Skip to main content

Transportation Cybersecurity

Building security into connected vehicles and intelligent transport systems

The Product

Intelligent systems are everywhere - controlling road and rail infrastructure, improving vehicle performance and enhancing the passenger and driver experience. The proliferation of ECUs etc inside vehicles, interfacing with external data sources including entertainment, GPS, and diagnostics, creates new vulnerabilities and opportunities for cyber-intrusion. A fundamentally fresh and holistic design approach, building security into vehicles and transportation from the ground up, is required.

The Secure Communications Unit (SCU)

A reliable and flexible software platform, powered and hardened by KasperskyOS, that allows motor manufacturers to develop and implement a single secure gateway into connected vehicle ECUs, combining protection against cyber-intrusion with enhanced diagnostic technologies via over-the-air (OTA) links.

Built-in Security at OS level

KasperskyOS is an operating system specifically designed protect diverse and complex embedded systems from the consequences of malicious code, viruses and hacker attacks. This is achieved partly through strong separation and policy enforcement, using trusted and reliable security methodologies and patented techniques.

Transportation Threat Intelligence Services

A range of cybersecurity services for the automotive, rail and wider transportation industry that provide the analysis and information needed to enhance security operations and enable a proactive approach to be taken against advanced threats

The Use

  • The Secure Connected Car

    A more holistic approach to building the secure connected, and soon the driverless, car, based on:

    • The SCU - a single secure gateway between internal ECUs, TCUs etc and the external services and resources with which they interface
    • KasperskyOS, ensuring safe software execution and protecting against random software errors, as well as cyber-intrusion and malware
    • Threat Intelligence Services to help uncover, analyze and rectify any shortcomings in vehicular cybersecurity
  • Rail and Rapid Transit Systems

    The introduction of Communication Based Train Control (CBTC) and European Train Control Systems (ETCS) means manufacturers and transportation system operators must pay even more serious attention to the cybersecurity of locomotive, floor and station automation systems.
    Our rail and rapid transit solutions work on different stages of the base automation components lifecycle – from analysis to managed security services, and from embedded Automatic Train Control to online ticket sales portals.

  • Security Assessment and Penetration Testing

    The Security Assessment and Analysis of:

    • Vehicle internals (ECUs, TCUs, TPMS, RKE, PATS etc) and interfaces
    • Applications, including source code and architecture
    • Cloud-based and datacenter systems with telematics (remote control parking, entertainment, real-time traffic updates  etc)
    • Telecom Client-side security assessment – external communications with connected vehicle service platforms

    Penetration testing, emulating systems bypass approaches by external and internal intruders


Premium Support and Professional Services

Professional help is available whenever you need it. Operating in more than 200 countries, from 34 offices worldwide, we have you covered 24/7/365. Take advantage of our Premium support packages, or call on our Professional Services to ensure that you derive maximum benefit from your Kaspersky security installation.

The Risk

Kaspersky Transportation solutions secures software-based the of connected vehicles and intelligent transport systems against unauthorized access and ongoing damage caused by cyberattacks including:

  • The theft and exploitation of driver and passenger credentials and confidential data

  • The implemention of unauthorized firmware

  • USB and OBD2 based attacks

  • Remote access and attacks via mobile devices

  • Data sniffing and Man-in-the-Middle-attacks

  • The exploitation of software vulnerabilities in generic and industry-specific applications

Related to this Solution