The reality of an all-connected world with interacting autonomous vehicles and heaps of communicating internet of things devices has yet to take effect—but researchers at Argonne National Laboratory are already working to outpace sophisticated cyber threats of the future.
In a conversation with Nextgov Monday, Cybersecurity Analyst Roland Varriale offered an overview of several of the lab’s efforts to secure conventional, autonomous and electric vehicle ecosystems and guard against unseen risks.
“We’re looking at security more holistically—a lot of the time it’s more pigeonholed, almost like whack-a-mole, where we are looking for very specific solutions for very specific problems,” Varriale said. “But I think as a national lab, we should be looking at the larger problems, the more influential problems that drive the industry.”
And across a variety of projects at the Illinois-based research facility, the teams’ work aims to accomplish exactly that. Varriale’s early focus was on defending industrial control systems. Though he doesn’t identify as “a motorhead or anything,” he’s always been fascinated by cars. In his current capacity, the cybersecurity analyst oversees a range of future-facing efforts that gather thinkers with diverse backgrounds to address emerging threats across the mobility space.
“It’s not too much to ask for us to go big—go big or go home—when we are looking at solutions that will exist for a while,” he said. “They’ll be overarching and they are going to be influential.”
For one project, researchers aim to identify all the possible points of compromise in a solar-charged converted gas station housed inside of Argonne. The site is loaded with electric vehicle charging stations and features an energy management system and solar canopies that measure how much energy is produced and distributed.
Partly funded through the Energy Department’s Vehicle Technologies Office, the researchers could create a sort of blueprint for securely deploying such structures. Varriale said the hope is to ensure connections are installed properly and, ultimately, to define the sort of security measures that should be put in place to ensure they won’t be compromised.
“So a person that comes up and wants to charge their vehicle can’t maybe compromise the charging station and then from there pivot inside to the building’s network—and then cause any sort of malicious actions,” he said. Insiders anticipate soon publishing at least one paper on the work.
The mobility-focused teams are embarking on solutions for problems three to five years out and attacks that “could be coming.” In another project, individuals across three divisions—the Math and Computer Science, the Energy Science, and the Strategic Security Science divisions—brought their own expertise to secure cutting-edge vehicle systems from hacking and other dangers. The math division brought unique insight around artificial intelligence and machine learning, the energy sciences division offered domain expertise within the automotive systems and vital information on standardization, and the strategic security sciences division brought important cybersecurity acumen.
“So we were looking at a more holistic way of defending vehicles, from either cyberattacks or malfunctions that could happen within the vehicles themselves,” Varriale said.
Many attacks are presently tailored to specific makes and models of vehicles. But solutions of the future should be more integrated, so the team also continues to look at ways to implement AI and machine learning methods that “play well” within automotive networks. They’re additionally looking at how the budding technology works across cars’ control area network bus, which is essentially the “information super-highway” of the smart vehicle.
A separate team is also working to correlate sensor outputs within vehicles. Essentially, pushing the gas pedal leads to velocity, and when that happens, a bunch of features is signaled to move at a certain time. Right now, if the system fails to complete the work, a signal alerts the user. So, in another paper insiders hope to soon publish, they’ll share research they’re conducting on creating innovative clusters of these signals, which would “significantly raise the bar for attackers,” Varriale said.
“We are looking at building an array of signals that would be much harder to trick the car,” he said.
There’s a lot of promise in the research, which Varriale also noted is being addressed through other work at the University of Michigan’s Transportation Research Institute. He said many Argonne insiders try to go to conferences and share their ideas in information sharing groups regarding the future of the mobility space, but he sees a huge issue in the fact that academia, and cybersecurity and automotive industries still all kind of stay on their own tracks.
“It’s much more beneficial to try to cross-pollinate a lot of these things,” he said. “A lot of those [problems] are broken out into different areas that different labs work on and it’s not incredibly integrated, so we are trying to create a more integrated environment that’s kind of fluid—to go between the physical side and the cyber side—where we have people that can offer answers to different questions that cross domains.”
Insiders are also looking to influence security standards and requirements that are “far down the pipeline,” which they hope developers can eventually take into their product development cycles and accommodate, instead of just insecurely or incorrectly integrating them at the end of their efforts. And across the many projects they embark on, Varriale said he and his colleagues ultimately aim to lay a safer foundation for the inception of autonomous vehicles and the internet of things, and accelerate transformations across the emerging mobility landscape.
“If you don’t shoot high enough, a lot of times you miss,” he said.