Dr. Petit is the Senior Director of Research for OnBoard Security (formerly known as the Embedded Security Business Unit of Security Innovation). He is in charge of leading projects in security and privacy of automated and connected vehicles. He has conducted extensive research in detecting security vulnerabilities in automotive systems. He published the first work on potential cyber attacks on automated vehicles and has supported communications security design and cybersecurity analysis through OEM and NHTSA-sponsored projects. He received his PhD in 2011 from Paul Sabatier University, Toulouse, France.
The following Excel file (and pdf version) lists security-related questions for each breakout sessions in order to foster discussion and get your feedback. Please don’t restrict yourself to these questions. Send us your questions / comments!
Let’s Move the Security Needle: Think Offensively!
Since 2015, we have had some very fruitful cybersecurity breakout sessions at the Automated Vehicles Symposium. However, we tend to diverge into automotive security or infrastructure vulnerabilities. With a few exceptions, we have not seen new vulnerabilities introduced specifically by automation and it's supporting technologies. To help find these new vulnerabilities, I will present some new cyber security issues that are uniquely focused on automation as examples and inspiration. The presentation will also help the collective domain experts in the conference to think offensively to improve our ability to identify new and innovative vulnerabilities.
Audience Participation and Feedback:
This year the TRB Subcommittee on Cyber Security is planning a massive audience participation approach to addressing the issue. We want to focus on issues that are unique to automated vehicles, and we want to tab into the hive minds at the symposium (you, the participants) to identify potential vulnerabilities that are unique to automated transportation systems that may pop up while you’re in a session. We plan to do this by sharing with everyone some basic information on how a hacker thinks, and how attacks are frequently conducted.
We are in the process of preparing more information including a secure email address where you can share any thoughts or sparks of inspiration with us. Several committee members will also be on site to answer any questions or hear your concerns. The results we received will be summarized in the report out session.
In the meantime, the following are some references we will like to share showing what we already know about vehicle vulnerabilities and infrastructure vulnerabilities. This list will be update between now and the beginning of the conference.
References to Known Automotive and Infrastructure Vulnerabilities
1. Modern Vehicle Vulnerabilities: http://illmatics.com/carhacking.html
2. Center for Automotive Security: http://www.autosec.org/publications.html
3. DEFCON Car Hacking Village: http://www.carhackingvillage.com/
4. Car Hacking Handbook: http://opengarages.org/handbook/
5. Vulnerabilities to Machine Learning
6. Automated vehicle attacks over sensor inputs
7. Why is this a target – More on how hackers think?
8. Platoon centric attacks
- 1. Vehicular Platooning in an Adversarial Environment; Gerdes, Ryan; Virginia Tech
- 2. Attack Mitigation in Adversarial Platooning Using Detection-Based Sliding Mode Control; Gerdes, Ryan; Virginia Tech
- Future of Automotive Security Technology Research (FASTR): www.fastr.org
- Securing Smart Cities (SSC): http://securingsmartcities.org
- I am the cavalry: https://www.iamthecavalry.org
- Defense Automotive Technologies Consortium (DATC): http://datc.saeitc.org
- Automotive Consortium for Embedded Security (ACES): aces.swri.org
- Open Automotive Alliance (OAA): https://www.openautoalliance.net
- UN Task Force on Cyber Security and OTA issues: https://wiki.unece.org/pages/viewpage.action?pageId=40829521
- SAE: J3061, J3101, Data Link Connector Vehicle Security Committee (https://www.sae.org/servlets/works/committeeHome.do?comtID=TEVDS20)
- TRB: Cybersecurity Subcommittee, Task Force on Data Privacy, Security and Protection Policy (https://www.mytrb.org/CommitteeDetails.aspx?CMTID=4553)