Industrial fleet vehicles that rely on data-driven systems are as vulnerable to cyber attack as physical assets and devices.
Today’s data-reliant vehicles are covered by a number of security regulations including ISO/SAE 21434 and UNECE WP.29 R155 regulation for cybersecurity in vehicles that recommends runtime awareness to detect cyber attacks and intrusions. Runtime cybersecurity monitoring can strengthen a cybersecurity management system.
UNECE WP.29 R155 regulation requires solutions to address threats regarding back-end servers related to vehicles in the field; Threats to vehicles regarding their communication channels; Threats to vehicles regarding their update procedures; Threats to vehicles regarding unintended human actions facilitating a cyber attack; Threats to vehicles regarding their external connectivity and connections; Threats to vehicle data/code; Potential vulnerabilities that could be exploited if not sufficiently protected or hardened.
Possible cyber attack impacts may include safe operation of vehicle affected; Vehicle functions stop working; Software modified, performance altered; Software altered but no operational effects; Data integrity breach; Data confidentiality breach; Loss of data availability and criminal activity.
A new cybersecurity solution has been launched aimed specifically at protecting modern data-reliant vehicles. AnCyR is a patent-pending technology that is the first host-based anomaly detection optimised for automotive ECU intrusion detection (IDS) cybersecurity.
AnCyR is based on five years of research at the University of Arizona with support from the National Science Foundation. AnCyR’s anomaly detection technology combines statistical, probabilistic, and machine learning algorithms to accurately detect attacks with best-in-class false positives, latency, and overhead.
Host-Based Detection: Runs on ECU for rapid detection; No dependencies with other ECUs or cloud-based analysis; Accurate Detection including Zero-Day Attacks; Detects changes in software operation caused by zero-day attacks; Attacks detected including buffer overflows, code injection, ROP, and more.
Platform agnostic: AnCyR can be compiled to any processor platform; Scalable from microcontrollers to multicore processors; Cloud and Vehicle Security Operations Centre (VSOC) agnostic.
Low Latency and Overhead: Detects attacks in real-time in milliseconds; Optimized for ECUs and has low memory and performance overhead.
AnCyR monitors software subcomponents using a synergistic combination of statistical, probabilistic, and machine learning algorithms to achieve high attack detection with best-in-class false positives.
Benefits include easy to use automated vulnerability scanning; automatic generation of Software Bill of Materials (SBOM)’; new SBOM generated with each new build; SBOMs sent to Dependency Track (OWASP’s free scanning tool); Dependency Track provides vulnerability tracking across builds, notifications, policy setting; scanned daily to check for new vulnerabilities and uses NIST’s National Vulnerability Database.