Car connectivity is an important sales factor, especially in the Asian markets, and is a key component for autonomous driving and data-driven business models. It also means an increased attack surface and an attractive target for malicious players.
As a enabler for these unstoppable developments, cyber security is becoming a necessity throughout the product lifecycle of vehicles and their infrastructure. A recent UNECE press release indicated that it will be mandatory for new production vehicles from 2024.
In the European Union, the new regulation on cyber security will be mandatory for all new vehicle types from July 2022 and will become mandatory for all new vehicles produced from July 2024.
The World Forum for Harmonization of Vehicle Regulations (WP.29) of the United Nations Economic Commission for Europe (UNECE) deals with regulations for Europe and most Asian countries, such as safety belts, lighting and pumps. The concrete implementation of the cybersecurity requirement is a management system – specified in the new ISO / SAE 21434. With a delay due to Covid-19, publication is now expected in early 2021.
ISO / SAE 21434 “Road vehicles – Cybersecurity engineering” is an upcoming international standard, the content of which is the secure development of networked vehicles. Key elements are the establishment of a common terminology and methods for risk assessment in the field of cybersecurity. Overall, this standard enables an industry-wide “Security by Design” approach that does justice to the increasing networking and thus vulnerability of vehicles without neglecting the established methods. The content:
The framework and methods of the automotive cyber security management system were not developed from scratch. They are based on existing automotive standards for software quality management (ASPICE ) and functional safety (ISO 26262). ISO/SAE 21434 also applies architectures across all layers of the vehicle and systems, as well as software testing and work product completeness assessments. However, there are some differences to the previous standards.
In contrast to functional safety, the development lifecycle does not end with the start of production (SOP), but covers the necessary tracking and closing of weak points over the entire product lifecycle. A continous vulnerability and patch management needs to be setup as well as monitoring and incident response process for the emergency case of a recent attack. Since car lifecycles last for decades instead of years (in connection to IT-software or consumer devices), this will create some major challenges in maintenance.
In functional safety a hazard analysis (HARA) is conducted at the beginning of the development lifecycle. However in cybersecurity not a physical hazard is your “opponent” – it is an intelligent attacker. If you want more about Threat Analysis and Risk Assessment (TARA) have a look the corresponding article.
A connected vehicle should be designed as a fortress. A mobile Fort-Knox, so to speak. Intruders should have to overcome many obstacles and various challenges to get to the crown jewels such as customer data or the ability to apply the brakes (which makes passengers hostages of the attacker). Remember that with enough effort and resources this is always possible. The goal should be to make it inefficient and unattractive to attackers.
The threat landscape and attack vectors of a single vehicle are different from those of static or classic IT systems. However, beyond the vehicles a back-end infrastructure and especially a cloud infrastructure is required to provide connected services. In order to cover the picture holistically, the entire ecosystems must be considered.
In the vehicle itself, with the expansion of single-pair/automotive Ethernet away from the CAN bus, increasingly centralized electronics and computing power are becoming more and more similar to IT computer and server systems. TCP/IP stacks in electronic control units and other well-established technologies offer a whole new world of possibilities, but also bring a number of weaknesses. Since millions of cars will be interconnected and a possible malfunction during a cyber attack can have fatal consequences, cyber security must be rethought under these new circumstances.
The actual development and work includes the brakedown of the functional and system architecture into technical features. AUTOSAR provides state of the art implementations and semiconductor / HW vendors can rely on standards such as the EVITA HSM reference. Moreover cryptography, key management and architectural considerations need expertise, which is not common in the automotive world yet.
In integrating existing code or developing it in the organization is crucial to avoid software bugs and vulnerabilities, which represent a major opportunity for attackers to exploit them in the field later on. Coding guidelines and reviews can help to avoid them, in the first place. Static and dynamic testing can discover them later on. The dynamic part it represented by PenetrationTesting or WhiteHacking. The idea is that the good guys find bugs before the bad guys do.
Connectivity is a cornerstone for a new business model and paves the way for autonomous driving. New and existing internet technologies are used in safety-critical areas and require security as a mandatory requirement. Otherwise, revenues and people are exposed to a high risk. The methodology and especially the secure development according to ISO/SAE 21434 builds on existing frameworks, but has some special challenges as written above.
The trend is foreseeable and becomes legally binding through the UNECE regulation. The best way to deal with it is to address it sooner rather than later. In addition, the thinking must go beyond individual cars. Since cars are part of the Internet of Things, the whole ecosystem including backend and road infrastructure is part of the game.
—
I hope you enjoyed reading this article. If Automotive Security and ISO/SAE 21434 is relevant for your organization – please don’t hesitate to check out the corresponding training, schedule an appointment or write my an E-Mail.
All the best, David!