This talk discusses a holistic approach to identifying cybersecurity threats and vulnerabilities in emerging transportation technologies, with a particular emphasis on analyzing interconnected systems rather than individual vehicles or components.  The methods discussed are applicable to manufacturers and service providers, as well as to civil engineers, traffic management operations, and systems integrators.  The content is based on CERT’s Emerging Technologies and Systemic Vulnerabilities research projects, which have been heavily focused on vehicles, vehicular telematics, vehicle-to-everything (V2X), and Intelligent Transportation Systems.

Specifically, we will walk through a threat and vulnerability assessment process that consists of using specific tools for threat modeling, vulnerability analysis, ceremony analysis, and impact analysis (with a focus on functional safety.)  We will outline a phased approach that begins during the design phase by creating Architectural Analysis and Design Language (AADL) Security Annex models and applying threat modeling tools including STRIDE and attack trees.  The second phase consists of looking at realistic deployment scenarios and performing ceremony analysis and an impact analysis using SAE 26262, for safety, and 26262-derived metrics for operational, financial and privacy risks.  During the third phase, testing, we perform technical validation using common vulnerability discovery techniques.

In order to ground these techniques in reality, we will describe three case studies.  These will explain our tests of the following ITS-related systems: a fleet management system, a sample telematics system for heavy vehicles, and a smart traffic light system that is currently deployed in Pittsburgh.  The case studies will explain in technical detail what vulnerabilities we discovered and how.

There are three major learning objectives for the audience.

1.     Learn what tools are available to identify threats and vulnerabilities during different phases of the deployment and lifecycle of ITS systems.

2.     Fundamental knowledge of how to apply these tools at the architectural and technical (code) level.

3.     Examine the gaps in each of the tools and why we use a combination of tools to obtain better coverage of complex, interdependent systems.