Modern vehicles are essentially computers-on-wheels, operating with an average of 100 million lines of code and 150 control units. Those numbers are on the rise as automakers expand safety, entertainment, navigation, and autonomous driving features. Each of these sensors and connectivity features—from adaptive cruise control to tire pressure monitors to Wi-Fi and GPS—creates a potential opening for cyber attack.
ORNL’s Vehicle Security Center (VSC) brings together expertise and facilities from across the laboratory to address this national transportation challenge. Through the VSC, researchers are focused on assessing potential threat vectors and partnering with industry to engineer secure solutions for new vehicles before they hit the road.
“Predictive assessment is our main focus,” says Stacy Prowell of ORNL’s Cyber Warfare Research Team and acting director of the Vehicle Security Center. “We’ve got a team of researchers with backgrounds in computational sciences, sensors and controls, vehicle systems, and global security who are collaborating to identify threats and to build security features that neutralize them.”
The VSC’s newest facility, the Vehicle Security Laboratory, places cyber experts and award-winning software analysis tools at ORNL’s National Transportation Research Center—in close association with vehicle and manufacturing researchers.
The Vehicle Security Laboratory offers a suite of capabilities to assess cyber vulnerabilities while vehicles are in operation. It includes a full vehicle dynamometer with specialized scanning equipment (CAN communications analysis and ECU calibration tools) in a space with signal isolation, ensuring data integrity.
Hyperion, a tool developed by Prowell and a team from ORNL’s Cyber Warfare Research group, is one such tool. Hyperion was honored by R&D Magazine as one of the top innovations of 2015. The tool leapfrogs past current technologies that search only for known cyber threats; instead, Hyperion analyzes code for all the possible behaviors the code might initiate, reading those behaviors without triggering them. This powerful approach to assessing cyber vulnerabilities employs precise mathematics to uncover the intent buried in the code and eliminate threats proactively.
Other capabilities include: Prototyping, malware discovery, large-scale data analysis, vehicle security assessment for current and future vehicles, anti-temper and encryption devices, authentication and privacy protections, reverse engineering embedded systems, and vehicle-based credential generation.