Page 6 - Cyber Warnings
P. 6
This is also being researched by DARPA (Whalen, Cofer, and Gacek, 2017). One of the foci is
to analyze the methodologies for securing the software located in the networked vehicles. This
project would provide guidance, if followed, for the manufacturers and vendors. A framework for
this involves utilizing The Update Framework (TUF) as a base and improved on this (Help Net
Security, 2017). The new proposal is titled Uptane.
At this junction, the objective is open-ended. There is not a party at this point to lead the
overarching project or the members with unified standards. If another business were to attempt
to manage the campaign towards the autonomous vehicles without a nearly unanimous support,
there may be only yet another protocol sitting with the others. There could also be a separate
entity comprised of the vendors in the industry presently and academics. This would prove to be
problematic. Several questions would be open for interpretation, including:
a) Would this new entity carry the weight to adequately provide guidance and govern?
b) Would each entity of the consortium have the same weight of input?
c) Should this be based on the capital (money) contributed to fund this endeavor?
U.S. Department of Transportation (DOT)
Being researched concurrently is a push with vehicle-to-vehicle communication standards. The
DOT is analyzing methods to reduce the number of vehicle crashes. With improved V2V
communication, a significant portion of the vast number of vehicle crashes would be avoided
and lives saved (NHTSA, 2016). The US DOT began this directed process of rulemaking in
August 2014. This process focussed on the dedicated short-range communications (DSRC) for
the inter-vehicle communications.
This has been studied for over ten years (US DOT, n.d.). The rulemaking has been manifested
with the Preliminary Regulatory Impact Analysis (US DOT & NHTSA, 2016) proposing to
establish the standard for the V2V communication. This will be proposed to mandate the
standard to be used with the DSRC and other technologies that work directly with the DSRC.
The phasing-in would begin, in theory, 2021 with 50% of the lightweight vehicles to have the
DSRC capacity.
Internet of Things (IoT)
Within the InfoSec field, IoT is also a relatively new area. There are many manufacturers with
their specialized products. There are Honeywell, Hitachi, Comcast, and T-Mobile (Meola, 2016),
to list a limited portion of the established manufacturer. There are also a number of start-ups
with Samsara, Notion, Losant, Helium, and others (Postscapes, n.d.). With the IoT products,
InfoSec has been applied in various levels, ranging from none of all to a not significant amount.
The IoT devices have been known to be notoriously insecure (O’Neill, 2016). As a method to
secure the IoT, redundancy has been researched for a possible corrective action
(Venkatakrishnan & Vouk, 2016).
A rather glaring recent example of the IoT insecurity has been the Mirai attack (Feingold, 2016).
This bot army used IoT devices to attack its target (Leyden, 2016; Cimpanu, 2016; Heller,
6 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide