As connected mobility becomes a reality, so too do the dangers posed by cybersecurity threats to autonomous driving and software-defined mobility. Threats posed by hacking, malicious software and unauthorized access require constant vigilance from software product and service providers. Just as with passenger vehicles, a substantial percentage of all off-highway vehicles (OHVs) will be connected — many already are. While OHV connectivity can provide many benefits, it also makes the vehicles vulnerable to the same cybersecurity attacks faced by on-highway private and commercial vehicles.
Hackers & Threats
Wireless connections provide opportunities for vehicle attacks. Connected interfaces are a potential path of attack for denial of service attempts, remote hacking or malware injection via connected interfaces. These threats can impact system functionality, road use safety or data with privacy attributes that are necessary to comply with legal data protection restrictions.
While OTA software updates provide a potential entry point for a hacker, they are, more significantly, an important countermeasure to react to vulnerabilities and threats. Therefore, the vast majority of all OHVs will be connected, due to the many benefits connectivity provides.
Automation is already more advanced in OHVs than automated driving is in on-road passenger or commercial vehicles because the operating environment in which they are operating is usually an easier, more controllable space. For example, an autonomous tractor could be serving a well-defined space limited by GPS coordinates, such as a field that needs plowing. The operational environment is less complex because there are fewer participants, less traffic and fewer unforeseeable or unexpected obstacles and changes to the environment.
Nevertheless, these vehicles usually operate in a publicly accessible area. Just as in the case of any other vehicle, cybersecurity concerns are real and potentially extremely dangerous as they can impact the safety of on- and off-road users.
Cybersecurity Legislation
OHV OEMs approach cybersecurity differently than conventional vehicle manufacturers. In Europe, rather than adhering to the United Nations’ (UN) cybersecurity regulations, OEMs will be required to follow the Cyber Resilience Act (CRA) or other applicable local regulations.
In the European Union (EU), the CRA has created a legal framework describing cybersecurity requirements for hardware and software products with digital elements including on- and off- road commercial vehicles, but excluding vehicles covered by UN regulation R155. In December 2023, the CRA was agreed to in principle by the EU and will be formally approved in 2024, coming into force over a phased transition period commencing from the end of 2025. Meanwhile in 2023, the U.S. introduced the Cyber Trust Mark, a voluntary cybersecurity certification and labeling program for connected devices and other U.S. executive orders
Fundamental Differences
A key difference between on- and off-highway vehicles in terms of cybersecurity is the number of potentially impacted vehicles in case of a security incident. Production runs of OHVs are generally smaller.
While the size of a fleet for one model of on-road vehicles can easily exceed 150,000 vehicles in one region, typical tractor fleet sizes, for example, may range between 100 to 10,000 vehicles per region. By implication, a security breach of a road vehicle could affect more vehicles than an off-highway vehicle. Another difference might be the motivation and execution of an attack. An attack targeted at on-road vehicles often applies to the whole fleet, i.e., a potentially high number of vehicles, to threaten or blackmail users or OEMs of the individual vehicles. Agricultural machines and tractors, on the other hand, are far more expensive and therefore a popular target for theft (versus blackmail or threats).
Nevertheless, to build secure systems, the off-highway sector must consider fundamental security principles and best practices common to both on-road vehicles and OHVs. It is vital to maintain security over the entire vehicle life cycle. With connected vehicles, security measures cannot guarantee to prevent attacks completely and must accept that attacks to the vehicles are possible and will happen. Cybersecurity must address vehicle protection not only by hardening systems, but also by detecting ongoing attacks or threats. New threats can also arise due to advances in technology or new publicly known vulnerabilities. As a result, OEMs and operators must continuously monitor the industry, vehicle systems and events happening in its environment, and analyze accordingly. Furthermore, they need to be able to respond to incidents or new threats. Typically, this could entail disabling vulnerable functions or interfaces, adopting new or modifying existing security policies, deploying software updates or patches, or revoking and updating certificates.
A Layered Approach
To achieve end-to-end security, a layered approach to the vehicle’s architecture is necessary. Vehicles are connected and managed by backends, the cloud and infrastructure. Therefore, security also needs to consider this infrastructure, which includes vehicle operation centers with key management, fleet management and life cycle management. Connected vehicles communicate via external interfaces to protect themselves from attacks against their external communication channels, employing such countermeasures as firewalls, intrusion detection systems or secure communication channels. The protection of sensitive data must be considered from end to end so this kind of data is never communicated in plain text via an external interface.
The next layer to consider is the in-vehicle network. Its segmentation can isolate safety-critical functionality from a less critical subnetwork that is more exposed to outside attacks. In-vehicle communication can be protected by using secure protocols with an intrusion detection system monitoring its network communication.
The last security layer to be considered is protecting the electronic control units. Security countermeasures, such as secure boot, secure software update, authentication for secure diagnostics, isolation of different partitions, data protection and encryption, and operating system hardening, round out the package of vehicle security concepts.
Ultimately, highly all connected OHVs are vulnerable to cybersecurity attacks. While fundamental principles of cybersecurity best practices apply to both categories, significant differences continue to exist between on- and off-highway and vehicles relative to security risks, the potential impact of an attack and regulatory aspects. Reaching the goal of secure vehicles is only possible by addressing the whole life cycle of the vehicles’ systems and considering each layer of the system architecture.
Gabriel Byman is senior product manager, cybersecurity, and Elisabeth Waitz is senior expert, cybersecurity, at Elektrobit.