DOT/DHS: Joint Agency Work On Vehicle Cyber Security
DOT/DHS: Joint Agency Work on Vehicle Cyber SecurityPrincipal Investigator (PI): Kevin HarnettDOT-Volpe Center’s Advanced Vehicle Technology DivisionAugust 16, 2017The National Transportation Systems CenterAdvancing transportation innovation for the public goodU.S. Department of TransportationOffice of the Secretary of TransportationJohn A. Volpe National Transportation Systems CenterTampa Convention Center Tampa, Florida
Agenda2 Government Vehicles Security Program – Telematics Overview Government Vehicles Program – Software Engineering Institute (SEI) /CERTOBD-2 Dongle/Telematics Testing Government Vehicles Security Program – Telematics Cybersecurity GuidanceDevelopment Volpe Center Automotive Cybersecurity R&D ShowcaseEnergy Exchange: Connect Collaborate Conserve
DOT’s Volpe National Transportation System Center Established in 1970 Part of U.S. Department of Transportation (DOT) Office of Research andTechnology Mission: To Improve the nation’s transportation system by serving as acenter of excellence for informed decision making, anticipatingemerging transportation issues, and advancing technical, operational,and institutional innovations Fee-for-service; no direct appropriations www.volpe.dot.gov3Energy Exchange: Connect Collaborate Conserve
DOT-Volpe Automotive Cybersecurity R&D Program OverviewJoint DOT/DHSAutomotiveCybersecurity R&DProgramFY 14-15 Program TasksFY 15-16 Program TasksAutomotiveCybersecurity IndustryConsortium (ACIC)Program InitiationAutomotiveCybersecurity BestPractices and Guidelinesin the Private Sector4Investigate GovernmentFleet CybersecurityRequirementsACIC Planning SupportFY 16-17 Program TasksGovernment VehicleCybersecurity ProgramSupportTechnical Support forDHS AutomotiveCybersecurity R&DTools and VehicleTestingPilot CybersecurityVulnerabilityAssessments of VehicleTelematic SystemsOperational ACICSupportGovernment VehicleCybersecurityProcurementSpecification SupportCommercial TruckCybersecurity SupportAutomotiveCybersecurity ToolShowcaseEnergy Exchange: Connect Collaborate Conserve
DHS Cybersecurity forGovernment Vehicles SecurityProgram – Telematics Overview5Energy Exchange: Connect Collaborate Conserve
Modern Vehicle Architecture6Energy Exchange: Connect Collaborate Conserve
Government Critical Mission Use First Responder and Law Enforcement vehicles Rescue, ambulance, police-Must be safe and reliable Undercover Vehicles – mission critical-Must be safe and reliable-Blend in – not tracked or identified either byemanating too much or by not emanating at all Government Official/Overseas Embassy Vehicles(e.g., "Black SUV")-Must be safe and need to hide 7Non-Tactical DoD VehiclesGeneral use government vehicles-Vehicles that do not fall into above categoriesEnergy Exchange: Connect Collaborate Conserve
General Services Administration (GSA) Telematics ProgramTelematics The term “Telematics” refers to a technology that combinestelecommunications and information processing to send, receive, and storeinformation related to remote objects, such as vehicles. (Source GAO 14-443,Federal Vehicle Fleets)Source: General Services Administration(GSA) Office of Fleet Management8Energy Exchange: Connect Collaborate Conserve
General Services Administration (GSA) Telematics ProgramTelematics The term “Telematics” refers to a technology that combines telecommunications and informationprocessing to send, receive, and store information related to remote objects, such as vehicles.(Source GAO 14-443, Federal Vehicle Fleets) EO 13693: Sustainability into the Next Decade (March 2016) Requirements-By 2017, all agencies should ensure that telematics collects the maximum vehicle diagnostics (fuel consumption,emissions, maintenance, utilization, idling, speed, and location data) at the asset level for acquisitions of newpassenger, light duty and medium duty vehicles (where appropriate)Source: General Services Administration(GSA) Office of Fleet Management9Executive OrderReporting RequirementSpeedLocation dataIdlingUtilizationMaintenanceFuel consumptionEmissions (varies by year,manufacturer, make & model)GPS TrackingOnlyXXXXGPS Tracking &Vehicle DiagnosticsXXXXXXXEnergy Exchange: Connect Collaborate Conserve
Government Fleet Management Telematics and RisksPhysical ArchitectureECMENGINECANBUSSECURITYCLUSTERBCMCAN BUSLogical ER))OBDDONGLEw/ TELEMATICSConnected to anExternal ng witha Public NetworkFLEETMANAGERProvidersServersaccessible byAnyone AnywhereWHOELSE?Attack Surface Threats10Energy Exchange: Connect Collaborate Conserve
DHS Cybersecurity forGovernment Vehicles ProgramSoftware Engineering Institute (SEI)/CERT OBD-2 Dongle Testing11Energy Exchange: Connect Collaborate Conserve
SEI/CERT OBD-2 Device Testing ConfigurationWiFi Access PointEttus ResearchSoftware-Defined RadioPower SupplyLinux laptop withOpenBTSSIM cardsBus PirateDevice Under TestAndroid Phones12Energy Exchange: Connect Collaborate Conserve
SEI/CERT OBD-2 Device Testing Configuration (cont’d)WiFi Access PointEttus ResearchSoftware-Defined RadioPower SupplyLinux laptop withOpenBTSSIMcardsBus PirateDevice Under TestAndroid Phones13Energy Exchange: Connect Collaborate Conserve
Software Engineering Institute (SEI) /CERT OBD-2 Device Tests Development / un-configured device (Tested Q1 2016)––––Accepted unauthenticated admin commands via SMSCould load our own, trojaned firmwareUnauthenticated Internet servicesNo encryption in transit Production device (Tested Q1 2017)––––SMS disabledCan no longer force download of trojaned firmwareInternet service appropriately firewalledRemaining risks Inherent cellular vulnerabilities Still no encryption in transit (Man-in-the-middle)14Energy Exchange: Connect Collaborate Conserve
SEI/CERT: OBD-2 Device Tests Methodology Report Explains risks and potential impacts of security problems inOBD-II devices Describes a repeatable methodology for testing the devicesfor the most common security problems and misconfigurations Technical appendices detail how to perform some of thespecialized testing and what equipment is needed– Firmware Updates– Wireless Security15Energy Exchange: Connect Collaborate Conserve
DHS Cybersecurity forGovernment Vehicles Security ProgramTelematics CybersecurityGuidance Development16Energy Exchange: Connect Collaborate Conserve
Cybersecurity Primer for Fleet Managerso Fleet Management Information System (FMIS) is an Information System All Federal Information Systems require Federal Information SecurityManagement Act (FISMA) compliance FISMA requires compliance with NIST standardso Multiple components to the systemVehicleTelematicsCommunicationsManagement SystemDatabaseo Primary responsibility is to protect Government personnel, property, and data17Energy Exchange: Connect Collaborate Conserve
FISMA Compliance / NIST Guidanceo Each Federal Agency Fleet Manager (FM) requires assessments using NIST guidance NIST SP 800-53* for guidance on security control implementation 18 Control families each related to policy, process, technical controlsAccess Control (AC)Identification &Authentication (IA)Personnel Security (PS)Audit & accountability(AU)Incidence Response (IR)Risk Assessment (RA)Awareness & Training (AT)Maintenance (MA)System & Serviceacquisition (SA)Security Assessment &Authorization (CA)Media Protection (MP)System & CommunicationProtection (SC)ConfigurationManagement (CM)Physical & EnvironmentalProtection (PE)System & InformationIntegrity (SI)Contingency Planning (CP)Planning (PL)Program Management(PM)*NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systemsand Organizations, Rev 4 (April 2013). ns/NIST.SP.800-53r4.pdf18Energy Exchange: Connect Collaborate Conserve
FISMA Compliance / NIST Guidanceo19Each Federal Agency Fleet Manager (FM) requires risk assessments using NIST guidance NIST SP 800-53 for guidance on security control implementation 13 Control Families selected Energy Exchange: Connect Collaborate Conserve
FISMA Compliance / NIST Guidance20IDACAccess ControlFAMILYAUCAAudit and accountabilitySecurity Assessment and AuthorizationCMIAConfiguration ManagementIdentification and AuthenticationIRMAPLIncidence ResponseMaintenancePlanningPSPersonnel SecurityRARisk AssessmentSASystem and Service acquisitionSCSystem and Communications ProtectionSISystem and Information IntegrityCONTROLS SELECTEDAC-6 - Least PrivilegeAC-14 - Permitted actions Without Identification or AuthenticationAC-17 - Remote accessAC-18 - Wireless accessAU-2 - Audit EventsCA-6 - Security AuthorizationCA-8 - Penetration TestingCM-7 - Least FunctionalityIA-3 - Device Identification and AuthenticationIA-7 - Cryptographic Module AuthenticationIR-1 - Incident Response Policy and ProceduresMA-2 - Controlled MaintenancePL-2 - System Security PlanPL-8 - Information Security ArchitecturePS-7 - Third-party Personnel SecurityRA-3 - Risk AssessmentRA-5 - Vulnerability ScanningSA-11 - Developer Security Testing and EvaluationSA-12 – Supply Chain ProtectionSC-2 - Application PartitioningSC-7 - Boundary ProtectionSC-13 - Cryptographic ProtectionSC-23 - Session AuthenticitySC-28 - Protection Of Information At RestSC-39 - Process IsolationSI-2 - Flaw RemediationSI-3 - Malicious Code ProtectionSI-5 - Security Alerts, Advisories, And DirectivesSI-7 - Software, Firmware, and Information IntegritySI-10 - Information Input ValidationSI-16 - Memory ProtectionEnergy Exchange: Connect Collaborate Conserve
FISMA Compliance / NIST Guidance (“Firmware Updates” Controls)IDFAMILYCONTROLS SELECTEDACAccess ControlAC-6 - Least PrivilegeAC-14 - Permitted actions Without Identification or AuthenticationAC-17 - Remote accessAC-18 - Wireless accessAUCAAudit and accountabilitySecurity Assessment and AuthorizationCMIAConfiguration ManagementIdentification and AuthenticationIRMAPLIncidence ResponseMaintenancePlanningPSPersonnel SecurityAU-2 - Audit EventsCA-6 - Security AuthorizationCA-8 - Penetration TestingCM-7 - Least FunctionalityIA-3 - Device Identification and AuthenticationIA-7 - Cryptographic Module AuthenticationIR-1 - Incident Response Policy and ProceduresMA-2 - Controlled MaintenancePL-2 - System Security PlanPL-8 - Information Security ArchitecturePS-7 - Third-party Personnel SecurityRARisk AssessmentSASystem and Service acquisitionSCSystem and Communications ProtectionSISystem and Information IntegrityRA-3 - Risk AssessmentRA-5 - Vulnerability ScanningSA-11 - Developer Security Testing and EvaluationSA-12 – Supply Chain ProtectionSC-2 - Application PartitioningSC-7 - Boundary ProtectionSC-13 - Cryptographic ProtectionSC-23 - Session AuthenticitySC-28 - Protection Of Information At RestSC-39 - Process IsolationSI-2 - Flaw RemediationSI-3 - Malicious Code ProtectionSI-5 - Security Alerts, Advisories, And DirectivesSI-7 - Software, Firmware, and Information IntegritySI-10 - Information Input ValidationSI-16 - Memory ProtectionExample Firmware Update Controls21Energy Exchange: Connect Collaborate Conserve
FISMA Compliance / NIST Guidance (“Wireless Security” Controls)IDFAMILYACaccess ControlAUCAAudit and accountabilitySecurity Assessment and AuthorizationCMIAConfiguration ManagementIdentification and AuthenticationIRMAPLIncidence ResponseMaintenancePlanningPSRAPersonnel SecurityRisk AssessmentSASystem and Service acquisitionSCSystem and Communications ProtectionSISystem and Information IntegrityCONTROLS SELECTEDAC-6 - Least PrivilegeAC-14 - Permitted actions Without Identification or AuthenticationAC-17 - Remote accessAC-18 - Wireless accessAU-2 - Audit EventsCA-6 - Security AuthorizationCA-8 - Penetration TestingCM-7 - Least FunctionalityIA-3 - Device Identification and AuthenticationIA-7 - Cryptographic Module AuthenticationIR-1 - Incident Response Policy and ProceduresMA-2 - Controlled MaintenancePL-2 - System Security PlanPL-8 - Information Security ArchitecturePS-7 - Third-party Personnel SecurityRA-3 - Risk AssessmentRA-5 - Vulnerability ScanningSA-11 - Developer Security Testing and EvaluationSA-12 – Supply Chain ProtectionSC-2 - Application PartitioningSC-7 - Boundary ProtectionSC-13 - Cryptographic ProtectionSC-23 - Session AuthenticitySC-28 - Protection Of Information At RestSC-39 - Process IsolationSI-2 - Flaw RemediationSI-3 - Malicious Code ProtectionSI-5 - Security Alerts, Advisories, And DirectivesSI-7 - Software, Firmware, and Information IntegritySI-10 - Information Input ValidationSI-16 - Memory ProtectionExample Wireless Security Controls22Energy Exchange: Connect Collaborate Conserve
Telematics RecommendationTelematics devices/systems are the gateway to the vehicle network and data. To protect the fleet efficiencymanagement system and vehicle it is recommended to:o Protect Communications Between Devices/Systems It is recommended that encryption be implemented to protect all communications external to a deviceo Protect Firmware on Devices/Systems 23It is recommended that the use of digital signatures and encryption are used to both protect firmware on thedevice and authenticate and protect updating of firmware to the deviceEnergy Exchange: Connect Collaborate Conserve
Telematics RecommendationTelematics devices/systems are the gateway to the vehicle network and data. To protect the fleet efficiencymanagement system and vehicle it is recommended to:o Protect Communications Between Devices/Systems It is recommended that encryption be implemented to protect all communications external to a deviceo Protect Firmware on Devices/Systems It is recommended that the use of digital signatures and encryption are used to both protect firmware on thedevice and authenticate and protect updating of firmware to the deviceo Protect Action of Devices/Systems It is recommended that implementation of the principle of least privilege is implemented on all deviceso Protect Integrity of Devices/Systems It is recommended that manufacturers and/or maintainers of devices institute a *vulnerability responseprogram for receiving, implementing, and addressing vulnerabilities discovered or reported in their products* ISO/IEC 29147:2014 Information technology -- Security techniques -- Vulnerability Disclosure) https://www.iso.org/standard/45170.htmlISO/IEC 30111:2013 (Information technology -- Security techniques -- Vulnerability Handling Processes) https://www.iso.org/standard/53231.html24Energy Exchange: Connect Collaborate Conserve
Example Telematics Cybersecurity Risk Assessment QuestionnaireTelematics devices/systems are the gateway to the vehicle network and data. To protect the fleet efficiency management system and vehicle it isrecommended to:25oProtect Communications Between Devices/Systems It is recommended that encryption be implemented to protect all communications external to a deviceoProtect Firmware on Devices/Systems It is recommended that the use of digital signatures and encryption are used to both protect firmware on the device and authenticate and protect updating offirmware to the deviceoProtect Action of Devices/Systems It is recommended that implementation of the principle of least privilege is implemented on all devicesoProtect Integrity of Devices/Systems It is recommended that manufacturers and/or maintainers of devices institute a vulnerability response program for receiving, implementing, and addressingvulnerabilities discovered or reported in their productsEnergy Exchange: Connect Collaborate Conserve
HEAVENS Risk Assessment ProcessHealing Vulnerabilities to Enhance Software Security and Safety (HEAVENS) is an attackercentric type of risk analysis tool utilizing STRIDE* threat definitions to correlate threatswith security attributes* Microsoft’s Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DOS) and Elevation of Privileges(STRIDE): v cs.20).aspx26Energy Exchange: Connect Collaborate Conserve
Available Documents Telematics Cybersecurity Primer for Agencies (June 2017) Telematics Cybersecurity Primer for Agencies – Risk AssessmentQuestionnaire (June 2017) HEAVANS Risk Model and Program Deliverables (April 2016)27Energy Exchange: Connect Collaborate Conserve
Volpe CenterAutomotive CybersecurityR&D Showcase28Energy Exchange: Connect Collaborate Conserve
DHS/Volpe Center Automotive Cybersecurity R&D Showcase(October 18-20, 2016) Federal Programs and Labs Vehicle Cybersecurity Workshop (October 18) - Workshop for federally-fundedAutomotive Cybersecurity Programs (e.g. DHS, NHTSA, DARPA, Army/TARDEC, NIST, TC/DRDC, etc.) andFederal Laboratories (e.g. DOE, DoD, Federally-funded Research and Development Centers-FFRDCs, etc.)– Bring together Federally Funded stakeholders to share information about and collaborate on ongoing and futureGovernment projects in Automotive Cybersecurity– Minimize duplication of efforts in Federal Automotive Cybersecurity R&D– Workshop Report (available on request for Federal or Federal Contractor staff only)29Energy Exchange: Connect Collaborate Conserve
Federal Programs and Labs Vehicle CybersecurityWorkshop - Conclusions Need for continued collaboration between federallaboratories Government Vehicles Telematics Cybersecurity Workshop (tobe held in DC on December 13th 2017) Feasibility study of virtual test vehicles and test benchesEnergy Exchange: Connect Collaborate Conserve
DHS/Volpe Center Automotive Cybersecurity R&D Showcase(October 18-20, 2016) Cont’d Open Source Automotive Cybersecurity Research Tool Forum (October 19-20) – Many automotivecybersecurity Open Source Software (OSS) research tools are in development. Tools support areas: newhardware interfaces, discovery, injection, sniffing, reverse engineering, fuzzing, software defined radio (SDR)and simulation. Forum goals:– Demonstrate the current state of the art in automotive cybersecurity tools on real automobiles– Foster researcher-to-researcher relationships– Share knowledge about cybersecurity research issues and automation challenges– Incentivize increased academic and security researcher interest in automotive cybersecurity– Connect tool developers with collaborators, end users, and potential funding sources– Workshop Report (available on request)31Energy Exchange: Connect Collaborate Conserve
Open Source Automotive Cybersecurity Research Tool Forum - Conclusions Virtual workbenches are needed due to limited vehicle access A growing proliferation of open source tools Open source tools are getting more powerful and sophisticated Open source software/hardware significantly lowers the entry barrier forresearchers “User as developer” model creates positive feedback loop32Energy Exchange: Connect Collaborate Conserve
Open Source Automotive Cybersecurity Research Tool Forum – Next Steps Development of an Open Source OS Tools Portal for use byGovernment researchers, and academia Continuation of the Automotive Cybersecurity R&D Showcasetype of event with more “hands on” activities (e.g. academiatraining classes) Continued outreach to the open source community33Energy Exchange: Connect Collaborate Conserve
Questions34Energy Exchange: Connect Collaborate Conserve
Contact InformationChase GarwoodProgram ManagerDepartment of Homeland SecurityScience and Technology (S&T)HSARPA Cybersecurity Division (CSD)Email: chase.garwood@hq.dhs.govPhone: 202-254-6076Kevin HarnettCybersecurity Program ManagerU.S. Department of TransportationOffice of Research and TechnologyJohn A. Volpe National TransportationSystems Center (Volpe Center)Email: kevin.harnett@dot.govPhone: 617-699-708635Energy Exchange: Connect Collaborate Conserve
The National Transportation Systems Center. Advancing transportation innovation for the public good. U.S. Department of Transportation. Office of the Secretary of Transportation. John A. Volpe National Transportation Systems Center. Principal Investigator (PI): Kevin Harnett. DOT-Volpe Center
Skip Counting Hundreds Chart Skip Counting by 2s, 5s and 10s to 100 Counting to 120 Dot-to-Dot Zoo: Count by 2 #1 Dot-to-Dot Zoo: Tapir Count by 2 Dot-to-Dot Zoo: Antelope Count by 2 Dot-to-Dot Zoo: Count by 2 #2 Dot-to-Dot Zoo: Count by 2 #3 Dot-to-Dot Zoo: Count by 3 Connect the Dots by 5!
left-hand keys contain the following: Dot 1 under the index finger, Dot 2 under the middle finger, dot 3 under the ring finger, and dot 7 under the little finger, while the right-hand contains: Dot 4 under the index finger, Dot 5 under the middle finger, Dot 6 under the ring finger, and Dot 8 under the little finger. These keys are used to .
Connecting the Dots: Understanding the Constellations 5 Constellation Creation Rubric 5 3 1 Constellation Created A new constellation was created. A familiar constellation was created. A constellation was copied. Dot-to-Dot Pattern A dot-to-dot pattern was made and easily seen. A dot-to-dot pattern was made but hard to see. Only a partial dot-
Staniel ss steel /TAN Length 65 – 145 mm Outer diameter 13 mm DHS Emergency Screw Stainless steel Length 50 –145 mm Outer diameter 14 mm Plates DHS plate with DCP holes Used for more than 25 years. Stainless steel / TAN Barrel angle 130 –150 2 to 20 holes Barrel length: standard and short Thickness 5.8 mm
Nov 09, 2017 · NY JFK CURRID KATHLEEN A kathleen.a.currid@cbp.dhs.gov NY Buffalo DIAMOND RICHARD P richard.p.diamond@cbp.dhs.gov NY JFK DISALVO JOSEPH joseph.disalvo@cbp.dhs.gov NY Alexandria Bay ERWIN DARREN R darren.r.erwin@cbp.dhs.gov NY Massena GRANIE DOUGLAS douglas.m.granie@cbp.dhs.gov NY Alexandria Ba
DHS PD 4300A, 5.3.a Audit Trail Content DHS PD 4300A, 5.3.b: Financial/PII Audit Review DHS PD 4300A, 5.3.c: Audit Records and Logs Protection DHS PD 4300A, 5.3.e: Risks from PII DHS PD 4300A, 5.3
Positioned directly above the cursor router buttons is an 8-dot Perkins-style braille keyboard. Going from the center, the left-hand keys contain the following: Dot 1 under the index finger, Dot 2 under the middle finger, dot 3 under the ring finger, and dot 7 under the little finger, while the right-hand contains: Dot 4 under the
Trinitrobenzenesulfonic acid 2508-19-2 DOT Explosive Trinitrobenzoic acid 129-66-8 DOT Explosive Trinitrochlorobenzene [or] Picryl chloride 88-88-0 DOT Explosive . 1,9-dinitroxy pentamethylene-2,4, 6,8-tetramine DOT Forbidden 1-bromo-3-nitrobenzene 585-79-5 DOT Forbidden 2,2-di-(4,4-di-tert-butylperoxycyclohexyl) propane DOT Forbidden .
