Cybersecurity in public transportation
The notion of Cybersecurity is very often associated with the hacking of financial or corporate data, but not necessarily with that of vehicles, more particularly within the public transportation sector. And yet, such a flaw does exist, and it was a hacking experiment on a vehicle, carried out in 2015, that fanned the flames. This didn’t concern a public transportation vehicle, but the impact was such that it made a difference in all transportation sectors. Two computer security researchers remotely hacked a Jeep Cherokee, whereas until then this had only been achieved with someone inside the vehicle. The exhaustive video footage shows how the American researchers managed to connect to the vehicle’s data systems, taking control of many functions, including switching off the vehicle’s transmission while it was driving at speed on the motorway. There was no damage to property as this was part of an experiment, but it did cause a lot of concern. Fortunately, these concerns led to regulations requiring manufacturers to ensure IT safety in new vehicles.
How is it possible to hack a vehicle's data systems?
The example above is worrying as the hack was carried out remotely, which implies that the computer network connecting the vehicle to the data server can constitute a gateway for potential hackers, who no longer need to manually connect to a mere socket. Today, we are all surrounded by connected objects, while the IoT (Internet of Things) grows a bit more year on year.
In an urban transportation vehicle, such as a bus, the data pertaining to the vehicle are thus transmitted in real time from sensors via a gateway or communications platform, and are then received by data processing servers. The upstream data serve for the purpose of operating the vehicle, with information on distance travelled, range, downtime, etc. These data are uploaded via the Internet to the operations server.
The downstream data, such as updates to configuration parameters/software, or software patches, etc., are in turn used for vehicle maintenance, for example, and are often implemented via a diagnostics kit in order to access the system. In this case, there are two input ports: the standard “On Board Diagnostic” (OBD) socket, or the communications box.
With two physical inputs and one virtual input allowing access to the vehicle’s data, it is clear that implementing IT security is crucial to avoid any hacks.
What are the risks related to vehicle hacks?
A cyber attack on urban transportation vehicles can easily be compared to a hostage situation, or worse, a terror attack, if the hackers have bad intentions. Hackers could thus take partial or total control of the vehicle and its passengers, and block its doors, with a range of dramatic consequences resulting from the ensuing panic. This is clearly an extreme case, but it’s the most worrisome scenario for operators and public authorities.
Other risks, less tragic but equally dangerous, also need to be considered. Hackers could gain the ability to access the transportation network server via a hacked vehicle, to shut down the entire transportation network, causing widespread panic. Lastly, hackers may simply access the vehicle’s system to send false information and, for instance, steal the vehicle while it still appears to be on the operator’s network.
All these risks are subject to enhanced monitoring by manufacturers, who are implementing a range of security systems to ensure the reliability of their products and meet regulatory requirements (see below).
Within the context of harmonising vehicle regulations (UN-EC WP.29) two new laws were enacted to cover the key topics of Cybersecurity (R155) and software updates (R156).
Regulation R155 is a set of requirements related to cybersecurity. The goal of this regulation is to account for risks, from the vehicle’s design, its operation, to its ultimate decommissionning. These risks concern both the on-board aspect (penetration of buses’ internal communication systems) and the “fixed” aspect (in particular the interception of data originating from the bus, or a direct attack on data storage servers). The measures implemented are subject to an external audit by a recognised state body (UTAC, Bureau Veritas, etc.) to ensure the bus complies with cybersecurity-related requirements. This regulation has been mandatory since 6 July 2022, and from July 2024, all newly-registered vehicles will have to be certified.
Regulation R156 requires bus manufacturers to demonstrate compliance with the new requirements for remotely updating onboard software components. Manufacturers must demonstrate consideration of the cybersecurity risks related to software updates.
These new rules, pursuant to legislation on new vehicle approvals, are also affecting suppliers and other supply chain actors. Indeed, any IT component, or software update, etc. to be used by a manufacturer on a given vehicle, whether it originates from within or outside of the company, requires a set of specific steps, according to the latter’s impact on the vehicle’s approved systems.
How does SAFRA manage cybersecurity on its vehicles?
Data security is a very sensitive subject, and is at the centre of all SAFRA teams’ attention, regardless of the department. We have considered cybersecurity in our Hycity (hydrogen buses) and H2-pack (intercity coach hydrogen retrofit kits) programmes from inception, and we are instructed to avoid any behaviour that could pose a risk. This internal rigour applies equally to our suppliers, who implement high-level security measures.
In a world facing ever more pressing environmental issues, transition
“A stone has no hope of being anything other than