How to create a Security roadmap for smart mobility projects and pilots?

Transcription

1 How to create a Security roadmap for smart mobility projects and pilots? 7 April 2016 Gilles Ampt Chairman national ITS Security table security@ditcm.eu

2 ! Should autonomous vehicles be admitted on our roads soon? Poll Financieel Dagblad 22 Sept votes

3 ! Outline! What is Vehicle Security and what is ITS Security?! What are the main risks in ITS?! WHEN and how to address ITS risks?! Risk visualisation Practical approach! Sharing best practices in ITS Security! Dutch National ITS Security round table

4

5 Vehicle Security = Control! Risks of Connected Vehicles! Vehicle theft (digital attack)! Motor management manipulation (unauthorized remote control)! Data loss (privacy)! Software updates (reliability, authorization)! Smart mobility and ITS (reliability of sensor data)

6 ! The future of Cooperative driving Emergency Vehicle Warning Lights on Green Light Optimal Speed Advisory Avoidance of traffic jams Hazardous Location Warning Local Road Works Warning

7 ! Initial risks in V2X communications Threats Likelihood/ Impact/ Risk assessment (ETSI) design requirement/ Organisation Measure GNSS jamming and spoofing critical Monitoring. Robust design e.g. dgps Radio signal jamming critical Radio frequency agility and control Message saturation critical Message frequency control and Authentication Replay of expired/ old messages critical Message timestamps Injection of false messages major Authentication and monitoring Emergency vehicle masquerade critical Authorisation and authentication Malware installation at ITS stations critical Secure design and certification Eavesdropping, location tracking privacy (legal) Pseudonym certificates Source: ETSI TR v1.1.1 (2010)

8 ! When and how to address ITS application risk?! Risk ownership! delegation of risk would be window dressing! Risk assessment! repeatedly needed as risk landscape is evolving! Legal compliance! New EU privacy law (GDPR) demands risk based approach! Security baselines! Stakeholders require organisations to be in control! New control set for ITS communications! designed for C-ITS not yet for cellular ITS-applications Risk is a management process Risk is a choice of management Secure Continuous improvement

9 ! Risk management! Objective is being in control! Know your risks: accept them or mitigate them! Assessment of assets and values! Stakes are availability, integrity and confidentiality! Business ownership! Insights in threats and impact! Mitigation options! Measures and controls! Dynamic process! Threat landscape! Business impact! Evaluation of controls Secure Continuous improvement

10 ! Risk Reduction Overview - Roadside I1 RSU doesn t transmit PVD data to TCC I2 RSU doesn t receive RWW updates from TCC I3 RSU physically attacked or unavailable I4 Local DoS attack on G5 or RSU (V-R3, V-R2) I5 RSU doesn t receive PVD data from a vehicle nearby (V-R1) I10 RSU receiving PVD data from unreliable vehicle (V-R4, V-R6) I9 GPS spoofing RSU receiving unreliable PVD data (V-R5) I6 Compromised RSU doesn t broadcast what TCC expects (V-R9 partially) I7 RSU being eavesdropped (V-R7) I8 Justice agency demanding for PVD data from RSU M1 High density of RSU s (#) M7 - Add timestamp and sequence to each PVD message M4 Data minimization CM M2 TCC connectivity fallback M3 Duplicate RSU s Left & right shoulder M5 Non identifying attributes and certificates M6 Communication plan committed by DG P M11 Buffer PVD data (RPO) M8 Reduce and maximize transmission frequency M9 Filter and divert misbehaving ITS stations/ addresses M20 - Issue authentication certificate to vehicles M10 Access control and Authorisation for Maintenance and TCC (according to RWS BIR baselines) M18 - Issue authentication certificate to RSU s D M14 Anomalies filtering & reporting (for locations and times) M13 Feedback loop (trusted connected (RWS) cars) C M15 Trailer RWW (stand alone) M16 Spare RSU s Or Repair (RTO) M12 Enable radio police to intercept M21 Revoke misbehaving/ unreliable vehicle certificate M17 Switch off RSU M19 Revoke RSU certificate R1a- Loss/ Delay of PVD-data from RSU (%) R1a- Loss/ Delay of PVD-data (%) R1b- Loss/ delay of PVD-data from Vehicles (%) R6- Unreliable PVD data (%) R4- Data analysis of PVD data from # of RSU s R2a- RWW not being broadcasted by RSU s potentially leading to unsafe roadworks and or suspension (#) R2b- Unreliable RWW broadcast impacting road works safety and timeliness (1 or more RSU s) R3- Loss of RSU asset (Euro) R7- Drivers confusion R5- Loss of public trust in C-ITS

11 ! Risk Reduction Overviews! Objective is to facilitate Management discussion and decision making! Give management insights (PICTURE)! Show initial risks and residual risk! Show strength and scope of measures! Balance costs of measures vs risk reduction impact! Design of balanced set of measures! Preventive, detective and corrective actions! Fail safe principles! Plan measures and control (time and budget)

12 ! How can V2V trust and V2I trust be built?! PKI Trust model (EC C-ITS platform WG5)

13 National ITS Security round table Community of government, industry, research representatives Sharing best ITS security practices Action plan Awareness raising campaigns Security governance practices (ITS contracts) Risk repository building and sharing Learning experiences from C-ITS pilots Standards and policies development (international and national) Documentation and FAQs Legal affairs liaison (privacy, liability)

14 Dutch C-ITS round tables Enabling topics for acceleration the implementation of large scale Smart Mobility Solutions. One place in NL where discussions takes place and decisions are made. National governance connected to international gremia. Topics: C-ITS Architecture, Dutch Profiles & Standardization, Security, Human Behavior vs. Smart Mobility, Effects of Smart Mobility, Legal Aspects of Smart Mobility

15 Useful links and addresses For RRO introduction (Risk Reduction Overviews) rro.sourceforge.net/tool For introduction to ITS Security governance guidelines (in Dutch) vergaderstukken/korte%20handreiking%20security%20its- %2030%20november% pdf Website to to join or to submit your questions

16 ! Outline! What is Vehicle Security and what is ITS Security?! What are the main risks in ITS?! WHEN and how to address ITS risks?! Risk visualisation Practical approach! Sharing best practices in ITS Security! Dutch National ITS Security round table

17 How to create a Security roadmap for smart mobility projects and pilots? 7 April 2016 Gilles Ampt, CISM CIPP/E Chairman national ITS Security table security@ditcm.eu

18 ! Back up slides

19 ! What would you do? This (which includes any files transmitted with it) is confidential and may also be legally privileged. It is intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of UKIP Media & Events. If you are not the intended recipient, be advised that any use, dissemination, forwarding, printing, or copying of this is strictly prohibited. If you have received this message in error, do not open any attachment but please notify the sender (above) deleting this message from your system. Please rely on your own anti-virus system, no responsibility is taken by the sender for any damage rising out of virus infection. UKIP Media & Events Ltd Registered Address: 82 St John Street, London EC1M 4JN VAT No. GB Registration Number: Company registered in England and Wales Click this link to unsubscribe