Hackers continue to conduct cyberattacks to make money and cause chaos, and those cybercriminals’ increased attention on vehicle fleets is an emerging trend. Monique Lance, marketing director for cybersecurity company Argus, notes that many vehicles contain 100 or more electronic control units.
“They are made up of a lot of complex software,” Lance said in a telephone interview from Argus’ Tel Aviv, Israel headquarters. “Vehicles have more code than a fighter jet.”
Because of that software and the fact that the vehicles are connected to the Internet, they are vulnerable to cyberattacks, Lance added.
She continued on to note that companies running large vehicle fleets are attractive targets for cyberattackers, who attempt to damage or destroy computer networks or systems. Lance said the prospect of holding a fleet for ransom is an attractive one for hackers.
Since the mid-1990s, OBDII ports in vehicles have provided very easy means for attackers to penetrate a vehicle. Vehicle manufacturers that originally installed OBDII ports did so with little thought to cybersecurity at the time, Lance said.
“That provides attackers direct access to the in-vehicle network, where you have brakes, steering, and other components that are safety critical,” Lance said. “When we’re looking at businesses that depend on running these large fleets, you can imagine how attractive that would become to a cyberattacker.”
OBDII ports provide just one means of accessing a vehicle, Lance said. Attackers can also take control remotely via cellular connections, WiFi, Bluetooth, navigation systems, and more. These remote attacks are potentially much more dangerous because they are scalable.
Preventing and Responding to Attacks
The increasing vulnerability of vehicles is the main reason why automotive component manufacturer Continental AG recently decided to offer cybersecurity solutions from Argus and automotive software company Elektrobit, pre-integrated into their connected vehicle electronics products such as telematics units, infotainment systems, and gateways.
Continental notes that its cybersecurity program allows OEMs and fleets to prevent, understand, and respond to cyberthreats. Elektrobit offers security software to help prevent possible attacks, such as authenticated identification, secure updates, and remote analytics and diagnostics.
Argus provides products that offer additional protection from cyberattacks against the vehicle as well as the ability to detect and respond to attacks in real-time on telematics and head units, advanced driver assistance systems (ADAS), other high-performance ECUs, and embedded ECUs. Argus Lifespan Protection is an automotive security operations center that provides OEMs and fleet managers visibility into the cyber health of their fleets, analysis of cross-fleet information to generate insights into the nature of attacks when they happen, identification of emerging threats, and a rapid response to incidents by immunizing the fleet.
Just as important as preventing cyberattacks and threats, Lance emphasized the new offering from Continental, Argus, and Elektrobit provides fleets and automakers with the ability to learn when an actual attack takes place, to understand the scope of the attack after it takes place, and how to respond immediately.
“Everything we do is based on a comprehensive approach that will enable fleet managers and automakers to secure their vehicles throughout the lifespan, even while they’re on the road, which is also critical,” she said.
Cyberattacks on Fleet
Lance said trucks’ common communication protocols make attacks easier. When cybercriminals can create one hack that could affect an entire fleet of trucks, that means less of a monetary investment for them. “When it comes to cybersecurity, it’s all about reducing the return on investment for the cybercriminal,” she said. “The more effort they need to put in and the more investment they need to make, the less likely they will be to target your vehicle. If they find there is common protocol across a fleet of trucks, hacking one truck will mean they will be able to hack many more, and it will make it more attractive to them.”