Building Security In Podcast: New strategies for managing risk

Episode 3: New strategies for managing risk

Recent history has seen large changes in client expectations, executive views of investment required, and how security programs have matured. This is driven in part by increased client awareness and by evolving attacker methods. Zero trust methods are coming into play in how organizations are responding to some risks, as are “behavioral biometrics” that set a baseline for better authentication. Managing security, including in DevSecOps, means also managing friction, which can actually help speed up some processes. Going forward, organizations need to consider innovative approaches—such as password-less access—and managing legacy environments. What are the big rocks that need to be rolled over to make real progress? Progressing from a BISO role to a CISO to a CSO has introduced evolving challenges in protecting what exists, but also enabling the future in a safe way.

We discuss how the worlds are converging and what it means for an organization.

Guest biography

Keith is the Chief Security Officer for CIBC—the Canadian Imperial Bank of Commerce—with responsibility over a broad range of areas that include Cyber Security, Fraud, Physical Security, Technology Risk Management, and Business Continuity/Disaster Recovery/Crisis Management, as well as Business & Technology Architecture, Enterprise Data, and Analytics and AI. In his previous role, he was the CISO for Ally Financial and before that Keith worked at Bank of America in Global Information Security where he held roles as a Business Information Security Officer as well as in Cyber Threat Intelligence and Customer Protection. He also held roles at BofA focused on technology risk, security, and fraud, as well as authentication, security strategies, and product development. His teams led the effort to define and build the enterprise standards for application security and for vulnerability management and compliance, resulting in the bank's Enterprise Cyber Security strategy. Keith graduated from Anderson University with a Bachelor of Arts degree in Marketing and Mathematics.

Security Considerations from Hardware to Software

It is important to consider security starting from the hardware layer through all the software layers. For example, hardware-specific vulnerabilities may affect a certain chip that is used in millions of devices. In 2020, security researchers identified a vulnerability in a Wi-Fi chip that allows unauthorized decryption of some WPA2-encrypted traffic.

Also critical is considering security during chip design and using appropriate IP building blocks. To enable secure wireless communication on a hardware level, it’s necessary to, for instance, ensure that hardware wireless interfaces are designed with robust protections. Moreover, it is crucial to include a secure hardware root of trust that can support cryptographic functions used to establish secure communication, such as an AES crypto core and secure storage to store cryptographic keys and credentials. In addition, the root of trust can provide secure boot to prevent an attacker from making malicious code or backdoors persistent in a vulnerable system.

Software vulnerabilities can range from the lower layers in the communication stacks to upper layers in the application software and can be caused by design flaws or implementation mistakes. One famous example affecting secure communication is the Heartbleed vulnerability in the OpenSSL cryptographic library. This vulnerability allows an attacker to extract potentially sensitive data such as secret keys, usernames, and passwords from servers running vulnerable versions of OpenSSL. This vulnerability was discovered in 2014 using a fuzz testing tool. Fuzzing as a technique is effective to detect issues in protocol stacks and parsers by providing malformed input to the target system and observing the behavior.

Furthermore, there is an example where custom code in a telematics unit contained a buffer overflow vulnerability allowing an attacker to remotely send exploit code to compromise the system. This type of coding mistake and implementation flaw can generally be detected using static analysis and be avoided by following secure coding guidelines.

Additionally, open-source software (OSS) is often used in communication stacks. The famous Blueborne from 2017, which is a set of vulnerabilities, affected more than eight billion devices, including Android and Linux-based devices. Automotive organizations can manage the usage of OSS communication stacks in their released products using software composition analysis in order to detect and manage known vulnerabilities.

Moreover, besides software implementation flaws, there are several examples of common design issues. For example, communication between a vehicle and the backend system is conducted in plain text, making the communication susceptible to eavesdropping attacks. There have also been examples where network services on vehicles are accessible remotely without any authentication. Additionally, there have been cases where the authentication mechanism has not been properly implemented; for example, it does not verify the receiving certificates properly and is, therefore, susceptible to man-in-the-middle attacks.

Several Bluetooth-enabled automotive systems have in the past used static and fixed PINs such as 0000 and 1234. Some Wi-Fi enabled automotive systems act as hotspots and use fixed SSIDs that are broadcast, which makes it easy to identify and track such vehicles. Other systems automatically connect over Wi-Fi to predefined SSIDs and make them susceptible to the evil twin attack. There are also examples where the randomly generated Wi-Fi passwords are based on low entropy data such as a fixed date, which makes the password susceptible to a brute-force attack. By conducting a TARA (threat analysis and risk assessment) of the target system early in the development lifecycle, it is possible to detect these type of design issues and define appropriate security controls. It may also be possible to detect these types of issues during a penetration test of the automotive system.

As the automotive industry continues to evolve, vehicles will support more advanced use cases based on wireless communication, and it will become increasingly important to consider building secure wireless communication based on a strong hardware foundation and software layers developed following best practices for secure software development.