For Immediate Release
DHS Science & Technology Press Office
Contact: John Verrico, (202) 254-2385
WASHINGTON – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) awarded $1.4 million to New York University for the development of technology that can help defend government and privately owned vehicles from cyber-attacks. The project titled “Securely Updating Automobiles” was awarded through Broad Agency Announcement HSHQDC-14-R- B00016 and is part of the DHS S&T Cyber Security Division’s larger Cyber Physical Systems Security (CPSSEC) program.
“This is a critical time in the design and deployment of Cyber Physical Systems,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. “Cyber threats are constantly changing, and S&T is working to develop innovative solutions to keep pace with these changes and defend against cyber threats for physical systems such as automobiles.”
Advances in networking, computing, sensing, and control systems have enabled a broad range of Cyber Physical Systems (CPS) devices, including modern vehicles, medical devices, building controls, the smart power grid, and the Internet of Things. Driven by functional requirements and fast moving markets, these systems are being designed and deployed quickly. The design choices being made today will directly impact our nation’s industries and critical infrastructure sectors over the next several decades. S&T’s Cyber Security Division (CSD) recently launched the CPSSEC project that aims to “build security into” emerging CPS designs.
“Modern vehicles contain software with millions of lines of code that require periodic updates just like our computers and smart phones,” said Dr. Dan Massey, S&T CPSSEC Program Manager. “We must be able to safely and securely update the software in our devices, but updates are often inadequately protected. Cyber attacks on CPS in automobiles may have substantial costs, —potentially impacting millions of lives.
The NYU team, led by Prof. Justin Cappos, proposes to design, build, and demonstrate deployment of a practical secure update system for automobiles. The goal is to provide resilience to attacks even if the servers of a dealership, software vendor, or automobile manufacturer are compromised.