When developing a strategy to achieve cybersecurity for trucks, Ryan Gerdes, Ph.D., wants the industry to have a critical understanding of one fact: Sensor security is essential to the entire effort.
Gerdes, an associate professor at Virginia Tech based in Blacksburg, VA, is a leading expert on sensor cybersecurity – and will be one of the presenters at the National Motor Freight Traffic Association’s (NMFTA) Digital Solutions Conference in Houston, TX from October 22-25.
In fact, as the interview for this blog post was being conducted, Gerdes was in Iowa taking part in a student competition for the white-hat hacking of agricultural trailers. It’s all part of the larger industry effort to teach about the importance of sensor security and the available methods to protect them.
Why are sensors so critical? Because sensors are what allows the truck to see the world.
“If the input or the output of the sensors is incorrect, the truck would have an incorrect view of the world and could perform potentially dangerous actions, such as not stopping for an object,” Gerdes said.
Of course, a driver’s own eyes are there to augment the sensor’s perception of – say – objects in a mirror. But sensors provide a great deal more information, such as engine coolant levels and temperatures, or the RPM speed at which the engine is running.
“All those are based on sensors that we know how to manipulate,” Gerdes said. “If the temperature of the vehicle is overheating but I can make the temperature sensors associated with the engine control think it’s not overheating, I can cause extensive damage to the vehicle.”
These are just a few examples of how hackers can attack a truck by way of its sensors.
Given the critical nature of sensors and their unique vulnerabilities, Gerdes emphasized the best way to protect them is to encrypt sensor output and require authentication before sensor output is sent to a vehicle’s controllers.
“You have to harden the outputs of information, as well as the input to the sensors,” Gerdes said. “Almost all sensors we make use of use a transducer to convert some phenomenon of interest to a voltage or current. We can manipulate the voltage or current from a distance, and this means the sensor at a very fundamental level is making a mis-measurement of the phenomenon.”
A problem for the industry, however, is that truck original equipment manufacturers (OEMs) are not typically using encryption or authentication requirements with their standard truck sensors.
While it is possible to retrofit sensors by dropping in replacements that would have the necessary encryption and authentication methods, it would be expensive, and would require any safety certifications that had already been done on a truck to be redone.
Still, it’s possible, and for fleets who recognize the importance of protecting their assets, it may well be worth it.
“Another approach is to add an aftermarket module or retrofit a module that looks for sensor data,” Gerdes said.
At the Digital Solutions Conference in October, Gerdes will be discussing all these issues, in addition to other advanced threats to sensors – as well as a discussion of “fingerprinting” trucks’ distinctive characteristics in the composition of each vehicle to identify them.
It will absolutely be one of the highlights of the conference and one of the most anticipated presentations. We will see you there.
If you’d like to register for the complimentary conference, click here.