Development of a cybersecurity threat model for electronic control units in a car
Abstract
The study describes the process of developing a cybersecurity threat model for electronic control units in a car. The problems in the field of ensuring information cybersecurity of cars and directions in solving these problems are considered. A comparative analysis of standards and regulatory documents in the field of cybersecurity of cars is given. Separately, the construction of the intruder model and the compilation of the threat bank are considered as the most important stages in the construction of the threat model. As a result of the work, a model of threats to the cybersecurity of cars was developed, in which possible internal (3 violators) and external (4 violators) violators were identified, a bank of threats to the security of information security of cars was also developed, including 206 threats, and the classification of threats of the threat bank into sections was made. General recommendations have been developed to ensure the cybersecurity of the vehicle's information system.
Full Text:
PDF (Russian)References
Decree of the Government of the Russian Federation No. 4261-r "On approval of the Strategy for the development of the automotive industry of the Russian Federation until 2035": [Electronic source] – URL: https://www.garant.ru/products/ipo/prime/doc/405963861 /.
Tamas Becsi, Szilard Aradi, Peter Gaspar. Security issues and vulnerabilities in connected car systems. – Text: electronic // Models and Technologies for Intelligent Transportation Systems (MT-ITS) – 2015. – URL: https://www.researchgate.net/publication/281447339_Security_issues_and_vulnerabilities_in_connected_car_systems.
Simon Parkinson, Paul Ward, Kyle Wilson, Jonathan Miller. Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenge. – Text: electronic // IEEE Journal on Intelligent Transportation Systems. – 2017. – 18(11):1-18 – URL: https://www.researchgate.net/publication/314272204_Cyber_Threats_Facing_Autonomous_and_Connected_Vehicles_Future_Challenges.
Pravikov D.I., Ponomareva E.A., Kupriyanovskiy V.P. Problems of ensuring information security of highly automated vehicles // International Journal of Open Information Technologies. 2020. №6. URL: https://cyberleninka.ru/article/n/problemy-obespecheniya-informatsionnoy-bezopasnosti-vysokoavtomatizirovannyh-transportnyh-sredstv.
Decree of the Government of the Russian Federation No. 724-r dated March 25, 2020 "On the Concept of ensuring road safety with the participation of unmanned vehicles on public roads": [Electronic source] – URL: https://www.garant.ru/products/ipo/prime/doc/73707148 /
Shashkin A. A. The main directions of ensuring cybersecurity in transport // Digital sovereignty and Cybersecurity – M., 2022. – pp. 235-239.
ISO/SAE 21434:2021 "Road vehicles – Cybersecurity engineering: [Electronic resource]. – August 2021 – URL: https://www.iso.org/standard/70918.html (date of application: 11.11.2022)
SAE J3061:2016 "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems": [Electronic resource]. – 14.01.2016 – URL: https://www.sae.org/standards/content/j3061_201601/.
NHTSA Cybersecurity Best Practices for the Safety of Modern Vechicles: [Electronic resource]. – 2020 – URL: https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf.
National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53): [Electronic resource]. – 2020 – URL: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final.
UN Regulation No. 155 "Cyber security and cyber security management system": [Electronic resource]. – 2021 – URL: https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security.
Cybersecurity? Yes, now your car is at risk: [Electronic resource]. -22.06.2021 – URL: https://habr.com/ru/companies/macloud/articles/564054 /.
Russian Federation. Laws. On Information, Information Technologies and Information Protection dated 27.07.2006: Federal Law No. 149-FZ: [adopted by the State Duma on July 8, 2006: approved by the Federation Council on July 14, 2006]: [Electronic source] – URL: https://www.consultant.ru/document/cons_doc_LAW_61798/.
Russian Federation. Laws. On Technical Regulation of December 27, 2002: Federal Law No. 184-FZ: [adopted by the State Duma on December 15, 2002: approved by the Federation Council on December 18, 2002]: [Electronic source] – URL: https://www.consultant.ru/document/cons_doc_LAW_40241/.
GOST R ISO/IEC 27001-2021. Information technology. Methods and means of providing information. Information security management systems. Requirements: National Standard of the Russian Federation: official publication: approved and put into effect by Order of the Federal Agency for Technical Regulation and Metrology dated November 30, 2021 No. 1653-st: date of introduction 2022-01-01 – Moscow: Standartinform, 2022. – 22 p.
Methodological document. "Methods of modeling information security threats". Project of the Federal Service for Technical and Export Control of Russia - 2020 – 54c. – Text: electronic [Electronic source] – URL: https://fstec.ru/component/attachments/download/2727.
How connected cars are hacked and what to do with it: [Electronic resource]. –11.12.2020 – URL: https://habr.com/ru/companies/trendmicro/articles/532470/.
Hackers have revealed a lot of vulnerabilities in modern cars: [Electronic resource]. -16.01.2023 – URL: https://habr.com/ru/companies/cloud4y/articles/710906 /.
Car hacking: remote access and other security issues: [Electronic resource]. -11.13.2022 – URL: https://www.osp.ru/pcworld/2012/11/13018020.
Vulnerability in the CAN protocol affecting almost all modern cars: [electronic resource]. -2018 – URL: https://www.opennet.ru/opennews/art.shtml?num=47039.
Data bank of information security threats of the Federal Service for Technical and Export Control of Russia: [website]. – URL: https://bdu.fstec.ru.
Refbacks
- There are currently no refbacks.
Abava Кибербезопасность IT Congress 2024
ISSN: 2307-8162