Failure of Trust in Trusted Systems

Abstract

Contrary to the early days in which freedom of access and knowledge for all was a fundamental tenet of the burgeoning internet, today, the internet is a hostile environment. This paper represents that practices of trusted autonomous systems and zero trust must reside both organisationally and in any connected device, and that they will be insufficient to secure any hyperconnected system. For example, in the area of Connected and Autonomous Vehicles (CAV), the emphasis of standards associated with cybersecurity is to protect vehicles from an external attack, particularly where it may have an impact on safety. The Internet of Vehicles (IoV) is a subset of the IoT. Security of the IoT has not been standardised and is applied by proprietary organisations. Little consideration has been given to the IoV not being the target of an attack, but a means to an end. Vehicles necessarily communicate with the infrastructure and other vehicles. Additionally, outsourced organisational systems and third-party components within a complex, interconnected, communicating system renders it impossible to define and secure all endpoints. Malware in any part of the hyperconnected systems, provides opportunities for hackers. The security of the systems is only as strong as its weakest link. As an example of an onward attack, a DDOS attack is a debilitating exhaustion of resources attack that disables intended operation of a system. Formation of a botnet from the IoV for use in onward attacks is hypothesised. Such a botnet could have a global reach. Research has indicated that the complete cleansing of a computer-based botnet could take between 5 and 15 years. However, with decentralised command and control and peer to peer communication, the botnet could remain persistent. It is shown that persistent botnet formation software is readily available on the dark market and that specialist software can be commissioned as Crime as a Service. Organised crime groups have already reverse engineered vehicle systems. Mobile attack platform swarms are an attractive proposition to the malefactor, and with the potential for global reach, perhaps the next step on from ransomware. Intermittent disruption from mobile sources is hard to trace and there is an existing pool of 1.2 billion vehicles.