CyCraft Secures Electric Vehicles

Security by Design With Mobility in Harmony (MIH) Open EV Platform

Taipei, Taiwan — 18 April 2022 — CyCraft Technology, a world-leading cybersecurity firm based in Taiwan, announced at the recent Foxconn Mobility in Harmony (MIH) EV Partner Conference that they will continue to work with MIH on Zero Trust architecture as well as continue to conduct in-depth research and development on cybersecurity solutions regarding security concerns for self-driving cars (autonomous vehicles, AV), electric vehicles (EV), and the Internet of Vehicles (IoV). At the conference, CyCraft conducted a thorough demonstration of its vehicle network detection and response (VDR) capabilities in stopping cyberattacks targeting EVs.

Raising Security Concerns

As the global EV market continues to rise so do cybersecurity concerns — especially with regards to over-the-air (OTA) software update architecture, as it can serve as a major attack vector for malicious cyberattacks targeting EV.

The recently adopted ISO/SAE 21434, UN R155, and UN R156 have set a framework for automotive cybersecurity. As a result, automakers worldwide have begun investing more resources into cybersecurity as well as adopting and integrating the Security by Design concept into their manufacturing and development processes.

Specification 7.3.7 of the UN R155 states that in order to achieve compliance, vehicle manufacturer shall implement measures for the vehicle type to:

• detect and prevent cyberattacks against vehicles of the vehicle type;
• support the monitoring capability of the vehicle manufacturer with regards to detecting threats, vulnerabilities, and cyberattacks relevant to the vehicle type;
• provide data forensic capability to enable analyses of attempted or successful cyberattacks.

Security by Design aims to ensure that the entire design and manufacturing cycle of the car, its hardware, software, systems, cloud, and other in-vehicle equipment are all built and developed with a primary focus on security from the ground up as well as being further subjected to strict cybersecurity testing and verification.

The EVKit Platform

CyCraft and MIH are determined to jointly strengthen cyber resilience in the automotive industry through the EVKit platform from promoting general security standards for supply chain security to securing the safety of each individual driver behind the wheel of an electric vehicle.

As a solution for raising EV cyber resilience, MIH recently launched its MIH EVKit — a software stack for software-defined vehicles (SDV) that provides a universal interface for application developers. By incorporating strict security standards, developers are able to quickly enter and impact the EV market. CyCraft assisted in the development of the network detection and response (NDR), the intrusion detection and prevention system (IDPS), and other information security specifications for the software development kit (SDK).

PK Tsung, CyCraft Co-Founder and CSO

With the rapid development and integration of the Internet of Vehicles (IoV), numerous internet-facing devices, such as IoT or smartphones, have quickly become a standard in vehicles but do not always undergo strict security testing. As a result, the collection, use, storage, and verification of personal data in an open network environment has greatly increased the attack surface. Securing driver privacy and protecting data from being exfiltrated or tampered with has become a top priority for automakers and their supply chains.

“The main difficulty in integrating Security by Design into the current design and manufacturing processes is that for decades the automotive supply chain industry has been prioritizing safety more than security when designing and manufacturing related components. The automotive supply chain has evolved into an international ecosystem that now needs cybersecurity assessment at every step in the process.”
— PK Tsung, CyCraft Co-Founder and CSO

PK Tsung plans to speak more on the challenges and solutions for EV security at CyberSec 2022 — the largest cybersecurity conference in Taiwan.

About MIH Consortium

MIH Consortium is creating an open EV ecosystem that promotes collaboration in the mobility industry. Our mission is to realize key technologies and develop reference designs and standards, while we bridge the gap for alliance members resulting in a lower barrier to entry, accelerated innovation, and shorter development cycles. Our goal is to bring together strategic partners to create innovative solutions for the next generation of EV, autonomous driving, and mobility service applications.

About CyCraft

CyCraft leverages proprietary continuous digital forensic technology to secure government agencies, financial institutions, semiconductor manufacturing, police and defense organizations, Fortune Global 500 firms, airlines, telecommunications, SMEs, and more by being Fast / Accurate / Simple / Thorough.

CyCraft automates information security protection with built-in advanced managed detection and response (MDR), global cyber threat intelligence (CTI), smart threat intelligence gateways (TIG), network detection and response (NDR), security operations center (SOC) operations software, auto-generated incident response (IR) reports, enterprise-wide Health Check (Compromise Assessment, CA), and Secure From Home services. CyCraft also collaborates with other cybersecurity organizations, including the International Forum of Incident Response & Security Teams (FIRST) and the Taiwan Cybersecurity Center of Excellence (CCoE).

Meet your modern cyber defense needs by engaging CyCraft at engage@cycraft.com

Additional Resources

• In early 2022, CyCraft uncovered a months-long supply chain attack targeting the Taiwan financial sector with evidence implicating the Chinese Intelligence Agency, the Ministry of State Security (MSS).
• In early 2020, CyCraft curtailed a year-long attack campaign targeting Taiwan’s semiconductor ecosystem and identified a new China-linked threat group, Chimera.
• In the spring of 2020, a CyCraft incident response (IR) investigation into a government agency breach uncovered Waterbear malware — malware designed and distributed by the China-linked threat group BlackTech.
• In April 2020, CyCraft observed a China-linked threat group use ransomware as a smokescreen for a targeted attack on the CPC Corporation — the largest gasoline supplier in Taiwan. The ransomware was a smokescreen for the attackers’ real objective.
• Out of the 47 Representative AI Startups listed in Gartner’s AI Market Guide, 7 are based in Taiwan, and 5 are based in Hong Kong. But only 1 of the 47 Representative AI Startups focused on cybersecurity products and services — CyCraft.
• Our CyCraft AIR security platform achieved a 96.15% Signal-to-Noise Ratio with zero configuration changes and zero delayed detections straight out of the box.
• Learn more about cybersecurity in our CyCraft Classroom Series. Our latest article, “What is Managed Detection and Response (MDR)?” teaches the benefits of MDR, its unique selling points, and how to make better-informed decisions when choosing an MDR service or vendor.