Cybersecurity for Commercial Vehicles.

Cover -- Table of Contents -- Foreword to the Reader -- CHAPTER 1 What Do You Mean by Commercial Vehicles and How Did We Happen on This Path of Cybersecurity? -- 1.1 I'm an Engineer and a Strategist -- 1.2 Panel Discussion: Cybersecurity Risks and Policies for Transportation -- 1.3 How Do We Define Commercial Vehicles for This Book? -- 1.4 What I Love about the Cybersecurity World -- 1.5 So, Who Should Read This Book? -- 1.6 And Why You? Why Gloria? -- 1.7 The Contributing Writers -- 1.7.1 Chapter 2: Should We Be Paranoid?-by Doug Britton -- 1.7.2 Chapter 3: What Cybersecurity Standard Work Is Applicable to Commercial Vehicles?-by Lisa Boran and Xin Ye -- 1.7.3 Chapter 4: Commercial Vehicles vs. Automotive Cybersecurity: Commonalities and Differences-by André Weimerskirch, Steffen Becker, and Bill Haas -- 1.7.4 Chapter 5: Engineering for Vehicle Cybersecurity-by Daniel DiMase, Zachary A. Collier, John A. Chandy, Bronn Pav, Kenneth Heffner, and Steve Walters -- 1.7.5 Chapter 6: "When Trucks Stop, America Stops" -- 1.7.6 Chapter 7: On the Digital Forensics of Heavy Truck Electronic Control Modules-by James Johnson, Jeremy Daily, and Andrew Kongs -- 1.7.6.1 Comments on How We Are All Connected -- 1.7.6.2 IoT: The Internet of Things -- 1.7.7 Chapter 8: Telematics Cybersecurity and Governance-by Glenn Atkinson -- 1.7.8 Chapter 9: The Promise of Michigan: Secure Mobility-by Karl Heimer -- 1.7.9 Chapter 10: How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles-by Lee Slezak and Christopher Michelbacher -- 1.7.10 Chapter 11: CALSTART's Cyber Mission: HTUF REDUX-by Michael Ippoliti -- 1.7.11 Chapter 12: Characterizing Cyber Systems-by Jennifer Guild -- 1.7.12 Chapter 13: "…No, We Should Be Prepared"-by Joe Saunders and Lisa Silverman.

1.7.13 Chapter 14: Heavy Vehicle Cyber Security Bulletin -- 1.7.14 Chapter 15: Law, Policy, Cybersecurity, and Data Privacy Issues-by Simon Hartley -- 1.7.15 Chapter 16: Do You Care What Time It Really Is? A Cybersecurity Look Into Our Dependency on GPS-by Gerardo Trevino, Marisa Ramon, Daniel Zajac, and Cameron Mott -- 1.7.16 Chapter 17: Looking Towards the Future-by Gloria D'Anna -- References -- About the Author -- CHAPTER 2 Should We Be Paranoid? -- 2.1 Why Is Cyber So Hard to De-risk? -- 2.2 A Primer on Hacker Economics and Tactics -- 2.2.1 Income Statement -- 2.2.2 Balance Sheet -- 2.2.3 Economic Analysis -- 2.2.4 What about Nation-States? -- 2.2.5 Steps in a Successful Cyber Attack -- 2.2.6 Industrialization of the Attack -- 2.3 Hacker Enterprises and Assets Associated with Commercial Trucking -- 2.3.1 Exploitation Research -- 2.3.2 Asset Development -- 2.3.3 Distribution Development -- 2.4 Potential Cyber Effects in Transportation -- About the Author -- CHAPTER 3 What Cybersecurity Standard Work Is Applicable to Commercial Vehicles? -- 3.1 Background -- 3.2 Standards and Information -- 3.3 SAE/ISO Cybersecurity Standard Development -- 3.3.1 Secure Design -- 3.3.2 Organizational Structure -- 3.4 Conclusions -- About the Authors -- CHAPTER 4 Commercial Vehicle vs. Automotive Cybersecurity: Commonalities and Differences -- 4.1 Introduction -- 4.2 Background -- 4.3 The Automotive and Commercial Vehicle Environment -- 4.3.1 Supply Chain -- 4.3.2 In-Vehicle Network Architecture and Communication -- 4.3.3 Telematics -- 4.3.4 Maintenance and Diagnostics -- 4.3.5 Emerging Technologies -- 4.4 Vehicle Threats and the Cyber Attacker -- 4.4.1 An Evolving Threat Model -- 4.4.2 The Adversary -- 4.4.3 Offensive Techniques -- 4.5 Cybersecurity Approaches and Solutions -- 4.5.1 Legacy Vehicles -- 4.5.2 Network Architectures and Separation.

4.5.3 Secure On-Board Communication -- 4.5.4 Secure Computing Platform -- 4.5.5 Anomaly Monitoring -- 4.5.6 Security Operations Center -- 4.5.7 Secure Firmware Over the Air -- 4.6 Gaps and Conclusions -- References -- About the Authors -- CHAPTER 5 Engineering for Vehicle Cybersecurity -- 5.1 Introduction -- 5.2 Introduction to Cyber-Physical Systems Security -- 5.3 Systems Engineering Perspective to Cyber-Physical Security -- 5.3.1 Areas of Concern -- 5.3.1.1 Electronic and Physical Security -- 5.3.1.2 Information Assurance and Data Security -- 5.3.1.3 Asset Management and Access Control -- 5.3.1.4 Life Cycle and Diminishing Manufacturing Sources and Material Shortages (DMSMS) -- 5.3.1.5 Anti-Counterfeit and Supply Chain Risk Management -- 5.3.1.6 Software Assurance and Application Security -- 5.3.1.7 Forensics, Prognostics, and Recovery Plans -- 5.3.1.8 Track and Trace -- 5.3.1.9 Anti-Malicious and Anti-Tamper -- 5.3.1.10 Information Sharing and Reporting -- 5.3.2 Systems Engineering Modeling -- 5.3.3 Verification and Validation -- 5.4 Conclusions and Recommended Next Steps -- References -- About the Authors -- CHAPTER 6 "When Trucks Stop, America Stops" -- The Food Industry -- Healthcare -- Transportation -- Waste Removal -- The Retail Sector -- Manufacturing -- Banking &amp -- Finance -- Other Effects -- Conclusion -- Case Study: The Effect of Border Delays on Auto Manufacturers Following September 11th -- A Timeline Showing the Deterioration of Major Industries Following a Truck Stoppage -- CHAPTER 7 On the Digital Forensics of Heavy Truck Electronic Control Modules -- 7.1 Introduction -- 7.1.1 Motivation -- 7.1.2 Paper Organization -- 7.2 Digital Forensic Concepts -- 7.2.1 Data Integrity -- 7.2.2 Meaning of the Digital Data from ECMs -- 7.2.2.1 Standards-Based Meaning -- 7.2.2.2 Proprietary Meaning.

7.2.2.3 Daily Engine Usage from DDEC Reports -- 7.2.3 Error Detection and Mitigation -- 7.2.4 Establishing Transparency and Trust -- 7.2.4.1 Baseline of Trust -- 7.2.4.2 ECM Time Stamps -- 7.2.4.3 Current Strategies to Establish Transparency and Trust -- 7.3 Recommendations for Digital Evidence Extraction from Heavy Vehicles -- 7.3.1 Sensor Simulators -- 7.3.2 Write Blockers -- 7.3.3 Authentication Algorithms -- 7.3.4 Forensic Replay Mechanism -- 7.3.5 Journal Preservation -- 7.3.6 Chip Level Forensics -- 7.3.7 Beyond Crash Reconstruction -- 7.4 Summary/Conclusions -- Definitions/Abbreviations -- References -- Contact Information -- Acknowledgments -- A. Appendix -- About the Author -- CHAPTER 8 Telematics Cybersecurity and Governance -- 8.1 Background: Author -- 8.2 Collaboration -- 8.2.1 And So My Journey Begins -- 8.2.2 Classic Electro-Hydraulic-Mechanical Vehicle -- 8.3 Connected Vehicles -- 8.4 Everything Was Coming and Going Along So Well.... -- 8.4.1 Anonymity on the Internet -- 8.5 The Geotab Story: Building a Telematics Platform Resilient to Cyber Threats -- 8.6 Telematics Security: Vehicle to Server via Cellular Communication -- 8.6.1 Cybersecurity Best Practices -- 8.6.2 Secrets -- 8.6.3 Authentication -- 8.7 Cloning of Devices -- 8.8 Eavesdropping -- 8.9 Keep Embedded Code Secure -- 8.10 Enable Hardware Code Protection -- 8.11 Segregation -- 8.12 Disable Debug Features -- 8.12.1 Security Validation -- About the Author -- CHAPTER 9 The Promise of Michigan: Secure Mobility -- 9.1 Governor's Foreword for "The Promise of Michigan" -- 9.2 Introduction -- 9.3 The Cyber Strategy -- 9.4 Laws and Policies -- 9.5 Capability Development -- 9.5.1 TARDEC-MDOT I-69 Platooning Exercise -- 9.5.2 American Center for Mobility -- 9.5.3 Michigan Civilian Cyber Corps -- 9.6 Michigan-Based Education and Training -- 9.7 Conclusion -- About the Author.

CHAPTER 10 How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles -- About the Authors -- CHAPTER 11 CALSTART's Cyber Mission: HTUF REDUX -- References -- About the Authors -- CHAPTER 12 Characterizing Cyber Systems -- 12.1 Introduction -- 12.2 Assessment Models -- 12.2.1 Flaw Models -- 12.2.2 Countermeasure Models -- 12.2.3 Vulnerability Models -- 12.2.4 Threat Models -- 12.2.5 Probability Models -- 12.2.6 Attack Vector Models -- 12.2.7 Impact Models -- 12.2.8 Risk Models -- 12.3 Assessment Methodology -- 12.3.1 Stages -- 12.3.1.1 Initial Exposure to a Cyber System -- 12.3.1.2 System Familiarization -- 12.3.1.3 Assessment -- 12.3.1.4 Data Correlation -- 12.4 Conclusions -- References -- About the Author -- CHAPTER 13 "...No, We Should Be Prepared" -- 13.1 Introduction -- 13.2 What Makes the Rolling Computers You Call a Fleet Vulnerable? -- 13.3 The State of the Threat -- 13.4 Recommendations to Prepare Fleet Managers -- 13.4.1 Protecting Telematics Platform -- 13.4.2 Monitor for Malicious "J1939" Messages -- 13.4.3 Install Intrusion Detection System Across the Fleet -- 13.4.4 Protect Software on ECUs -- 13.4.5 Share Exploits with the Industry -- 13.4.6 Periodically Conduct Penetration Tests -- 13.5 Future Considerations to Advance Preparation Levels -- References -- 13A.1 Appendix A: Runtime Application Self-Protection Examples -- 13B.1 Appendix B: J1939 Overview -- 13C.1 Appendix C: Preventing Malicious Messages on the CAN Bus -- 13C.1.1 The Problem -- 13C.1.2 The Entry Point -- 13C.1.3 The Solution -- About the Authors -- CHAPTER 14 Heavy Vehicle Cyber Security Bulletin -- Develop a CyberSecurity Program -- Protect Your Networks -- Protect Your Vehicles -- Incident Response Plan -- Educate -- Credits and Acknowledgements -- Disclaimers -- Trademarks.

CHAPTER 15 Law, Policy, Cybersecurity, and Data Privacy Issues.

Provides an interesting and dynamic story of how industry is developing solutions that address the critical security issues; the key social, policy, and privacy perspectives; as well as the integrated efforts of industry, academia, and government to shape the current knowledge and future cybersecurity for the commercial vehicle industry.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.