Cyber and Global Positioning System Vulnerabilities and Mitigation Strategy for Radiological Transport Vehicles

Vehicles are increasingly cyber-physical systems which depend on networked control units and sensors. Consequently, modern transportation faces challenges to ensure security and safety from cyber-attacks. Specifically, modern vehicles include scores of on-board electronic control units (ECUs) communicating over in-vehicle networks to control safety critical systems. While these electronically controlled functions provide vastly improved capabilities such as collision avoidance and wireless connectivity, they also inherently introduce vulnerabilities such as demonstrated in the 2012 Jeep Cherokee attack. Therefore, an assessment was conducted to analyze the global transport security of radiological materials. Several cyber-attack methods were evaluated that included direct access to vehicle electronics, remote attacks via the telematics or head unit, jamming of GPS and/or radio links, and spoofing of communications. These were applied to scenarios including redirecting the driver, disabling the vehicle, stealing the vehicle, and stealing the radiological devices. Common subsystems of a wide variety of relevant vehicles were chosen for in-depth analysis and one attack scenario was experimentally verified. Based on the vulnerability assessment, several mitigation methods were developed. These included: 1) a checklist used at the time of purchase of a vehicle, 2) the development and integration of CAN Bus monitoring tools, the hardening of RF/Telematics interfaces, and the development of embedded software/malware detection tools. This paper will cover general vulnerabilities and mitigation methods. These will span from low-tech adversarial methods to highly sophisticated attack vectors. It will then show how emerging commercial products and best practices augmented by cutting-edge research at ORNL can protect these vehicles.