Enhancing CAM Cybersecurity for Connected Vehicles

Connected and Automated Mobility (CAM) cybersecurity is crucial to safeguarding connected vehicles from cyber threats. The project focuses on developing Vehicle Security Operations Center (VSOC) capabilities, utilizing SIEM/UEBA modules to monitor, detect, and respond to potential cyberattacks. By collecting and analyzing data from vehicle ECUs, networks, and backend servers, the VSOC aims to prevent financial, operational, safety, and privacy losses, ultimately enhancing cybersecurity for post-production phase connected vehicles.

• CAM cybersecurity
• Connected vehicles
• VSOC
• SIEM/UEBA
• Cyber threats

matt_903 Follow

Uploaded on Feb 28, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Connected and Automated Mobility (CAM) Cybersecurity SMI2G 2022, 16-17 May 2022, Brussels Lara Valentin : lvalentin@funditec.es Alejandro Echeverr a Technical coordinator: aecheverria@funditec.es FUNDITEC Madrid Technological Center Role: Proposal coordinator Proposal activity: HORIZON-CL3-2022-CS-01-01 Improved monitoring of threats, intrusion detection and response in complex and heterogeneous digital systems and infrastructures 1 Lara Valent n, lvalentin@funditec.es

2. Connected cars are open to cyberattacks Automotive embedded applications were traditionally isolated, static, fixed-function, device-specific implementations, and practices and processes have relied on that status Cyberattacks can lead to death and/or injury to stakeholders, material damage and/or loss, and sensitive data loss or misuse. SMI2G 2022, 16-17 May 2022, Brussels As the automotive world shifts toward connected cars and smart mobility, an added element of vulnerability arises, namely, the threat of cyberattacks. Security attacks threatening the CAM ecosystem include: Theft or exposure of data Physical theft or compromise Manipulating vehicle controls Threats to availability 2 Lara Valent n, lvalentin@funditec.es

3. CAM cybersecurity aims to prevent financial, operational, privacy, or safety losses. Safety, reliability, security, and privacy must all start at the outset of the design phase. SMIG2012 - Louvain 22-23 May 2012 3 Lara Valent n, lvalentin@funditec.es

4. Outcome: VehicleSOC The project is oriented to build VSOC capabilities, enabling cybersecurity for the post-production phase. The core of the project will be a SIEM/UEBA module able to log, categorize, and aggregate relevant data ingested from three different sources: In-vehicle: trends in automotive ethernet are leading towards 100+ ports requiring 10+ GB of data per hour from 70 to 150 ECUs. This volume of data will increase to nearly 500GB of data per hour once vehicles are truly autonomous. Collecting and analyzing these data poses a security challenge, due to the disparity of firmware, operating systems, languages, communication protocols, and speed of data generation. Network: other vehicles, the infrastructure (overhead RFID readers and cameras, traffic lights, lane markers, streetlights, signage and parking meters), pedestrians, the grid, 3rd parties cloud services, satellite services, the home, etc. Specialized tools are needed to effectively analyze this network traffic generated by DSRC protocols, WiFI, Bluetooth, 5G, GPS, etc. SMIG2012 - Louvain 22-23 May 2012 Backend servers: cloud services for both the vehicle and user, provided by the OEM. Using ML algorithms, the SIEM/UEBA will monitor the data to: Collect information directly from the field to feed cyber threat intelligence centers, ISACs, and CSIRTs, providing robust evidence to other cybersecurity decisions and tools. Predict cyberthreats to the vehicle before they materialize in an attack and calculate their related risk. Detect threats and anomalies in near or real-time, alerting the driver when safety is at risk. The result will be a focused Vehicle SOC, identifying attacks that are unique to the needs of connected vehicles and real end-users. The VSOC will be a security pillar within a larger national or EU body in charge of CAM cybersecurity, such as a Vehicle CSIRT. The VSOC will feed (and contribute to) Vehicle Threat Intelligence sources and redirect attacks to CSIRTs for rapid intervention when general attacks directed to the network or the cloud are detected. 4 Lara Valent n, lvalentin@funditec.es

5. Project participants SMI2G 2022, 16-17 May 2022, Brussels Existing consortium: Proposed coordinator: FUNDITEC Partners / Other participants: to be determined Looking for partners with capabilities/experience in this field 5 Lara Valent n, lvalentin@funditec.es