OBJECTIVE: Develop physics-based modeling and simulation of vehicle components and electronics, including virtual emulation of controllers and other devices, for conducting cybersecurity assessments and vulnerability research. DESCRIPTION: In order to mitigate the risk of cybersecurity incidents and their likelihood of occurring it is important to continually perform cybersecurity assessments and vulnerability research on Army vehicles. One objective in performing these kinds of cybersecurity evaluations is searching for vulnerabilities in both hardware and software, as they can significantly impact a vehicle system's cyber resiliency (i.e. the ability to withstand a cyber-attack and recover). However, the tools, techniques, and technologies currently utilized in performing these tasks are insufficient and generate substantial risks, costs, and schedule impacts. Many of the issues related to these testing methods can be attributed to their reliance on physical hardware. Accordingly, a solution that develops vehicle cybersecurity simulation technologies will reduce many of the hardware dependencies seen in evaluating a vehicle system during all phases of its lifecycle. Advanced cybersecurity simulators will also have the added benefit of reducing barriers to entry such as high starting costs and the degree of expertise needed for conducting evaluations. To currently minimize hardware dependency, cybersecurity researchers and engineers are able to evaluate systems by utilizing Hardware-in-the-Loop (HIL) and Software-in-the-Loop (SIL) simulators before performing evaluations on physical vehicles. These simulators are capable of emulating hardware and software components, but have their own drawbacks that can diminish their effectiveness in minimizing hardware dependency. For instance, SIL simulators are designed to run code on simulated hardware representations, based on high-level hardware functions. As such, they are ineffective in simulating hardware and may not provide completely accurate results in software simulations. HIL simulators on the other hand validate the performance and functionality of controllers and other electronic devices, but don't provide many capabilities in performing cybersecurity evaluations. Although HIL simulators emulate simple electronics such as sensors and actuators, they generally do not emulate more complex ones and instead require a physical component to interface with. These drawbacks require extensive evaluations to be performed on physical hardware instead. Many evaluations can be performed in a lab environment using a hardware workstation. This workstation is typically referred to as a test bench setup and incorporates all of the connectors, controllers, and other electronic devices from a vehicle platform. Evidently, this method also has drawbacks with cost and schedule burdens. Firstly, setups lack flexibility, requiring that each platform variant or vehicle model have its own uniquely tailored test bench. Their cumbersome size and lack of portability alone creates logistical burdens in acquiring, transporting, and storing existing setups. All of these issues are reflected in cost and schedule impacts and can multiply for each piece of hardware if there's a need to build a setup from the ground up. To address the capability gaps in performing cybersecurity assessments and vulnerability research, advanced simulation technologies would primarily need to be able to: emulate any and all kinds of controllers or other electronic devices with physics-based modeling and simulation, even down at the component level (e.g. transistors, resistors, capacitors, etc.), and conduct cybersecurity testing for exploits and vulnerabilities to provide additional utility to cybersecurity researchers and engineers. Notably, simulation tools and illustrative visuals can enable non-cybersecurity professionals to better understand cyber resiliency and critical vulnerabilities throughout a component's lifecycle, promoting more secure and safer vehicles for both the automotive industry and the Army. PHASE I: Determine technical feasibility for a software-based solution to simultaneously emulate many vehicle ECUs and other electronics devices of varying complexity (e.g. number of transistors, I/Os, and registers, size of memory, dimensions, etc.). Additionally, the solution should outline the capability of emulating software and firmware for these virtualized controllers and devices. Hardware will be virtualized using physics-based modeling and simulation in order to enable the capability of testing for cyber-attacks that utilize the electromagnetic spectrum and other electrical properties, likely drawing on concepts from electromagnetic simulation technology. Inherently, functionality testing evaluates that a system does what it should while cybersecurity testing evaluates that a system does not do more than it should. This is an important consideration for minimizing the attack surfaces of vehicle systems. As such, the solution should also have the inherent capability of testing for known and unknown functionalities in simulated systems. Design a concept for the solution with open architecture or open-source principles in mind. This flexibility will enable 3rd-party developed systems and components to be seamlessly integrated into the simulator to facilitate and improve various cybersecurity evaluations. Possible use cases include: cybersecurity researchers and engineers uploading tools and reproducible cyber-attacks for conducting cybersecurity assessments and vulnerability research, and Original Equipment Manufacturers (OEMs) uploading their own proprietary controllers and devices in order to conduct cybersecurity evaluations throughout the product development lifecycle. The solution will also outline a common test architecture for integrating known attack scenarios, exploits, and vulnerability scans into the simulator. A common test architecture will improve turnaround times when evaluating system cyber-resiliency against newly discovered vulnerabilities and exploits. PHASE II: Develop the solution to achieve the capabilities outlined in Phase I. Demonstrate that the solution meets the first major milestone of emulating a target ECU, such as a MIL-PRF-32565 Li-ion 6T Battery Management System, and validate the performance against a HIL simulator using the physical ECU. Demonstrate that the solution meets the second major milestone of simulating all hardware-based and software-based systems for a target military platform, such as the Stryker or Joint Light Tactical Vehicle (JLTV). Develop a default library of prevalent hacks, exploits, and cyber-attacks for the simulator. Due to some attacks occurring over a long period of time, the solution must also be capable of simulating systems at different points in time. Many different kinds of cybersecurity evaluations can be performed during a session simulating vehicle systems. The results of a session should be recorded or inserted in a report produced by the simulator to easily document or share the findings of cybersecurity evaluations. Sessions should provide metrics on the cyber resiliency of evaluated systems, the details of any vulnerabilities and their severity, the consequences of exploits, and other system information. The solution will demonstrate the capability of generating physics-based models of controllers and devices from preexisting files and schematics such as transistor diagrams and CAD drawings. An intuitive method of generating models for simulation is necessary for efficiently reevaluating systems after design modifications are made to improve functionality or mitigate existing vulnerabilities. These capabilities will also support the efforts of engineers and developers in evaluating their systems without extensive backgrounds in cybersecurity. Deliverables should include a prototype of the software-based solution and source-code, simulator tools for fuzzing, glitching, and reproducible cyber-attacks, and reports and demonstrations assessing the full capabilities of the solution. PHASE III DUAL USE APPLICATIONS: Expand the capabilities of the solution to simulate different environments and conditions to better reflect the operating environments of Army vehicles. The solution should ultimately be able to conduct cybersecurity evaluations against side-channel and sensor attacks, normally only possible to conduct on physical hardware due to the intricacies and physical properties involved in electronics and the electromagnetic spectrum. For instance, a side-channel attack is designed to pull critical data from electronics through the analysis of hardware power consumption or leaked electromagnetic waves. Physics-based modeling and simulation is necessary in order to emulate these attack scenarios and ultimately reduce hardware dependency for conducting cybersecurity evaluations. Through a combination of sophisticated algorithms and automation, tests could be conducted simultaneously on any number of components, including ports, connections, wires, chips, and devices. Generally, this task is made difficult for even a team of evaluators to perform due to the amount of factors at hand. This simulator would also need to be able to provide developers and engineers, who aren't versed in cybersecurity, the means to evaluate their software and hardware designs against ever expanding libraries of prefabricated cyber-attacks. User training and instructions should be developed to properly utilize this vehicle cybersecurity simulation software. These capabilities would promote the creation of more cyber-resilient systems throughout automotive and defense industries. Automotive companies could easily integrate this simulation technology into their processes for determining the cyber resiliency of their systems. Since tacking on cybersecurity measures becomes more expensive later on in the product development lifecycle, automotive companies could go as far as to require that their suppliers also utilize this solution to perform cybersecurity evaluations early on in development. Likewise, Army components such as Project Managers (PMs) can also implement similar requirements for defense contractors. Due to the flexibility of the solution, similar applications will be displayed in other fields with cyber-physical systems such as in aerospace and industrial control systems. REFERENCES: 1. Cybersecurity and Secure Deployments: Creating Effective Security with Simulation Technology https://www.windriver.com/whitepapers/security/cybersecurity-and-secure-deployments/; 2. Hacking the CAN Bus: Basic Manipulation of a Modern Automobile Through CAN Bus Reverse Engineering https://www.sans.org/reading-room/whitepapers/awareness/hacking-bus-basic-manipulation-modern-automobile-through-bus-reverse-engineering-37825; 3. Automobile CAN Bus Network Security and Vulnerabilities https://canvas.uw.edu/files/47669787/download?download_frd=1; 4. Side-Channel Vulnerabilities of Automobiles http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.680.3844&rep=rep1&type=pdf; 5. Hardware-in-the-Loop (HIL) https://www.ni.com/en-us/innovations/automotive/hardware-in-the-loop.html KEYWORDS: HARDWARE IN THE LOOP, BUS NETWORKS, GROUND VEHICLES, CYBERATTACKS, CYBER-PHYSICAL SYSTEMS, CYBERSECURITY, VULNERABILITY SCANNERS, COMPUTER SIMULATIONS, ELECTROMAGNETIC FIELDS, ELECTRONICS
