ITU workshop calls for more coordinated approach to connected car security

A vehicle industry struggling with new security challenges

Greater alignment in standards bodies’ thinking and work programmes would help improve the effectiveness of disjointed standards efforts to ensure the security of connected, automated vehicles.

These are the main conclusions of an ITU Workshop on Security Aspects of Intelligent Transport Systems in Geneva, 28 August 2017. The workshop explored the security requirements of all actors in the value chain underlying intelligent transport systems (ITS), encouraging an ecosystem view of the ITS security challenge.

A variety of high-profile ITS security breaches were used as case studies to demonstrate a ream of security vulnerabilities in the ITS environment. The cases reveal a vehicle industry struggling to grapple with the new security challenges introduced by the meeting of automotive and information and communication technologies (ICTs), including drone GPS jamming and LiDAR misdirection to remote attacks on Tesla and Jeep vehicles.

Accelerating ITU standardisation work on ITS Security

The workshop, taking place in conjunction with ITU-T Study Group 17 on security, sought to provide guidance to the SG as its ITS security workload increases, as well as determine how SG17 can contribute to further standards collaboration. This is particularly important as ITS emerges as a high-priority field of ITU standardisation. In March 2017, a new ITU standard for secure over-the-air software updates for connected cars was approved: ITU-T X.1373. Work continues with the development of a new ITU standard to provide security guidelines for V2X communications, such as vehicle-to-vehicle, vehicle-to-infrastructure and vehicle-to-nomadic device communications.

The next step is to establish new work items targeting the development of ITU standards for secure vehicular edge computing, in-vehicle system intrusion detection, and the security of vehicle-accessible external devices.

Common framework, collaborative standards

A project working towards a ‘common framework for ITS’ aims to identify commonalities in the security requirements of the automotive, aviation and railway sectors, helping security stakeholders in overcoming the communication and coordination challenges resulting from the development of sector-specific architectures. This is the role played by the Collaboration on ITS Communication Standards (CITS), which is tasked with identifying where different standards bodies can contribute towards achieving common goals in ITS standardisation. The workshop looked particularly at standards collaboration among SAE, ISO and ITU’s standardisation arm (ITU-T), as well as where ITU could enhance its productive collaboration with UNECE WP.29, the body responsible for global vehicle regulations. ISO/TC 204, for example, is working on ITS security issues including secure vehicle interfaces but is also struggling to contend with the disconnected nature of ongoing ITS security standards efforts.

The UN Task Force on Cybersecurity and Over-the-Air Issues, which reports to UNECE WP.29, has assessed ITS security threats and started to develop 18 mitigations.

Collaboration between ITU and UNECE WP.29 is also important to reduce the risk of narrow commercial agendas impacting the impartiality of standardisation.

Learn more about the status and future of connected, automated driving from the wrap-up video of 2017’s Symposium on the Future Networked Car, an annual event co-organized by ITU and UNECE within the Geneva International Motor Show.