Moving towards a standardized approach to automotive security engineering

Moving towards a standardized approach to automotive security engineering

Timo van Roermund, Director Automotive Security

Rules for cybersecurity are changing. We’ve seen it come about little by little as the world we live in becomes more and more connected. At the automotive level, the multiplication of new features increases exposure to cyberattacks. At other levels, the growing need for data management has opened up new avenues for attack that caused widespread controversy around the world. We can see how these isolated incidents can have a significant and lasting impact after the effect. The financial news were recently rocked by the recommendation from Moody’s to downgrade a well-known company’s credit rating based on a cybersecurity incident in 2017. This demonstrates the new level of importance that cybersecurity carries and how companies are being upheld to more responsible behaviour in this regard.

The automotive industry has already taken significant steps to improve and has already understood that there needs to be a concerted effort to get this right across the industry, with security that can be scaled up to protect fleets of modern vehicles to the fullest extent. One of the early initiatives taken by the industry to address this global threat, was to establish the Auto-ISAC. This is an industry-driven community that shares and analyzes intelligence about emerging cybersecurity risks to vehicles. It also aims to collectively enhance cybersecurity capabilities across the global automotive industry, in particular by sharing best practices.

The industry is now looking to take the next step and formalize these industry best practices in an automotive cybersecurity engineering standard, forming a common basis from 2020 onwards. The crunch point is being able to shift priorities to create true security-oriented cultures within companies, across the supply chain, to ensure the development of new, more secure products and solutions, following the principle of security-by-design.

ISO/SAE 21434

Originally, ISO tried to integrate cybersecurity into the functional safety standard ISO 26262. Despite similarities between the two topics, it turned out to be too complex to address all aspects adequately within one document. Around the same time, SAE delivered J3061, a cybersecurity guidebook for cyber physical vehicle systems. The ISO and SAE teams later joined forces to create a common standard named ISO/SAE 21434: road vehicles – cybersecurity engineering. It is expected that the standard will be published at the end of 2020 and will replace SAE J3061.

This emerging standard defines a framework that:

  • Ensures a consistent, well defined and robust approach to foster a cybersecurity culture
  • Manages cybersecurity risks across the complete vehicle lifecycle
  • Allows for adaptation to a continually changing threat landscape
  • Creates a cybersecurity management system.

Measures such as a security development lifecycle, risk assessment, vulnerability handling and incident response are included in the scope of the standard. It therefore addresses security in product engineering by design, similar to how ISO 26262 addresses functional safety today.

The crucial piece of this standard is that it focuses on people and processes. The third part of the security triad, technology, is primarily the manufacturer’s responsibility, and an area that should allow for (positive) differentiation; therefore, the standard does not describe specific technology or solutions. It also concentrates its engineering requirements and recommendations on new developments, or modifications to existing systems or components.

UNECE WP.29

There is also continuing alignment with the World Forum for Harmonization of Vehicle Regulations (UNECE WP.29). This investigates whether ISO/SAE 21434 can be used as a baseline for the Cyber Security Management System (CSMS), that will be required as part of the new International Whole Vehicle Type Approval (IWVTA) scheme in the future. Whereby a certified CSMS becomes a prerequisite for vehicle manufacturers and their supply chain to achieve type approval on new vehicles.

NXP’s approach to automotive cybersecurity

Our long-term approach to security and safety has been about developing a security-conscious culture and way of thinking within NXP. Not only do we strive to develop safe and secure products, but we are continuously working to make automotive security an integral part of our engineering process. This is achieved in a number of ways, such as extensive training offerings delivered to teams across the company, but also in engaging with our customers in a security-conscious approach to requirements specification, systems development and product integration.

In fact, as our customers already seek compliance with ISO/SAE 21434, we have accelerated our preparations and how we align to the standard. We anticipate an updated business creation and management process to be certified as compliant in the future. For us this is a natural next step, since we are able to leverage existing processes and know-how from our teams who have worked in traditional security markets for many years.

Achieving this level of integration and awareness around security issues did not develop overnight. Our holistic approach to security has matured over time to the point we are at today. We have a strong organization with clearly defined policies and governance to help prevent security vulnerabilities as much as possible; and to detect, mitigate and fix remaining security vulnerabilities professionally, together with the research community and our partners. We also spend significant effort developing our workforce; this helps us to continue in our endeavor to develop security savvy employees, without whom we cannot develop truly secure products.

As we move towards automated and connected driving, automotive cybersecurity engineering is going to be important to manage the privacy interests of customers and the safety of vehicles on the roads. More than this, having clear methodological approaches for security and functional safety that support and complement one another are vital. Overall safety efforts have evolved over time, to the point we are at today. We are at the cusp of the next stage that finally aligns and combines the approaches to functional safety and automotive security.

Read more about it here.

Timo van Roermund
Timo van Roermund
Timo van Roermund leads NXP’s automotive security team. He has deep expertise in applied security for embedded devices, such as Vehicle-to-X communication systems, in-vehicle networks, architectures and systems, Internet-of-Things appliances, mobile phones and wearable devices. He is a regular speaker at international conferences and is a member of a few program committees (e.g. escar EU). He has made various contributions to industry consortia (Auto ISAC, C2C-CC, …) and to the development of Automotive security standards. Timo earned an MSc degree in Computer Science and Engineering from the Eindhoven University of Technology.

Comments are closed.

Buy now