SAE Update - December 2021 - 27

ENGINEEERING
EVENTS
are becoming more sophisticated.
" The lack of maturity is baked into things
like our industry standards, " he said.
" We've got things like [SAE] J1939 that is
fundamentally not secure. You can send a
command to the engine or the transmission
requesting more torque, and it's very
simple to do and it's published. "
The issue spreads throughout the entire
supply chain.
" Things that we can do as product
developers are limited by the
microprocessors we have to work with and
their capabilities, " York said. " And there's
only a handful of micros that all of us can
use that are suitable for an automotive
environment, particularly on engine. So,
getting things that have the cryptocapability
and resources to do the things
that you need to do are challenging. It's
coming along - the things that we're
developing today are a lot better than the
things we had 10 years ago. "
" Remote attacks and attacks at scale "
are what keeps York awake at night, he
said. " If you can shut down an entire fleet
or an entire brand of telematics, that would
be a Colonial Pipeline type of thing. "
Attackers chain things together, so
physical access could initiate a snowball
effect, York explained: " You can learn
things with physical access and then go
find a vulnerability in a telematics system
that lets you get access to the truck and
CAN to send messages that cause an ECU
to stop working or reset. And then if you've
UPDATE
got a vulnerability in the wireless carrier
that allows you to enumerate the serial
numbers of all the vehicles, then you can
scale it. "
Electric and autonomous trucks will have
a lot more electronic controllers and
networks.
" There are more operating systems
involved probably than there have been in
the past; therefore, there's more variety of
networks, " York said. " So, we might have
CAN and CAN FD and Ethernet or LIN all
turning up on a vehicle. As the vehicle gets
more complicated, it does increase the
attack surface and the old adage that
'security is only as strong as its weakest
link' is very true. "
York noted that engine manufacturers in
the recent past placed all their engineering
energy on meeting increasingly stricter
emissions regulations; cybersecurity efforts
took a back seat.
" We have to spend a lot of time squirting
fuel, to get the emissions just right, " he
said. " The treadmill that we were on for a
long time with the vehicle electronics was
pretty challenging for all of us, and
cybersecurity [suffered]. "
Industry standards must evolve and
provide a better platform for addressing
advanced technologies and vehicles, York
said.
Click here to read a longer version of this
article by SAE's editor-in-chief of Truck and
Off-Highway Engineering magazine, Ryan
Gehm. n
December 2021
27
https://www.sae.org/news/2021/10/defending-the-heavy-vehicle-cyber-domain
SAE Update - December 2021

Table of Contents for the Digital Edition of SAE Update - December 2021
