New international standards and regulations for automotive cybersecurity - ISO 21434 and WP.29 - are almost out, and both push vendors to test all the software that gets into the car against all possible hacks and risks. However this is not as simple as it may sound.
Vehicles now have more than a hundred different independent electronic control units (ECUs). Each of these embedded systems controls a different subsystem of the vehicle. Some may be simple such as brake systems microcontrollers, others may be entire computers, such as infotainment or autonomous driving assistance systems.
In both cases, each ECU comes with its own distinct architecture and software. These could run from simple microcontrollers to complex Linux, Android or QNX based operating systems, and then there are also car controlling mobile apps and key fobs. They all sum up together to over a hundred million lines of code.
Historically, automotive security experts performed comprehensive one-off security audits on select components. These are no longer appropriate for the task, because the security posture of automotive software is a moving target. More software is added to cars - autonomous and semi-autonomous driving capabilities, additional safety technologies and entertainment portals.
In addition, the use of third-party operating systems and software libraries brings with it a constantly expanding risk as new issues get disclosed on a daily basis: new attack techniques arise, threat levels and severity of existing vulnerabilities get updated, and new threat intelligence is reported. Encryption keys and mechanisms weaken, or even get deprecated, as new research gets published.
Tracking and reviewing all of these changes against existing software is a daunting task. This becomes impractical as the number of software updates arises.
Cybersecurity Digital Twins
One recent solution developed for this problem is called Cybersecurity Digital Twins. These are virtualized constructs that are identical to in-vehicle components, following on-road and in-development vehicles. These new assets provide a basis for extensive risk analysis that once required an entire cybersecurity audit performed by a dedicated team.
This analysis is performed on a digital twin: a solution that replicates and then simulates the original ECU firmware, and performs proactive scans to proactively identify cyber risks such as vulnerabilities and other weaknesses.
In addition, this new form of digital twins also enables an entirely new capability, with benefits that were once unachievable with legacy risk assessment methodologies.
Continuous Risk Assessment
As stated earlier, risks change over time. In addition, software itself changes as well and some automotive software gets updated a few times a year. One-time risk assessments may only provide a single snapshot view of the risk posture.
Digital twins for automotive software offer the ability to continuously track new risks, vulnerabilities, exploits and other threats as the “twin version” of the original ECU firmware is constantly monitored. The findings are compared with the original scan, and the differences are reported. This enables a continuous and timely update on the risks “hidden” within each firmware.
The Benefits - Real-time Cybersecurity Assessment
Maintaining twins of vehicle software components enables vendors to continuously monitor software related risks, both for components in development, and for released vehicles. Even when many revisions of component software are deployed (likely with remote Over-the-Air (OTA) capabilities), the risk posture of each revision can be assessed in real-time, and enter the desired phase in the software life cycle.
For vehicles still in the pre-deployment phase, critical issues that might affect the vehicle’s reliability in any way can be escalated immediately back to the relevant supplier. Such issues affecting released vehicles can be considered for a recall or an OTA update if needed. In short, OEMs and their suppliers are provided with full visibility on their assets risk posture.
Conclusion
Automotive OEMs and suppliers can no longer depend on legacy cybersecurity audits as their only source of information during the development or service phases of a vehicle’s lifecycle.
Digital Twins for Automotive Software offers a new approach to automotive software throughout the vehicle lifecycle. Software twins can help OEMs and suppliers to optimize and validate their designs. It also helps with improved operations of existing vehicles already on the road.
More specifically, software twins provide great benefit to the cybersecurity of ECU firmware. With this technology, risks can be promptly identified, assessed and remediated, both for vehicles still in the development phase, but also in operational fleets.
Cybellum’s security suite is such a cybersecurity digital twin solution for both creating and monitoring such twins for the automotive industry, catering to OEMs, suppliers and alike.
For more information on this technology can be found in the whitepaper: Cybersecurity Digital Twins - a Novel Solution for Automotive Software
Eyal Traitel is Head of Customer Success at Cybellum. In his role, he is managing the customer facing activities, working closely with automotive OEMs and suppliers’ product security teams on implementation of risk assessment solutions, developing customer education programs and technical content around automotive cyber security and standards compliance.
Eyal has over 23 years of global experience in the enterprise software industry, encompassing product, marketing, IT, customer success, support, engineering, pre-sales and consulting.