Autonomous vehicles, both off-highway and passenger cars, rely on software and onboard computers to operate which makes them vulnerable to software-related security flaws and input attacks. Their complex networks of internet-connected software systems are intertwined with the hardware systems of the vehicles making autonomous vehicles susceptible to cyber threats, the consequences of which can be potentially extremely dangerous to both operators and personnel in their working environment. 

Off-highway vehicles are produced in smaller numbers and operate with far fewer other vehicles around them but the threats that are posed by potential cybersecurity attacks are no less dangerous than those affecting road vehicles. Connected interfaces are a potential path of attack for denial of service attempts, remote hacking or malware injection via connected interfaces. These threats can impact system functionality, road use safety or data with privacy attributes that are necessary to comply with legal data protection restrictions.

Cybersecurity must address vehicle protection not only by hardening systems but also by detecting ongoing attacks or threats. New threats can also arise due to advances in technology or new publicly known vulnerabilities. As a result, off-highway vehicle manufacturers and operators must continuously monitor the industry, vehicle systems and events happening in its environment, and analyse accordingly. Furthermore, they need to be able to respond to incidents or new threats. Typically, this could entail disabling vulnerable functions or interfaces, adopting new or modifying existing security policies, deploying software updates or patches, or revoking and updating certificates. 

Off-highway vehicles are connected and managed by backends, the cloud and infrastructure which needs to have security built-in on every level. Connected vehicles communicate via external interfaces to protect themselves from attacks against their external communication channels, employing such countermeasures as firewalls, intrusion detection systems or secure communication channels. The protection of sensitive data must be considered from end to end so this kind of data is never communicated in plain text via an external interface. The in-vehicle network’s segmentation can isolate safety-critical functionality from a less critical subnetwork that is more exposed to outside attacks. In-vehicle communication can be protected by using secure protocols with an intrusion detection system monitoring its network communication. Security countermeasures, such as secure boot, secure software update, authentication for secure diagnostics, isolation of different partitions, data protection and encryption, and operating system hardening, round out the security of the vehicle by protecting its electronic control units.

Innovatrix’s upcoming event in Chicago, the DZOM EXPO, will be hosting a talk from an expert in the field Jenny Magaros, Section Chief of the Critical Manufacturing Sector at the Cybersecurity and Infrastructure Security Agency, a part of the US Department of Homeland Security. Ms Margaros has been an employee of the Department of Homeland Security for over 20 years and her experience includes managing multi-agency working groups for conducting economic impact analyses, participating in public-private sector partnerships, coordinating pilot projects for the transportation sector, as well as providing operational support during natural and man-made incidents. Ms Margaros will be at the DZOM EXPO delivering a talk titled, ‘Cybersecurity threats and the vulnerabilities inherent in connected systems and machines’ and discussing the threats faced both on the job and in the machine. 

CoreM2M, an exhibitor that will be showcasing their products at the DZOM EXPO, offers IoT services that include network security, modernising and improving security for IoT deployments over LTE whilst also future-proofing for future 5G implementation. They offer secure devices with secure connections on secure networks – making sure there is a focus on security on every level. CoreM2M helps secure your network by controlling inbound internet sources from WAN, WiFi, and cellular while managing which outbound devices are allowed to send and receive data on the secure network.

To mitigate the severe cybersecurity risks posed by the interconnected systems in autonomous off-highway and passenger vehicles, manufacturers and operators must implement robust security measures, continuously monitor for emerging threats, and promptly respond to vulnerabilities to ensure the safety and integrity of vehicle operations. To hear Ms Margaros’ presentation and other talks, meet with solution providers like CoreM2M and network with peers, attend the DZOM EXPO, taking place at the Donald E. Stephens Convention Centre in Chicago, IL, on December 3–4, 2024. 

For more information, visit our website or email us at info@innovatrix.eu for the event agenda