OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
1
Steve New, Saïd Business School & Hertford College, University of Oxford Tomomi Kito, University of Tsukuba
Abstract
• People commonly believe that manufacturers have plenty of information about the provenance of the components that are used in their products (both hardware and software). In fact, firms often have surprisingly little information on the origin of goods, and workable systems of provenance information management are only now beginning to emerge in some industries. The issue has significant implications when the products have any one of the following three characteristics: they can be controlled remotely; they can harvest data; they can be dynamically engineered. Autonomous cars fit all of three of these, and the solutions to this problem need to go beyond product technology. To produce safe autonomous cars requires a reconfiguration of industry practice, new regulatory systems and rethinking of established socio-economic norms.
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
2
Some security threats
CONTROL
DATA HARVEST
DYNAMIC UPDATE
All these threats get greater as technology moves to autonomous vehicles
Agenda
• Two issues about provenance
– Attributes of Provenance
– Supply networks
• Three issues for supply chain cybersecurity
– Interception/Insertion/Substitution
– Design Infiltration
– Substandard Operation
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
3
ATTRIBUTES OF PROVENANCE
AoPs are characteristics of a physical item which are not practicably tangible, which carry some notion of value or disbenefit to a user or customer, and are a function of the item’s trajectory prior to the user or customer’s experience of/ownership of/ use of the product.
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
4
Maxfield, C. (2007). Actel pioneering new markets for FPGAs in automobiles. EE Times, 27th August http://www.eetimes.com/document.asp?doc_id=1305894
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
5
By definition, AoPs cannot be verified directly by the customer from the item itself, and so must be taken on (some kind of trust) by the customer/user.
This may be personal trust, institutional trust, or systemic trust. • Personal trust means that I believe in the goodwill and
competence of the person who provides me with the information about the AoPs.
• Institutional trust means that I believe in that an institution will behave rationally and honestly because it has a reputation to defend.
• Systemic trust means that I believe some supra-organisational system is in place to provide reliability of AoPs.
ATTRIBUTES OF PROVENANCE
Attributes of Provenance
ETHICAL CULTURAL SAFETY-RELATED ENVIRONMENTAL
Personal trust
I believe in the goodwill and
competence of the person who provides
me with the information about the
AoPs
At the Farmer’s market, I believe the Farmer when
he says the animals are treated well.
I believe the person I meet at
the Science Fiction convention
that this cardboard laser gun was really
used as a prop on the TV show
I believe the person selling me the second-hand bike that he has had it serviced
regularly
At the Farmer’s market, I believe the
Farmer when he says he used no pesticide on the
carrots.
Institutional trust
I believe in that an institution will behave
rationally and honestly because it has a reputation to
defend.
At Sainsbury’s, I believe the firm’s
claims about labour standards
I believe Christie’s endorsement that this painting was really painted by
Chagall
I believe that this children’s garden
toy is safe because Argos are a large
company
I believe Homebase’s claims
about the sustainable nature
of its wood products.
Systemic trust
I believe some supra-organisational system is in place to provide
reliability of AoPs
I believe this Fair Trade label
provides evidence that workers in the supply chain were
treated fairly
I believe that the Appellation
d'Origine Contrôlée mark on this wine
means that it is authentic
I believe this toaster is safe
because it has a “kitemark” safety
label
I believe this Forest Stewardship Council label means that the
wood was sourced from sustainable
forests
ATTRIBUTES OF PROVENANCE
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
6
11
(Kito et al., 2014)
Toyota’s network
World-wide automobile supply network (40,000 firms)
SUPPLY NETWORKS (Kito et al)
12
Other Japanese
OEMs
Overseas
OEMs
Other
clients
Toyota
Tier-1 à Toyota: 580
Tier-2 à Tier-1: 3095
Tier-3 à Tier-2: 151
Intra-tier: 1069 Tier-1
Intra-tier: 469 Tier-2
Tier-3
Intra-tier: 3
Tier-1 à Tier-2: 137
Tier-1 à Tier-3: 13
Tier-2 à Tier-3: 17
2221 937 72
1341
1484
66
1325 3027
197
(a)
Numbers of different types of supply links
Numbers of different types of firms
• Tier-1: 580
• Tier-2: 1476
• Tier-3: 136
• Other Japanese OEMs: 12
• Overseas OEMs: 155
• Other clients: 749
(b)
Kito et al
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
7
What do you know about your supply network?
• Firms often have startlingly little knowledge of suppliers beyond first tier
• Even knowledge of first tier suppliers can be relatively flaky
• Getting knowledge from beyond first tier is not always easy, because dependency (and power) disperse quickly in complex network structures
• Storing knowledge beyond first tier is very difficult indeed.
When people buy stuff, they don’t know exactly what they’re buying, and so they are relying on complex (and often unarticulated) patterns of trust
Attributes of Provenance
When stuff (hardware and software) gets into a car, you can’t always tell what it is, or where it’s come from
Supply Networks
There is very substantial complexity and diversity in network structures, and limited understanding/visibility beyond the first tier
Car firms do not – in general – have a good understanding of their extended networks and have limited ability for detailed command and control of chain.
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
8
• Three issues for supply chain cybersecurity – Interception/Insertion/Substitution
• If the Office of Tailored Access Operations (TAO) can do it…
– Design Infiltration • Insider or Stuxnet-style attack on
hardware/firmware/software at production within extended supply base.
– Substandard Operation • Poor internal processes, or non-adherence to standard
or official procedures.
“A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered.”
Gallagher, S. (2014). Photos of an NSA “upgrade” factory show Cisco router getting implant. Ars Technica, May 14. http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
9
Guin, U., DiMase, D. and Tehranipoor, M. (2014). “Counterfeit integrated circuits: detection, avoidance, and the challenges ahead.” Journal of Electronic Testing 30/1: 9-23. Citing: Cassell J (2012) Reports of counterfeit parts quadruple since 2009. Challenging US Defence Industry and National Security
Conclusions
• Supply chain vulnerability raises far more profound challenges than protecting against straight-forward car-hacking;
• “Magical Black Box” thinking is misleading;
• Fundamental changes in assumptions about regulation, data transparency may be necessary.
OXFORD WORKSHOP ON CYBER RISK AND CONNECTED/AUTONOMOUS VEHICLES
22/02/2016
© Steve New 2016
10
19
Dr Steve New Fellow, Hertford College
Associate Professor of Operations Management,
Saïd Business School, University of Oxford
Mail: Hertford College, Catte St, OX1 3BW UK
http://www.sbs.ox.ac.uk/community/people/steve-new
Twitter: @Steve_New_
01865 288922
Top Related