Automotive Cyber Security – A Glossary of Terms
Our team at Arilou Cyber Security put together this handy glossary to help you make sense of the growing collection of cybersecurity terms.
Making sense of automotive technical terms can be a challenge. Add cyber-security to the mix and you end up with a broad collection of abbreviations and terms that can overwhelm even the most seasoned of engineers.
To help you avoid confusion, the team at Arilou have put together this handy glossary. Covering as many terms as possible, this glossary will help you hold your own in your next automotive cybersecurity meeting. Check back regularly for updates.
Accuracy is a combination of Precision – the solutions ability to identify malicious attacks with the least possible false alarms – and Recall – the actual number of malicious attacks identified. High accuracy means a greater number of attacks detected with fewer false alarms.
Automotive Cyber Security
Automotive cybersecurity is the discipline related to the protection of vehicles against cyber-attack from malicious agents (hackers). Involves securing a vehicle’s IVNs, ECUs, and Cloud connectivity using automotive-grade cyber-security solutions and strategies.
AUTomotive Open Systems ARchitecture – AUTOSAR – is a global partnership of OEMs, suppliers and service providers formed in 2003. Their mission is to develop a standardized vehicle network architecture for intelligent mobility.
Buffer Overflow Attack (BOF)
A buffer overflow attack (BOF) is a memory-based attack in which deliberately malformed messages are sent to a storage (RAM buffer) location of a device. These messages overflow the capacity of that storage location. Overflowing data can overwrite adjacent memory locations causing malfunction or unintended behaviour. This can then be exploited for malicious purposes.
Computer Emergency Response Team (CERT)
A CERT is a group of cyber-security professionals who are on hand to respond to cyber-security emergencies.
A vehicle that contains one or more internet-enabled ECUs or other wireless data transceivers. These connected components allow the vehicle to communicate with devices both inside and outside the vehicle – enabling V2X uses cases, OTA updates and other Cloud-based use cases – but opens the vehicle to cyber-attack.
Controller Area Network (CAN) Bus
A type of IVN developed by Robert Bosch GmbH in the 1980s. Uses a looped bus structure. Developed prior to the connected vehicle, it allows unrestricted communication across the bus. CAN forms the primary IVN in use today, although it’s low bandwidth could see it replaced by Ethernet.
Denial of Service (DoS) Attack
When a hacker attempts to overwhelm a network with fake or malicious messages, making usual operation impossible.
Electronic Control Unit (ECU)
Electronic control units are like mini-computers which control a variety of different processes and features throughout the vehicle – from infotainment and telematics to suites of sensors which monitor braking or measure fuel consumption. ECUs connect directly to the IVN.
Endpoint, in cyber-security, refers to the protection of the endpoint – or functional component – of a network. In the field of automotive cyber-security, this refers to ECUs or other components attached to the IVN.
Automotive Ethernet is a type of IVN based on the BroadR-Reach standard developed by Broadcom as part of the OPEN Alliance SIG. Uses a switched, star-type topology. Ethernet offers greater bandwidth than other IVNs, opening options for V2X and other data-heavy use cases.
Gateways security refers to the protection of connections between IVNs. Gateways enable the flow of traffic in, out, and between networks, and can serve a variety of functions, including filtering (firewalling/whitelisting) or translating between different protocols or data formats.
Industrial Control Systems (ICS)
The term industrial control systems, as the nomenclature would suggest, refers to the various types of control systems and instrumentation used to control industrial processes. These can range from the control valves and pressure gauges, all the way to modern, networked sensors and computer-based monitoring systems.
Information Technology (IT)
The use of computers, telecommunications, server networks, and other associated systems for storing, recalling, and sharing information. IT is used to manage a variety of labour-saving and automated processes throughout many industries.
In-Vehicle Infotainment (IVI)
Housed in head-units, dash, central consoles and driver-facing instrument clusters. Controls systems such as HVAC, digital radio and GPS navigation. Can include USB ports, feature Bluetooth and cellular connections enabling Wi-Fi LAN, SMS and handsfree calling.
In-Vehicle Network (IVN)
The in-vehicle network is a harness consisting of electronic cables that form the central data transfer network of the vehicle. Various network topologies are used to relay ECUmessages throughout the vehicle.
Intrusion Detection System (IDS)
An intrusion detection system is a monitoring system. Usually a software application, hardware, or a combination of both. The IDS monitors the IVN for policy violations and anomalous or malicious traffic. Upon detection, the IDS reports any violation for central collection via a security information and event management system (SIEM).
Intrusion Detection and Prevention System (IDPS)
A combination of IDS and IPS solutions. Consists of software, hardware – or a combination of both – and monitors the IVN for anomalous traffic. Upon detection, it reports anomalies to the SOC for review where prevention can be activated if required.
Intrusion Prevention System (IPS)
An intrusion prevention system is a control system. Usually a software application, hardware, or a combination of both. The IPS prevents data packet delivery in one of two ways; either on the network (IVN) where it stops any malicious or anomalous activity or on the host (ECU) where it blocks any policy violations of anomalous activity.
Latency (of a Cyber Security Solution)
Refers to the speed of detection, or more accurately, the difference in time between the moment the attack happens and the moment a cyber-security solution identifies it as a malicious attack.
The Media Access Control (MAC) address is a unique device identification number that is assigned to hardware connected to a network. The MAC address can be used as a network address for various network types, including Ethernet.
Involves changing factory assigned MAC addresses via vulnerabilities in the software drivers of target hardware.
Managed Cyber Security Service Provider (MSSP)
A managed cybersecurity service provider, or MSSP, is a third-party provider of cyber-security management tools or services. These typically include SIEM software and tools or teams that provide a VSOC service.
Mobility as a Service (MaaS)
MaaS is a commercial response to new technologies that has prompted a shift in consumer tastes – from vehicle ownership to shared ownership services such as Zipcar and Car2Go, or peer-to-peer ride services such as Uber and Lyft.
On-Board Diagnostics Port-II (OBD-II)
The OBD-II port allows direct physical access to the IVN from within the vehicle’s cabin. Allows diagnostic tools – or malicious devices – to be attached to the vehicle. Standard in new model vehicles since the 1990s in the United States of America, and early 2000’s in the European Union.
Operational Technology (OT)
OTA refers to hardware or software updates, performed wirelessly and remotely using a variety of communications methods. These updates can include new configuration settings and/or software patches, which can be distributed from one central location to all users of the target device.
Refers to the network or system resources a cyber-security solution requires to operate. A solution with high overhead can dramatically reduce the performance of the IVN or ECU to which it is deployed.
The Portable Automotive Security Testbed with Adaptability (PASTA) is an opensource cyber-security testing platform. Created and developed by TOYOTA, PASTA can be used to test a vehicle’s vulnerability to hacking.
RTOS stands for Real-Time Operating System.
Supervisory Control and Data Acquisition (SCADA)
SCADA refers to the architecture of control systems which may include, computers and networked serves for communications, graphical user interfaces for data display and management, and various controllers to enable users to interface with industrial plants or machinery.
Security Information Event Management (SIEM)
Refers to cyber-security products and services which combine data storage, inspection and analysis tools. SIEM services aggregate and correlate data from software and hardware cyber-security solutions.
Security Operations Centre (SOC)
Can refer to one of two different definitions. SOC in organisational structure can be a facility where a business’s information systems are monitored, analysed and protected. SOC in technology can be a software program designed to collate SIEM data and present it in a way that is easy to monitor and control.
Software Development Kit (SDK)
A software development kit, or SDK, is a single installable package of software development tools. These tools can range from application programming interfaces (APIs), such as function libraries for specific programming languages, or, as is the case with some cyber-security tools, be more complex and hardware-specific, allowing communication with embedded systems.
Telematics Control Unit (TCU)
These ECUs transmit data between the vehicle and a telematics service provider. This data can include diagnostics, as well as OTA updates and remote commands. Features a GPS unit providing location data, a cellular data connection, and remote access via GPRS and Wi-Fi bearer protocols.
Telematics Gateway Unit (TGU)
A telematics gateway unit, or TGU, is a TCU which incorporates the functions of a gateway ECU.
Tire Pressure Monitoring System (TPMS)
Air pressure sensors located in each tire feed data back to the main TPMS ECU via wireless transceivers. This ECU feeds data to the vehicle control module which aggregates it with other data to manage fuel economy, exhaust emissions, and a host of safety features. Mandatory in new US vehicles since 2008.
V2X covers multiple connected vehicle use cases – from vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V), to vehicle-to-home (V2H) or vehicle-to-grid (V2G). With each use-case potentially needing a different communication method, they greatly widen the surface area for cyber-attack.
Virtual Cyber Security Operations Centre (VSOC)
A virtual cybersecurity operations centre, or VSOC, is a secure, cloud/web-based tool or service provided by a managed security service provider (MSSP). A VSOC differs from a traditional cyber-security operations centre (SOC) in that rather than being a centralised unit located within an often non-specific company department, a VSOC is a dedicated and decentralised tool/team managed by a third-party.
An attack which exploits a software or hardware vulnerability unknown to the OEM, relevant suppliers or security vendors. Day-Zero refers to the first day on which the defending party discovers the vulnerability and begins the mitigation process.