SYSTEM FOR THE INSPECTION, EVALUATION AND DIAGNOSIS OF THE LEVEL OF CYBERSECURITY OF A VEHICLE

Abstract

A system for the inspection, evaluation and diagnosis of the level of cybersecurity of a vehicle, in particular for electronically managed devices and/or systems, comprising a control server provided with software and data communication means configured for data exchange between the software and the electronic devices present in the vehicle, such that the control server determines the existence or absence of situations of data manipulation based on the data coming from the electronic devices.

Claims

1. A system for the inspection, evaluation and diagnosis of the level of cybersecurity of a vehicle, in particular for electronically managed devices and/or systems present, comprising a control server provided with software and data communication means configured for data exchange between the software and the electronic devices present in the vehicle, such that the control server determines the existence or absence of situations of data manipulation based on the data coming from the electronic devices.

2. The system according to claim 1, wherein the data communication means are of the wired type by means of a physical connection socket.

3. The system according to claim 1, wherein the data communication means are of the wireless type.

4. A method for the inspection, evaluation and diagnosis of the level of cybersecurity of electronically managed devices and/or systems present in a vehicle comprising the steps of: acquiring and analysing data coming from electronically managed devices and/or systems; generating parameters associated with the degree of cybersecurity from the data coming from electronically managed devices and/or systems; and evaluating the related degree of cybersecurity from the obtained parameters.

5. The method according to the claim 4, wherein the generation of parameters associated with the degree of cybersecurity is performed by means of software housed in a control server.

6. The method according to claim 4, further comprising an assessment step based on the set of results of all the tests performed.

7. An installation for a system for the inspection, evaluation and diagnosis according to claim 1, comprising a Faraday cage structure with dimensions suitable for placing a vehicle therein.

8. The method according to claim 5, further comprising an assessment step based on the set of results of all the tests performed.

9. An installation for a system for the inspection, evaluation and diagnosis according to claim 2, comprising a Faraday cage structure with dimensions suitable for placing a vehicle therein.

10. An installation for a system for the inspection, evaluation and diagnosis according to claim 3, comprising a Faraday cage structure with dimensions suitable for placing a vehicle therein.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0040] FIG. 1 is a schematic view of an installation envisaged for applying the system according to the invention.

DESCRIPTION OF A PREFERRED EMBODIMENT

[0041] In view of the mentioned figures, and according to the numbering used, a preferred embodiment of the invention can be seen in said figures, comprising the parts and elements indicated and described in detail below.

[0042] The system for the inspection, evaluation and diagnosis of the level of cybersecurity of a vehicle, in particular for devices, applications and/or systems susceptible to being acted on by a third party, comprises a control server provided with software and data communication means configured for data exchange between the software and the devices, applications and/or systems susceptible to being acted on by a third party, such that the control server determines the existence or absence of situations of data manipulation based on the data coming from the devices, applications and/or systems susceptible to being acted on by a third party.

[0043] With regard to the data communication means, they can be of the wired type by means of a physical connection socket and/or of the wireless type.

[0044] This system involves a method for the inspection, evaluation and diagnosis of the level of cybersecurity of devices, applications and/or systems susceptible to being acted on by a third party present in the vehicle comprising the steps of: [0045] acquiring and analysing data coming from the devices, applications and/or systems susceptible to being acted on by third parties; [0046] generating parameters associated with the degree of cybersecurity from the data coming from the devices, applications and/or systems susceptible to being acted on by third parties; [0047] evaluating the related degree of cybersecurity from the obtained parameters, in which different degrees of cybersecurity are previously established to evaluate the degree of security of the vehicle; and [0048] establishing an assessment—cyber rating—based on the set of results of the evaluation.

[0049] In a preferred embodiment of the invention, the generation of the parameters associated with the degree of cybersecurity is performed by means of software housed in a control server.

[0050] Among other reference elements for establishing the score, or cyber rating, the final assessment will take into account five established levels of cybersecurity: [0051] Minor risk level (maximum level of security): this level would be assigned for cases where minor errors that do not involve any danger for passengers, their privacy and/or the car are detected; [0052] Low risk level (high level of security): this level means that a third party could have access to personal information stored in electronic devices or multimedia systems but not involving a risk for passengers; [0053] Medium risk level (medium level of security): this level would be assigned for those cases in which electronic devices or multimedia systems can be the object of minor remote attacks or serious attacks after accessing the interior of the vehicle; [0054] High risk level (low level of security): this level would correspond with cases in which a third party could easily open the doors of a car, subsequently accessing the ECU to start the engine and/or manipulate parameters and elements which may put the safety of the driver and passengers at risk; and [0055] Critical risk level (critical level of security): this level would be assigned when it is detected that a third party can carry out attacks remotely, which may affect the safety of the driver and passengers (for example: access to the ECU through WiFi or attacks from the Internet in the event that the car has a SIM).

[0056] Together with the levels set forth above, other security parameters of the vehicle obtained through vehicle testing systems and mechanisms and/or through software based on artificial intelligence could also be taken into account to check that any of the mentioned parameters comply with regulations.

[0057] The system described above can be carried out in installations having different areas or rooms, where there can be at least one room for the vehicles (1) and a Faraday cage structure (2) with dimensions suitable for placing a vehicle therein, as schematically depicted in FIG. 1.