Cybersecurity Digital Twins: A Novel Automotive Software Solution

summary

As the automotive industry transforms into a data-driven business, software plays a central role in the development and maintenance of vehicles. As the amount of software increases, so do the corresponding cybersecurity risks, responsibilities, and regulations, and traditional methods are no longer suitable for such tasks. As a result, both OEMs and suppliers are struggling to cope with the increasing risks of automotive software.

A new approach to this problem has been proposed - building a digital twin copy of the ECU software to continuously monitor its cybersecurity risk environment. Using this approach, suppliers can fully understand cybersecurity risks and can use it for both operational fleets and vehicles still in the pre-production stage.

Digital Twin

The increased digitization of the manufacturing industry has led to the introduction of digital twins. In the context of Industry 4.0, a twin is a real-time virtual copy of a physical object or process. Using simulation software, a twin can optimize the use and overall business value of the original copy by predicting future behavior and proposing the best course of action. For example, simulations of real turbines are used to proactively identify problems before they actually occur in the real world, which enables system owners to predict failures and eliminate risks in advance.

Digital twins in vehicle software

Simulating automotive software, more specifically ECU firmware, can be a daunting task. Automotive subsystems vary greatly in complexity and architecture. There is a wide variety of CPU architectures, operating systems, frameworks, and flavors used in the industry.

However, such a digital twin could bring many benefits. This technology can be used to test new features, improve performance and diagnose software problems. More importantly, it will allow OEMs and Tier 1 suppliers to try out completely new software concepts or vehicle network architectures and understand their overall impact - whether it is functionality, performance or cybersecurity posture.

Leveraging digital twins for continuous risk assessment

One such new approach is being proposed, with new virtualization and cybersecurity analysis technologies forming a new form of digital twin – the cybersecurity digital twin. These virtual builds are identical to vehicle components, in sync with those used in vehicles on the road and in development. These new assets provide the basis for extensive risk analysis that once required a complete cybersecurity audit by a dedicated team. This analysis is performed on a digital twin – a solution that replicates and emulates the original ECU firmware, using active scanning to proactively identify cyber risks such as vulnerabilities and other flaws.

Cybersecurity digital twins are virtual simulations of original components for continuous risk monitoring. In addition, this new form of digital twins enables entirely new capabilities and benefits that are not possible with traditional risk assessment methods.

Building a Cybersecurity Digital Twin with Cybellum V-Ray

As an innovator in the field of automotive cybersecurity software, Cybellum has productized this new approach to cybersecurity challenges - providing a digital twin model for automotive software risk assessment.

First, the car software image - whether it is ECU or MCU firmware, mobile application, electronic key firmware, is scanned by the Cybellum system. At the core of the Cybellum solution is a unique risk analysis engine called V-Ray. It is designed as an extensible framework for automatic static and dynamic analysis of automotive components.

Next, V-Ray decodes the binary image and maps the contents into a coherent software bill of materials (SBOM), which also maps the operating system, boot image, interfaces, drivers, file system structure, and the complete software stack map.

The underlying application binaries in the image are then used to create a virtual running image of the original software. From this image, the machine-level code paths are dynamically parsed, along with data flows, hardware interfaces, system configuration, boot-time authentication, encryption settings, and many other characteristics and parameters of the component.

The virtual component replica is essentially a digital twin of the original component. All of this happens within the V-Ray solution, which is a highly flexible, 100% software-only solution. V-Ray does not require the ECU hardware itself to perform its evaluations, which reduces the need for proprietary hardware, which is often difficult to obtain during the pre-production phase due to limited availability.

Cybellum V-Monitor, a Cybersecurity Digital Twin

Once the original component becomes a virtualized digital twin, risk assessments can be performed independently of the original component and its software development schedule.

These assessments are comprehensive and ongoing, providing a clear, always-updated view of your entire risk posture, identifying the most current risks for each specific software revision.

The Cybellum V-Monitor solution provides continuously updated risk assessments by repeatedly monitoring digital twin copies. In an ongoing operation, all twin copy versions are monitored and analyzed by specialized scanners, comparing previous findings with newly released threats. In addition, software components of the entire vehicle or even the entire fleet can be monitored. This helps to transform threat intelligence and vulnerability feeds into actionable understanding and impact assessments at the entire fleet level.

Summarize

Digital twins of automotive software provide a new approach to automotive software throughout the vehicle lifecycle. Software twin technology can help OEMs and suppliers optimize and validate their designs, and it can also help improve the operation of existing vehicles on the road.

More specifically, software twin technology offers tremendous benefits for the cybersecurity of ECU firmware. With this technology, risks can be quickly identified, assessed, and remedied, whether for vehicles in the development phase or fleets in operation. Cybellum's Security Suite is one such cybersecurity digital twin solution used to create and monitor such twins for the automotive industry, catering to the needs of OEMs, suppliers, and more.