Timo van Roermund, Director Automotive Security
As the speed of adoption of new vehicle features accelerates, exposure to cyber-attacks increases.
The true wakeup call came with multiple controversial hacks to individual vehicles back in 2015, catapulting the automotive industry into taking swift action.
But the tables are turning. The automotive industry has been trying to get past its bad reputation and has taken significant steps to improve. The highest risk is recognized as being at fleet level, rather than to individual vehicles. This means that there is a vested interest in getting this right across the automotive industry, with security that can be scaled up to protect fleets of modern vehicles to the fullest extent.
One of the early initiatives taken by the industry to address this global threat, was to establish the Auto-ISAC. This is an industry-driven community that shares and analyzes intelligence about emerging cybersecurity risks to vehicles. It also aims to collectively enhance cybersecurity capabilities across the global automotive industry, in particular by sharing best practices.
The industry is now looking to take the next step and formalize these industry best practices in an automotive cybersecurity engineering standard, forming a common basis from 2020 onwards. The crunch point is being able to shift priorities to create true security-oriented cultures within companies, across the supply chain, to ensure the development of new, more secure products and solutions, following the principle of security-by-design.
Originally, ISO tried to integrate cybersecurity into the functional safety standard ISO 26262. Despite similarities between the two topics, it turned out to be too complex to address all aspects adequately within one document. Around the same time, SAE delivered J3061, a cybersecurity guidebook for cyber physical vehicle systems. The ISO and SAE teams later joined forces to create a common standard named ISO/SAE 21434: road vehicles – cybersecurity engineering. It is expected that the standard will be published at the end of 2020 and will replace SAE J3061.
This emerging standard defines a framework that:
- Ensures a consistent, well defined and robust approach to foster a cybersecurity culture
- Manages cybersecurity risks across the complete vehicle lifecycle
- Allows for adaptation to a continually changing threat landscape
- Creates a cybersecurity management system.
Measures such as a security development lifecycle, risk assessment, vulnerability handling and incident response are included in the scope of the standard. It therefore addresses security in product engineering by design, similar to how ISO 26262 addresses functional safety today.
The crucial piece of this standard is that it focuses on people and processes. The third part of the security triad, technology, is primarily the manufacturer’s responsibility, and an area that should allow for (positive) differentiation; therefore, the standard does not describe specific technology or solutions. It also concentrates its engineering requirements and recommendations on new developments, or modifications to existing systems or components.
There is also continuing alignment with the World Forum for Harmonization of Vehicle Regulations (UNECE WP.29). This investigates whether ISO/SAE 21434 can be used as a baseline for the Cyber Security Management System (CSMS), that will be required as part of the new International Whole Vehicle Type Approval (IWVTA) scheme in the future. Whereby a certified CSMS becomes a prerequisite for vehicle manufacturers and their supply chain to achieve type approval on new vehicles.
NXP’s approach to automotive cybersecurity
Our long-term approach to security and safety has been about developing a security-conscious culture and way of thinking within NXP. Not only do we strive to develop safe and secure products, but we are continuously working to make automotive security an integral part of our engineering process. This is achieved in a number of ways, such as extensive training offerings delivered to teams across the company, but also in engaging with our customers in a security-conscious approach to requirements specification, systems development and product integration.
In fact, as our customers already seek compliance with ISO/SAE 21434, we have accelerated our preparations and how we align to the standard. We anticipate an updated business creation and management process to be certified as compliant in the future. For us this is a natural next step, since we are able to leverage existing processes and know-how from our teams who have worked in traditional security markets for many years.
Achieving this level of integration and awareness around security issues did not develop overnight. Our holistic approach to security has matured over time to the point we are at today. We have a strong organization with clearly defined policies and governance to help prevent security vulnerabilities as much as possible; and to detect, mitigate and fix remaining security vulnerabilities professionally, together with the research community and our partners. We also spend significant effort developing our workforce; this helps us to continue in our endeavor to develop security savvy employees, without whom we cannot develop truly secure products.
As we move towards automated and connected driving, automotive cybersecurity engineering is going to be important to manage the privacy interests of customers and the safety of vehicles on the roads. More than this, having clear methodological approaches for security and functional safety that support and complement one another are vital. Overall safety efforts have evolved over time, to the point we are at today. We are at the cusp of the next stage that finally aligns and combines the approaches to functional safety and automotive security.