (GRC) program. The aim of such a program is to ensure that the organization takes a proactive approach towards enhancing its Cyber profile and ensures that a holistic Cyber Governance strategy is in place to enable the protection of data and other critical assets of the organization.

A comprehensive Cyber Governance program begins with planning of the organization structure and the roles of individuals who would be stakeholders in the effort to identify and secure the organization's data assets. It goes on to ensure that effective employment agreements are developed by the Human Resources department of the organization based on best practices for employee hiring. These best practices include background checks and job descriptions, security clearances, separation of duties & responsibilities, job rotation and termination practices.

It is critical to develop a high-level Cybersecurity policy for the entire organization that defines the vision of the organization with respect to the Cybersecurity profile of the organization. Furthermore, the organization needs to develop and use specific policies stating corporate position on various topics and the use of guidelines, standards, baselines & procedures to support those policies. Here, it is also important for the company employees to understand the differences between policies, guidelines, standards, baselines & procedures, and the priority of these documents in terms of their application to information security management in the organization.

From a human resource perspective, an important component is the Security Awareness Education for all employees of the organization. This is needed to make employees aware of the importance of cybersecurity, its significance, and the specific security related requirements relative to their position.

Data classification is also an important element of the Organization's Cyber Governance Program as data protection policies & controls can only be applied by Data Custodians based on the data classification assigned to a data element by its owner. This includes data elements that are sensitive, confidential, proprietary, private, critical, or even public information.

Risk Management

An essential part of a comprehensive Cyber Governance program is Risk Management, and it is crucial to develop a thorough set of risk management practices and tools to identify, rate, and reduce the risk to information assets of the organization. These best practices and tools should include the below areas of Risk Management:

  • Asset identification and evaluation
  • Threat identification and assessment
  • Vulnerability and exposures identification and assessment
  • Calculation of Single Occurrence loss and annual loss expectancy
  • Safeguards and countermeasures

This topic will be explored in detail in Chapter 7 of this book.

Other Considerations

There are many other aspects to consider while developing a holistic Cyber Governance Program. These include the principles & controls that protect data against compromise and inadvertent disclosure and ensure the logical correctness of an information system; the consistency of data structures; and the accuracy, precision and completeness of data stored. Furthermore, the availability tenet of the A-I-C Triad must also be considered and the best practices that ensure that computer resources will be available to authorized users when they need it.

considerations include:

  • The purpose of, and the process used for reviewing systems records, event logs and activities.
  • The importance of managing change and its impact through a documented and controlled Change Management process.
  • The application of commonly accepted best practices for system security administration, including the concepts of least privilege, separation of duties, job rotation, monitoring and incident response.

Finally, it is important to define the internal control standards that are required to satisfy obligations with respect to the law, safeguard the organization's assets and account for the accurate revenue and expense tracking.

What you Learned in this Chapter

The chapter has detailed the below:

  • Understanding the A-I-C Triad and its criticality to the security of any data asset
  • Enumeration of Privacy as it has great impact on Automotive Cybersecurity
  • An overview of the key cybersecurity concepts such as providing Least privileges for the employees, Separation of duties, Encryption and Defense in Depth.
  • The different Cyber threats including malwares and attacks like DOS, DNS Hijacking attacks that compromises the Organization's assets.
  • The importance of the Cyber Governance, Risk & Compliance implementation in an organization to safeguard the valuable assets and data of the company.

Reference

Last Updated: