Cover -- Table of Contents -- Foreword to the Reader -- CHAPTER 1 What Do You Mean by Commercial Vehicles and How Did We Happen on This Path of Cybersecurity? -- 1.1 I'm an Engineer and a Strategist -- 1.2 Panel Discussion: Cybersecurity Risks and Policies for Transportation -- 1.3 How Do We Define Commercial Vehicles for This Book? -- 1.4 What I Love about the Cybersecurity World -- 1.5 So, Who Should Read This Book? -- 1.6 And Why You? Why Gloria? -- 1.7 The Contributing Writers -- 1.7.1 Chapter 2: Should We Be Paranoid?-by Doug Britton -- 1.7.2 Chapter 3: What Cybersecurity Standard Work Is Applicable to Commercial Vehicles?-by Lisa Boran and Xin Ye -- 1.7.3 Chapter 4: Commercial Vehicles vs. Automotive Cybersecurity: Commonalities and Differences-by André Weimerskirch, Steffen Becker, and Bill Haas -- 1.7.4 Chapter 5: Engineering for Vehicle Cybersecurity-by Daniel DiMase, Zachary A. Collier, John A. Chandy, Bronn Pav, Kenneth Heffner, and Steve Walters -- 1.7.5 Chapter 6: "When Trucks Stop, America Stops" -- 1.7.6 Chapter 7: On the Digital Forensics of Heavy Truck Electronic Control Modules-by James Johnson, Jeremy Daily, and Andrew Kongs -- 1.7.6.1 Comments on How We Are All Connected -- 1.7.6.2 IoT: The Internet of Things -- 1.7.7 Chapter 8: Telematics Cybersecurity and Governance-by Glenn Atkinson -- 1.7.8 Chapter 9: The Promise of Michigan: Secure Mobility-by Karl Heimer -- 1.7.9 Chapter 10: How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles-by Lee Slezak and Christopher Michelbacher -- 1.7.10 Chapter 11: CALSTART's Cyber Mission: HTUF REDUX-by Michael Ippoliti -- 1.7.11 Chapter 12: Characterizing Cyber Systems-by Jennifer Guild -- 1.7.12 Chapter 13: "…No, We Should Be Prepared"-by Joe Saunders and Lisa Silverman. 1.7.13 Chapter 14: Heavy Vehicle Cyber Security Bulletin -- 1.7.14 Chapter 15: Law, Policy, Cybersecurity, and Data Privacy Issues-by Simon Hartley -- 1.7.15 Chapter 16: Do You Care What Time It Really Is? A Cybersecurity Look Into Our Dependency on GPS-by Gerardo Trevino, Marisa Ramon, Daniel Zajac, and Cameron Mott -- 1.7.16 Chapter 17: Looking Towards the Future-by Gloria D'Anna -- References -- About the Author -- CHAPTER 2 Should We Be Paranoid? -- 2.1 Why Is Cyber So Hard to De-risk? -- 2.2 A Primer on Hacker Economics and Tactics -- 2.2.1 Income Statement -- 2.2.2 Balance Sheet -- 2.2.3 Economic Analysis -- 2.2.4 What about Nation-States? -- 2.2.5 Steps in a Successful Cyber Attack -- 2.2.6 Industrialization of the Attack -- 2.3 Hacker Enterprises and Assets Associated with Commercial Trucking -- 2.3.1 Exploitation Research -- 2.3.2 Asset Development -- 2.3.3 Distribution Development -- 2.4 Potential Cyber Effects in Transportation -- About the Author -- CHAPTER 3 What Cybersecurity Standard Work Is Applicable to Commercial Vehicles? -- 3.1 Background -- 3.2 Standards and Information -- 3.3 SAE/ISO Cybersecurity Standard Development -- 3.3.1 Secure Design -- 3.3.2 Organizational Structure -- 3.4 Conclusions -- About the Authors -- CHAPTER 4 Commercial Vehicle vs. Automotive Cybersecurity: Commonalities and Differences -- 4.1 Introduction -- 4.2 Background -- 4.3 The Automotive and Commercial Vehicle Environment -- 4.3.1 Supply Chain -- 4.3.2 In-Vehicle Network Architecture and Communication -- 4.3.3 Telematics -- 4.3.4 Maintenance and Diagnostics -- 4.3.5 Emerging Technologies -- 4.4 Vehicle Threats and the Cyber Attacker -- 4.4.1 An Evolving Threat Model -- 4.4.2 The Adversary -- 4.4.3 Offensive Techniques -- 4.5 Cybersecurity Approaches and Solutions -- 4.5.1 Legacy Vehicles -- 4.5.2 Network Architectures and Separation. 4.5.3 Secure On-Board Communication -- 4.5.4 Secure Computing Platform -- 4.5.5 Anomaly Monitoring -- 4.5.6 Security Operations Center -- 4.5.7 Secure Firmware Over the Air -- 4.6 Gaps and Conclusions -- References -- About the Authors -- CHAPTER 5 Engineering for Vehicle Cybersecurity -- 5.1 Introduction -- 5.2 Introduction to Cyber-Physical Systems Security -- 5.3 Systems Engineering Perspective to Cyber-Physical Security -- 5.3.1 Areas of Concern -- 5.3.1.1 Electronic and Physical Security -- 5.3.1.2 Information Assurance and Data Security -- 5.3.1.3 Asset Management and Access Control -- 5.3.1.4 Life Cycle and Diminishing Manufacturing Sources and Material Shortages (DMSMS) -- 5.3.1.5 Anti-Counterfeit and Supply Chain Risk Management -- 5.3.1.6 Software Assurance and Application Security -- 5.3.1.7 Forensics, Prognostics, and Recovery Plans -- 5.3.1.8 Track and Trace -- 5.3.1.9 Anti-Malicious and Anti-Tamper -- 5.3.1.10 Information Sharing and Reporting -- 5.3.2 Systems Engineering Modeling -- 5.3.3 Verification and Validation -- 5.4 Conclusions and Recommended Next Steps -- References -- About the Authors -- CHAPTER 6 "When Trucks Stop, America Stops" -- The Food Industry -- Healthcare -- Transportation -- Waste Removal -- The Retail Sector -- Manufacturing -- Banking & -- Finance -- Other Effects -- Conclusion -- Case Study: The Effect of Border Delays on Auto Manufacturers Following September 11th -- A Timeline Showing the Deterioration of Major Industries Following a Truck Stoppage -- CHAPTER 7 On the Digital Forensics of Heavy Truck Electronic Control Modules -- 7.1 Introduction -- 7.1.1 Motivation -- 7.1.2 Paper Organization -- 7.2 Digital Forensic Concepts -- 7.2.1 Data Integrity -- 7.2.2 Meaning of the Digital Data from ECMs -- 7.2.2.1 Standards-Based Meaning -- 7.2.2.2 Proprietary Meaning. 7.2.2.3 Daily Engine Usage from DDEC Reports -- 7.2.3 Error Detection and Mitigation -- 7.2.4 Establishing Transparency and Trust -- 7.2.4.1 Baseline of Trust -- 7.2.4.2 ECM Time Stamps -- 7.2.4.3 Current Strategies to Establish Transparency and Trust -- 7.3 Recommendations for Digital Evidence Extraction from Heavy Vehicles -- 7.3.1 Sensor Simulators -- 7.3.2 Write Blockers -- 7.3.3 Authentication Algorithms -- 7.3.4 Forensic Replay Mechanism -- 7.3.5 Journal Preservation -- 7.3.6 Chip Level Forensics -- 7.3.7 Beyond Crash Reconstruction -- 7.4 Summary/Conclusions -- Definitions/Abbreviations -- References -- Contact Information -- Acknowledgments -- A. Appendix -- About the Author -- CHAPTER 8 Telematics Cybersecurity and Governance -- 8.1 Background: Author -- 8.2 Collaboration -- 8.2.1 And So My Journey Begins -- 8.2.2 Classic Electro-Hydraulic-Mechanical Vehicle -- 8.3 Connected Vehicles -- 8.4 Everything Was Coming and Going Along So Well.... -- 8.4.1 Anonymity on the Internet -- 8.5 The Geotab Story: Building a Telematics Platform Resilient to Cyber Threats -- 8.6 Telematics Security: Vehicle to Server via Cellular Communication -- 8.6.1 Cybersecurity Best Practices -- 8.6.2 Secrets -- 8.6.3 Authentication -- 8.7 Cloning of Devices -- 8.8 Eavesdropping -- 8.9 Keep Embedded Code Secure -- 8.10 Enable Hardware Code Protection -- 8.11 Segregation -- 8.12 Disable Debug Features -- 8.12.1 Security Validation -- About the Author -- CHAPTER 9 The Promise of Michigan: Secure Mobility -- 9.1 Governor's Foreword for "The Promise of Michigan" -- 9.2 Introduction -- 9.3 The Cyber Strategy -- 9.4 Laws and Policies -- 9.5 Capability Development -- 9.5.1 TARDEC-MDOT I-69 Platooning Exercise -- 9.5.2 American Center for Mobility -- 9.5.3 Michigan Civilian Cyber Corps -- 9.6 Michigan-Based Education and Training -- 9.7 Conclusion -- About the Author. CHAPTER 10 How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles -- About the Authors -- CHAPTER 11 CALSTART's Cyber Mission: HTUF REDUX -- References -- About the Authors -- CHAPTER 12 Characterizing Cyber Systems -- 12.1 Introduction -- 12.2 Assessment Models -- 12.2.1 Flaw Models -- 12.2.2 Countermeasure Models -- 12.2.3 Vulnerability Models -- 12.2.4 Threat Models -- 12.2.5 Probability Models -- 12.2.6 Attack Vector Models -- 12.2.7 Impact Models -- 12.2.8 Risk Models -- 12.3 Assessment Methodology -- 12.3.1 Stages -- 12.3.1.1 Initial Exposure to a Cyber System -- 12.3.1.2 System Familiarization -- 12.3.1.3 Assessment -- 12.3.1.4 Data Correlation -- 12.4 Conclusions -- References -- About the Author -- CHAPTER 13 "...No, We Should Be Prepared" -- 13.1 Introduction -- 13.2 What Makes the Rolling Computers You Call a Fleet Vulnerable? -- 13.3 The State of the Threat -- 13.4 Recommendations to Prepare Fleet Managers -- 13.4.1 Protecting Telematics Platform -- 13.4.2 Monitor for Malicious "J1939" Messages -- 13.4.3 Install Intrusion Detection System Across the Fleet -- 13.4.4 Protect Software on ECUs -- 13.4.5 Share Exploits with the Industry -- 13.4.6 Periodically Conduct Penetration Tests -- 13.5 Future Considerations to Advance Preparation Levels -- References -- 13A.1 Appendix A: Runtime Application Self-Protection Examples -- 13B.1 Appendix B: J1939 Overview -- 13C.1 Appendix C: Preventing Malicious Messages on the CAN Bus -- 13C.1.1 The Problem -- 13C.1.2 The Entry Point -- 13C.1.3 The Solution -- About the Authors -- CHAPTER 14 Heavy Vehicle Cyber Security Bulletin -- Develop a CyberSecurity Program -- Protect Your Networks -- Protect Your Vehicles -- Incident Response Plan -- Educate -- Credits and Acknowledgements -- Disclaimers -- Trademarks. CHAPTER 15 Law, Policy, Cybersecurity, and Data Privacy Issues.
Provides an interesting and dynamic story of how industry is developing solutions that address the critical security issues; the key social, policy, and privacy perspectives; as well as the integrated efforts of industry, academia, and government to shape the current knowledge and future cybersecurity for the commercial vehicle industry.