Weebit Nano licenses its ReRAM technology to onsemi
Canada awards up to $20M to Foran Mining for carbon-neutral copper production

ORNL vehicle cybersecurity package available for licensing

A new cybersecurity software package developed at Oak Ridge National Laboratory (ORNL) is available for licensing. The Vehicle Attack Analysis Framework can emulate attacks on a vehicle’s controller area network, the digital backbone that connects a vehicle’s separate computers.

The framework is available for those who don’t know how to craft a complex cyberattack but still want data on how a vehicle functions or what happens during an attack.

—Sam Hollifield, an ORNL cybersecurity research scientist

Hollifield uses this data to understand vulnerabilities in vehicles shipping valuable materials or radioactive sources for medical treatments, but the framework applies to any vehicle with computer-based electronics.

The web application was originally designed for users who lack prior knowledge of cybertesting to generate data.

We’re looking into adding a grading component to create a security score for each assessed vehicle. Grades could help inform fleet purchases for security-conscious businesses and consumers.

—Kevin Spakes, ORNL’s lead software engineer for the tool

Background. Vehicles rely on networked architecture called a controller area network (CAN) that can be vulnerable to hacking and attacks. CAN-based attacks are trivial: small commonly available computing devices can be used to attack the network. Typical penetration testing isolates one vehicle system for cyber-resilience testing.

With this new framework, researchers can perform penetration testing to expose these vulnerabilities for the whole vehicle. This technology provides the means for penetration testing of the entire vehicle without prior knowledge of how to configure or program an attack. Attacks and recordings are performed via a CAN interface attached to a portable computing device by a connector. Metadata regarding the attack scenario and the accompanying CAN data logs are saved for future parsing and analysis.

Comments

The comments to this entry are closed.