Proposal on Promoting Security Risk Assessment of Intelligent Vehicle Networking
Reason:Proposal on Promoting Security Risk Assessment of Intelligent Vehicle Networking
Review comments:It is recommended that the Ministry of Industry and Information Technology research and handle
Subject heading:Intelligent vehicle networking security, industrial Internet security
Proposal form:personal proposal
1. Problem and cause analysis
Since the founding of the People’s Republic of China 70 years ago, my country’s auto industry has continued to develop and progress, and achieved remarkable results. A complete auto industry system has been formed, and its status and role in the national economy has continued to increase. my country has become the world’s largest auto market.
With the new round of technological revolution and industrial transformation in the world, the integration of automobiles and energy, transportation, information and communications and other fields has accelerated. Various new intelligent and connected vehicles such as autonomous vehicles and unmanned work vehicles have become important carriers of industrial integration and innovation. It is equipped with on-board sensors, controllers, actuators and other devices, which have functions such as complex environment perception, intelligent decision-making, and collaborative control. Huge information security risks and hidden dangers.
According to the system architecture, intelligent networked vehicles can be divided into on-board driving Electronic systems, on-board assistance systems, mobile Internet, vehicle-road coordination systems, and cloud service systems.
The on-board electronic system consists of bus system, data exchange core system, tire pressure monitoring system and other systems. Through testing, it is found that only a small number of imported high-end models have a practical control system protection mechanism. For the vast majority of market models, remote control of the vehicle can be achieved if it is hacked.
In-vehicle auxiliary systems include in-vehicle entertainment systems and in-vehicle communication systems, especially in-vehicle entertainment systems, which are generally ignored. According to the test, the system not only actually processes a large amount of private information of vehicle drivers, but also synchronizes its information to foreign cloud service systems for some models. For example, the data leakage of the in-vehicle assistance system will cause huge hidden dangers to the protection of personal privacy. According to the survey, domestic models generally lack protection of this information.
The in-vehicle communication system is one of the most vulnerable systems for ICVs. This system undertakes the external communication function of ICVs. Similarly, most of the current external network attacks on ICVs and traditional vehicles come from this system. system. The system generally includes at least a wireless communication module. Through the simulation of wireless signals, it has been possible to intrude the access control system of most models and interfere with the vehicle’s external communication system in the experimental environment.
The vehicle-road coordination system is the core system of all kinds of unmanned vehicles, and the traffic safety of vehicles such as unmanned test vehicles and unmanned taxis depends heavily on this system. Although a large number of such systems have been developed in the industry, the vehicle-road collaboration technology is still in the initial stage of development. At present, it has been found that a variety of similar systems at home and abroad have defects such as visual recognition defects, which may cause huge security risks when they are put into practical use.
Mobile Internet is one of the basic technologies of intelligent vehicle networking, and it is also the core of intelligent vehicle network security. Traditional network attack methods such as illegal intrusion, injection, data theft, phishing, pseudo base station attack, DDOS attack and other attack methods can be equally effective on the Internet of Vehicles. For example, by illegally connecting to the Internet of Vehicles and destroying and tampering with on-board electronic data, monitoring software is implanted in the on-board entertainment system for monitoring, and the electronic system loopholes are used to deny the server to attack the vehicle’s electronic system that is paralyzed at high speed. With the popularization of intelligent networked vehicles, the lack of relevant evaluation and detection measures and protection methods will lead to unimaginable consequences.
2. Specific suggestions
It is recommended to carry out normalized information security risk assessment and vehicle information security detection and analysis for the intelligent vehicle network to protect the intelligent vehicle network and traffic safety. Specific recommendations are as follows:
(1) It is recommended that relevant units start or speed up the completion of information related to intelligent connected vehicles, including general technology for information security of intelligent connected vehicles, vehicle gateways, vehicle entertainment systems, vehicle information interaction systems, vehicle remote management and services, and intelligent connected vehicle cloud platforms. Formulate information security standards for important components of intelligent networked vehicles, vehicle-road coordination systems, and intelligent vehicle-connected network systems;
(2) It is recommended to add information security requirements to the “Technical Conditions for Motor Vehicle Operation Safety” to clarify the information security risk assessment requirements and information system and data security requirements of intelligent networked vehicles and vehicle assisted driving systems;
(3) It is recommended to require information security inspection before the sale of important parts of intelligent networked vehicles containing electronic systems, especially those with operating systems;
(4) It is suggested that a comprehensive information security risk assessment must be carried out before putting into use intelligent networked vehicles such as unmanned test vehicles, unmanned taxis, low-size and slow-speed smart devices, traditional vehicles with assisted driving functions, and new energy vehicles. . The evaluation contents are suggested to include at least the vehicle bus system (CAN bus system), vehicle core interaction system (T-BOX system), vehicle electronic entertainment system (IVI system), vehicle smart antenna, vehicle wireless system, vehicle-road coordination system, vehicle-cloud Interactive system, cloud vehicle service system (V2X system), etc.;
(5) It is recommended to establish a normalized information security detection and evaluation mechanism for intelligent networked vehicles such as unmanned test vehicles, unmanned taxis, low-volume and slow-speed smart devices, and electric vehicles. The proposed requirements include that information security assessment must be carried out in the event of major version changes or upgrades of in-vehicle electronic systems or software, major version changes or upgrades of cloud service systems, malicious code or virus outbreaks, vehicles before they are put into use, and annual vehicle inspections;
(6) It is recommended to conduct a risk assessment of the intelligent vehicle network in the demonstration areas and closed pilot areas of various unmanned vehicles, intelligent networked vehicles, low-small and slow-speed intelligent equipment under construction or completed in the country, and form a normalized evaluation mechanism. ;
(7) It is recommended to conduct a comprehensive information security risk assessment in accordance with laws and regulations such as the Cybersecurity Law of the People’s Republic of China and the Regulations on the Protection of Personal Privacy for all foreign imported vehicle models currently on the domestic market, and transfer cloud-based vehicles to cloud-based vehicles according to legal requirements. The service system was moved to China to prevent the leakage of personal privacy information of Chinese citizens.